On RHEL hosts, CVE information is baked into the yum metadata. On CentOS and Fedora, I'm pretty certain this is not the case. Therefore, we will have to get creative. I think we will have to determine what RPMs are installed, translate them to CPE names, and look them up in the NVD.
On RHEL hosts, CVE information is baked into the yum metadata. On CentOS and Fedora, I'm pretty certain this is not the case. Therefore, we will have to get creative. I think we will have to determine what RPMs are installed, translate them to CPE names, and look them up in the NVD.
Is blocked by: https://github.com/fedoraredteam/rpm2cpe/issues/2 https://github.com/fedoraredteam/rpm2cpe/issues/3