What should I read to better understand how NVTs, CPEs and CVEs?
Or how to judge whether cve in nvt really exists?
Not sure as iām not really understanding the question but here are a few resources about the topics (N)VT, CPE and CVE:
- 14 Managing SecInfo ā Greenbone Enterprise Appliance 22.04.5 documentation
- 14 Managing SecInfo ā Greenbone Enterprise Appliance 22.04.5 documentation
- 14 Managing SecInfo ā Greenbone Enterprise Appliance 22.04.5 documentation
- 21 Glossary ā Greenbone Enterprise Appliance 22.04.5 documentation
- 21 Glossary ā Greenbone Enterprise Appliance 22.04.5 documentation
- 21 Glossary ā Greenbone Enterprise Appliance 22.04.5 documentation
The scanning result is nvt. I want to view the detailed vulnerability cve solution, but Iām not sure whether the cves under nvt are all the vulnerabilities scanned
For example, one cve has ten cves, and Iām not sure these ten are my vulnerabilities
So I want to know the relationship between them
Still not 100% sure if i understood the question completely so answering how i understood it:
As long as a VT is reporting a vulnerability and this VT has e.g. 10 CVEs attached then the target in question is usually affected by all 10 CVEs.
There might be a few edge cases (e.g. Vendor is stating that version < 3.2.1 is affected while the vulnerable code got only introduced in version 2.x) but this hugely depends on the information about affected and fixed versions provided by the Vendor.