|
Common Vulnerability and Exposures[0], or CVE, is a system that provides a reference method for vulnerabilities. A unique identifier is given to every vulnerability along with related information about the vulnerability, how it can affect a system (Common Weakness Enumeration[1] or CWE), how "bad" it is (Common Vulnerability Scoring System or CVSS), and other information from upstream so that users and downstream software developers can determine how their systems may be affected. It is extremely important for libraries and other software that are integrated into other software to receive a CVE number; probably less so in this particular case. When John said that someone had published the vulnerabilities I didn't know if he meant that they had been assigned a CVE number or just that he had received an email (or similar) that showed how the vulnerability could be executed.
toggle quoted message
Show quoted text
[0] [1] 73, Eric WG3K FM18rp Packet: WG3K@WG3K.#SMD.MD.USA.NOAM E-Mail: wg3k@... On Tuesday, August 27th, 2024 at 12:43, Chris Lance WW2BSA <Ww2bsa@...> wrote:
Hmmm...never heard of that....what is a CVE and why is it important?Chris |
