Common Vulnerabilities and Exposures (CVE)

GFI LanGuard is CVE certified. This topic describes how CVE certification is used in GFI LanGuard.

CVE (Common Vulnerabilities and Exposures) is a list of standardized names for vulnerabilities and other information security exposures. Its aim is to standardize the names for all publicly known vulnerabilities and security exposures.

CVE is a dictionary which aim is to facilitate data distribution across separate vulnerability databases and security tools. CVE makes searching for information in other databases easier and should not be considered as a vulnerability database by itself.

CVE is a maintained through a community–wide collaborative effort known as the CVE Editorial Board. The Editorial Board includes representatives from numerous security–related organizations such as security tool vendors, academic institutions, and governments as well as other prominent security experts. The MITRE Corporation maintains CVE and moderates editorial board discussions.

About CVE Compatibility

"CVE–compatible" means that a tool, Web site, database, or service uses CVE names in a way that allows it to cross–link with other repositories that use CVE names. CVE–compatible products and services must meet the four requirements:

Compatibility Description
CVE Searchable A user must be able to search for vulnerabilities and related information using the CVE name.
CVE Output Information provided must include the related CVE name(s).
Mapping The repository owner must provide a mapping relative to a specific version of CVE, and must make a good faith effort to ensure accuracy of that mapping.
Documentation The organization’s standard documentation must include a description of CVE, CVE compatibility, and the details of how its customers can use the CVE–related functionality of its product or service.


For an in–depth understanding of CVE compatibility refer to the complete list of CVE requirements available at

About CVE and CAN

CVE names (also called "CVE numbers," "CVE–IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities. CVE names have "entry" or "candidate" status. Entry status indicates that the CVE name has been accepted to the CVE List while candidate status (also called "candidates," "candidate numbers," or "CANs") indicates that the name is under review for inclusion in the list.

Each CVE name includes the following:


For an in–depth understanding of CVE names and CANs, refer to:

Searching for CVE Entries

CVE entries can be searched from the Scanning profiles node within the Configuration tab.

Searching for CVE information

Searching for CVE information

To search for a particular CVE bulletin:

1. Specify the bulletin name (for example, CVE–2005–2126) in the search tool entry box included at the bottom of the right pane.

2. Click on Find to start searching for your entry.

Obtaining CVE Names

CVE entry names can be obtained through the GFI LanGuard user interface from within the Scanning profiles node within the Configuration tab. By default, the CVE ID is displayed for all the vulnerabilities that have a CVE ID.

Importing and Exporting CVE Data

CVE data can be exported through the impex command line tool. For more information refer to Using impex.exe.