[Secure-testing-team] CVE status
Florian Weimer
fw at deneb.enyo.de
Wed Nov 16 15:52:10 UTC 2005
* Florian Weimer:
> Here's a message I received from NIST. I don't know if the issue has
> been resolved yet.
Here's the update I've just received. So everything should be back to
normal soon.
From: <nvd at nist.gov>
Subject: National Vulnerability Database (Operational Status and New Features)
To: Multiple recipients of list <nvdupdate at nist.gov>
Date: Wed, 16 Nov 2005 10:33:16 -0500 (EST)
Message-Id: <200511161531.jAGFV9mI002649 at smtp.nist.gov>
Reply-To: nvd at nist.gov
The problem with the National Vulnerability Database (NVD) and Common
Vulnerabilities and Exposures (CVE) vulnerability processing system has been
fixed. We added 57 new vulnerabilities and 61 historical vulnerabilities
this morning, will provide another large batch this weekend, and then will
resume our normal publication activity (publishing around 12 new
vulnerabilities per day).
Also, I'll take this opportunity to announce two new NVD features.
The NVD XML download capability has been enhanced with two additional feeds.
1. <http://nvd.nist.gov/download/nvdcve-modified.xml>
http://nvd.nist.gov/download/nvdcve-modified.xml contains the most recently
published CVE vulnerabilities in addition to vulnerabilities that have been
recently updated within NVD.
2. <http://nvd.nist.gov/download/nvdcve-recent.xml>
http://nvd.nist.gov/download/nvdcve-recent.xml contains only the most
recently published CVE vulnerabilities.
These feeds currently contain the last 14 days of additions and/or updates
but this timeframe may change based on user feedback.
In addition, the NVD product dictionary is now available in two forms:
1. <http://nvd.nist.gov/viewvpv.cfm> http://nvd.nist.gov/viewvpv.cfm
provides interactive access to the vendor name, product name, and version
number lists used by NVD.
2. <http://nvd.nist.gov/download/nvd_dictionary.txt>
http://nvd.nist.gov/download/nvd_dictionary.txt is a text file containing
the entire NVD product dictionary. The product dictionary is updated daily.
Note that the NVD product dictionary may not contain all version numbers for
each product. We only include product version numbers that are explicitly
mentioned within NVD vulnerability summaries.
All of the NVD XML feeds and the product dictionary services are available
from the NVD download page at <http://nvd.nist.gov/download.cfm>
http://nvd.nist.gov/download.cfm.
For those of you wondering about the historical vulnerabilities I mentioned
earlier, CVE does research on old vulnerabilities in order to provide a
comprehensive archive. Archival vulnerabilities are given a publish date
corresponding to when the issue actually occurred in order to avoid any
confusion (we don't want a vulnerability from 2002 to be thought of as a new
issue).
Please let us know how we can serve you better.
Peter Mell
NVD Project Lead
<mailto:nvd at nist.gov> nvd at nist.gov
<http://nvd.nist.gov/> http://nvd.nist.gov
To unsubscribe from this mailing list, please send e-mail to
<mailto:listproc at nist.gov> listproc at nist.gov with the words "unsubscribe
nvdupdate" in the body.
More information about the Secure-testing-team
mailing list