What is the CVE (Common Vulnerabilities and Exposures) database for?

CVE (Common Vulnerabilities and Exposures) — is a list of commonly known vulnerabilities and exploits in software and hardware. Each vulnerability in the database has a unique CVE-RRRR-NNNN format identifier, where:

The CVE database is managed by the MITRE Corporation organization. MITRE is a non-profit organization that provides research and development services to the US government and engages in a number of cybersecurity and technology projects.

MITRE works in partnership with the National Institute of Standards and Technology (NIST) and other organizations to manage the CVE database. They provide coordination between cybersecurity researchers, software developers and other stakeholders to identify, verify and publish vulnerability information.

MITRE receives a significant portion of its funding from the U.S. government, including through contract works and grants. As part of these contracts, MITRE provides a variety of services, including research and development in cybersecurity. MITRE also attracts funding through various research projects and grants aimed at increasing the level of cyber security and developing new technologies.

The CVE database is an important tool for cybersecurity researchers, software developers, and system administrators. It allows you to identify known vulnerabilities, assess risks and take measures to eliminate them. To perform penetration tests, using CVE helps to quickly find weaknesses in systems, which increases their security and reduces the risks of attacks.

The publication and maintenance of the CVE database promotes openness and transparency in the field of cyber security, which helps to improve the protection of information systems at the global level. CVE List is actually a vulnerability accounting standard. There are many tools based on information from this database. For example, a GitHub bot that makes a pull-request with updated libraries if a vulnerability has been found in them. Testers use the database to create automatic penetration tests to test the system for vulnerabilities. The process of adding new codes to the database begins with the discovery of a vulnerability that can be found by a cybersecurity researcher, engineer, or other specialist. Once a vulnerability is identified, the professional submits an application for its registration to the appropriate authority administering the CVE database. This authority checks the application, assigns it a unique identifier and adds it to the database. Currently (May 2024) there are CVEs in the database 237,725 various vulnerabilities, information about which can be downloaded from the CVE website, or use the search. This database, by the way, can be used during programming training (for pet projects, etc.) and testing.

A vulnerability in Microsoft's SMBv1 protocol that was used to distribute malware such as WannaCry and NotPetya. EternalBlue allowed an attacker to remotely execute code on the target system. Because of this vulnerability, huge damage has been done around the world.

This is a vulnerability in the OpenSSL library that allowed attackers to read server or client memory, leading to the disclosure of sensitive data such as private keys, passwords, and other sensitive information. Heartbleed has seriously affected the security of many websites and services.

A vulnerability in the Linux kernel that allowed a local user to escalate their privileges and access the system with administrator privileges. Dirty COW was present in the Linux kernel for more than nine years before it was discovered and fixed.

A vulnerability in the Apache Struts framework allowed a remote attacker to execute code on the server. The vulnerability was exploited in the 2017 Equifax attack, resulting in the compromising of personal data of over 143 million people.

A vulnerability in the Drupal content management system that allowed an attacker to execute code on the server. Drupalgeddon 2 has influenced a host of websites that have used this platform.

A vulnerability in the Apache Log4j library used for logging in Java applications allowed a remote attacker to execute arbitrary code on the server. Log4Shell was considered one of the most critical vulnerabilities of recent years due to its widespread distribution and potential impact on many organizations.