vulnerability-lookup icon indicating copy to clipboard operation
vulnerability-lookup copied to clipboard
verified publisher icon cve-search

Vendor n/a if field not populated

Open SteveClement opened this issue 8 months ago • 2 comments

This is potentially an enhancement depending on underlying logic.

When consulting this CVE:

https://vulnerability.circl.lu/vuln/CVE-2024-39225

The vendor is n/a because: https://github.com/CVEProject/cvelistV5/blob/da5a460f6cbabed610913c4182b8fa43d3dd2979/cves/2024/39xxx/CVE-2024-39225.json#L27

I assume this is mostly an extremely badly filed CVE?

The vendor is GL-iNet which can also be seen in the source CVE: https://github.com/CVEProject/cvelistV5/blob/48807a80352540b71eb2e5f0fa18326223dbb91e/cves/2024/39xxx/CVE-2024-39225.json#L70

But this is in the CWE section which contains all the different firmware versions that are vulnerable.

So my question is, does VL use the CWE data of the source json? (Maybe that is not the scope.)

For the same vuln this view is more clear: https://vulnerability.circl.lu/vuln/fkie_cve-2024-39225 the source NVD seems also 'better': https://github.com/fkie-cad/nvd-json-data-feeds/blob/main/CVE-2024/CVE-2024-392xx/CVE-2024-39225.json

SteveClement avatar Apr 24 '25 07:04 SteveClement

Another good example is: https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/25xxx/CVE-2024-25735.json

This in turn gets ingested by: https://observatory.nc3.lu/threat-observatory/

The missing vendor makes it look clumsy on the site pulling data from VL.

SteveClement avatar Apr 24 '25 07:04 SteveClement

The content of each source varies a lot and generally and for new CVEs, cvelistv5 is better, but as you can see, it's not always the case.

We have an issue open on cvelistv5: https://github.com/CVEProject/cvelistV5/issues/6#issuecomment-2522720634

Rafiot avatar Apr 24 '25 09:04 Rafiot