We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I'm running the latest docker image from Dockerhub.
I did go-cve-dictionary fetchnvd -last2y without errors
go-cve-dictionary fetchnvd -last2y
I'm seeing that some CVEs are missing score data, but that data appears on the NVD website.
e.g.
{ "CveID": "CVE-2017-16844", "NvdJSON": { "CveID": "CVE-2017-16844", "Descriptions": [ { "Lang": "en", "Value": "Heap-based buffer overflow in the loadbuf function in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted e-mail message because of a hardcoded realloc size, a different vulnerability than CVE-2014-3618." } ], "Cvss2": { "VectorString": "", "AccessVector": "", "AccessComplexity": "", "Authentication": "", "ConfidentialityImpact": "", "IntegrityImpact": "", "AvailabilityImpact": "", "BaseScore": 0, "Severity": "", "ExploitabilityScore": 0, "ImpactScore": 0, "ObtainAllPrivilege": false, "ObtainUserPrivilege": false, "ObtainOtherPrivilege": false, "UserInteractionRequired": false }, "Cvss3": { "VectorString": "", "AttackVector": "", "AttackComplexity": "", "PrivilegesRequired": "", "UserInteraction": "", "Scope": "", "ConfidentialityImpact": "", "IntegrityImpact": "", "AvailabilityImpact": "", "BaseScore": 0, "BaseSeverity": "", "ExploitabilityScore": 0, "ImpactScore": 0 }, "Cwes": [ { "CweID": "CWE-119" } ], "Cpes": [ { "URI": "cpe:/a:procmail:procmail:3.22", "FormattedString": "cpe:2.3:a:procmail:procmail:3.22:*:*:*:*:*:*:*", "WellFormedName": "wfn:[part=\"a\", vendor=\"procmail\", product=\"procmail\", version=\"3\\.22\", update=ANY, edition=ANY, language=ANY, sw_edition=ANY, target_sw=ANY, target_hw=ANY, other=ANY]", "Part": "a", "Vendor": "procmail", "Product": "procmail", "Version": "3\\.22", "Update": "ANY", "Edition": "ANY", "Language": "ANY", "SoftwareEdition": "ANY", "TargetSW": "ANY", "TargetHW": "ANY", "Other": "ANY", "VersionStartExcluding": "", "VersionStartIncluding": "", "VersionEndExcluding": "", "VersionEndIncluding": "", "EnvCpes": [] } ], "Affects": [ { "Vendor": "procmail", "Product": "procmail", "Version": "3.22" } ], "References": [ { "Source": "", "Link": "http://www.securitytracker.com/id/1039844" }, { "Source": "", "Link": "https://access.redhat.com/errata/RHSA-2017:3269" }, { "Source": "", "Link": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511" }, { "Source": "", "Link": "https://lists.debian.org/debian-lts-announce/2017/11/msg00019.html" }, { "Source": "", "Link": "https://www.debian.org/security/2017/dsa-4041" } ], "PublishedDate": "2017-11-16T15:29:00Z", "LastModifiedDate": "2018-02-04T02:29:00Z" } }
The text was updated successfully, but these errors were encountered:
Successfully merging a pull request may close this issue.
I'm running the latest docker image from Dockerhub.
I did
go-cve-dictionary fetchnvd -last2ywithout errorsI'm seeing that some CVEs are missing score data, but that data appears on the NVD website.
e.g.
The text was updated successfully, but these errors were encountered: