{"id":4145,"date":"2024-06-13T10:05:49","date_gmt":"2024-06-13T02:05:49","guid":{"rendered":"https:\/\/www.aqwu.net\/wp\/?p=4145"},"modified":"2024-06-13T11:17:38","modified_gmt":"2024-06-13T03:17:38","slug":"cve-%e4%ba%8c%e8%bf%9b%e5%88%b6%e5%b7%a5%e5%85%b7-cve-bin-tool","status":"publish","type":"post","link":"https:\/\/www.aqwu.net\/wp\/?p=4145","title":{"rendered":"CVE \u4e8c\u8fdb\u5236\u5de5\u5177 cve-bin-tool"},"content":{"rendered":"\n<p>CCVE \u4e8c\u8fdb\u5236\u5de5\u5177\u662f\u4e00\u4e2a\u514d\u8d39\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u53ef\u5e2e\u52a9\u60a8\u67e5\u627e\u8f6f\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\uff0c\u4f7f\u7528<a href=\"https:\/\/nvd.nist.gov\/\">\u6765\u81ea\u56fd\u5bb6\u6f0f\u6d1e\u6570\u636e\u5e93<\/a>&nbsp;\uff08NVD\uff09&nbsp;<a href=\"https:\/\/en.wikipedia.org\/wiki\/Common_Vulnerabilities_and_Exposures#:~:text=Common%20Vulnerabilities%20and%20Exposures%20(CVE)%20is%20a%20dictionary%20of%20common,publicly%20known%20information%20security%20vulnerabilities.\">\u5e38\u89c1\u6f0f\u6d1e\u548c\u62ab\u9732<\/a>&nbsp;\uff08CVE\uff09 \u5217\u8868\u4e2d\u7684\u6570\u636e\u4ee5\u53ca\u6765\u81ea&nbsp;<a href=\"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\">Redhat<\/a>\u3001<a href=\"https:\/\/osv.dev\/\">\u5f00\u6e90\u6f0f\u6d1e\u6570\u636e\u5e93 \uff08OSV\uff09\u3001<\/a><a href=\"https:\/\/advisories.gitlab.com\/about\/index.html\">Gitlab \u54a8\u8be2\u6570\u636e\u5e93 \uff08GAD\uff09<\/a>&nbsp;\u548c&nbsp;<a href=\"https:\/\/curl.se\/docs\/vuln.json\">Curl<\/a>&nbsp;\u7684\u5df2\u77e5\u6f0f\u6d1e\u6570\u636e\u3002<\/p>\n\n\n\n<p>CVE \u4e8c\u8fdb\u5236\u5de5\u5177\u4f7f\u7528 NVD API\uff0c\u4f46\u672a\u7ecf NVD \u8ba4\u53ef\u6216\u8ba4\u8bc1\u3002<\/p>\n\n\n\n<p>\u4e00\u4e2a\u4e8c\u8fdb\u5236\u626b\u63cf\u7a0b\u5e8f\uff0c\u53ef\u5e2e\u52a9\u60a8\u786e\u5b9a\u54ea\u4e9b\u8f6f\u4ef6\u5305\u53ef\u80fd\u5df2\u4f5c\u4e3a\u8f6f\u4ef6\u7684\u4e00\u90e8\u5206\u5305\u542b\u5728\u5185\u3002\u6709 360 \u4e2a\u8df3\u68cb\u3002\u6211\u4eec\u6700\u521d\u7684\u91cd\u70b9\u662f\u5e38\u89c1\u7684\u3001\u6613\u53d7\u653b\u51fb\u7684\u5f00\u6e90\u7ec4\u4ef6\uff0c\u5982 openssl\u3001libpng\u3001libxml2 \u548c expat\u3002<\/p>\n\n\n\n<p>\u7528\u4e8e\u626b\u63cf\u5404\u79cd\u683c\u5f0f\u7684\u5df2\u77e5\u7ec4\u4ef6\u5217\u8868\u7684\u5de5\u5177\uff0c\u5305\u62ec .csv\u3001\u591a\u4e2a linux \u5206\u53d1\u5305\u5217\u8868\u3001\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u5305\u626b\u63cf\u7a0b\u5e8f\u548c\u591a\u79cd\u8f6f\u4ef6\u7269\u6599\u6e05\u5355 \uff08SBOM\uff09 \u683c\u5f0f\u3002<\/p>\n\n\n\n<p>\u5b83\u65e8\u5728\u7528\u4f5c\u6301\u7eed\u96c6\u6210\u7cfb\u7edf\u7684\u4e00\u90e8\u5206\uff0c\u4ee5\u5b9e\u73b0\u5b9a\u671f\u6f0f\u6d1e\u626b\u63cf\uff0c\u5e76\u5bf9\u4f9b\u5e94\u94fe\u4e2d\u7684\u5df2\u77e5\u95ee\u9898\u63d0\u4f9b\u65e9\u671f\u8b66\u544a\u3002\u5b83\u8fd8\u53ef\u7528\u4e8e\u81ea\u52a8\u68c0\u6d4b\u7ec4\u4ef6\u5e76\u521b\u5efa SBOM\u3002<\/p>\n\n\n\n<p>CVE Binary Tool \u5728\u8fd0\u884c\u65f6\u6267\u884c\u7684\u64cd\u4f5c\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"331\" src=\"https:\/\/www.aqwu.net\/wp\/wp-content\/uploads\/2024\/06\/\u56fe\u7247.png\" alt=\"\" class=\"wp-image-4146\" srcset=\"https:\/\/www.aqwu.net\/wp\/wp-content\/uploads\/2024\/06\/\u56fe\u7247.png 800w, https:\/\/www.aqwu.net\/wp\/wp-content\/uploads\/2024\/06\/\u56fe\u7247-300x124.png 300w, https:\/\/www.aqwu.net\/wp\/wp-content\/uploads\/2024\/06\/\u56fe\u7247-768x318.png 768w, https:\/\/www.aqwu.net\/wp\/wp-content\/uploads\/2024\/06\/\u56fe\u7247-600x248.png 600w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u4e0b\u8f7d CVE \u6570\u636e\uff08\u6765\u81ea NVD\u3001Redhat\u3001OSV\u3001Gitlab \u548c Curl\uff09\u3002\n<ul class=\"wp-block-list\">\n<li>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fd9\u6bcf\u5929\u53d1\u751f\u4e00\u6b21\uff0c\u800c\u4e0d\u662f\u6bcf\u6b21\u8fd0\u884c\u626b\u63cf\u65f6\u90fd\u4f1a\u53d1\u751f\u3002<\/li>\n\n\n\n<li>\u9996\u6b21\u8fd0\u884c\u65f6\uff0c\u4e0b\u8f7d\u6240\u6709\u6570\u636e\u53ef\u80fd\u9700\u8981\u4e00\u4e9b\u65f6\u95f4\u3002<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u521b\u5efa\/\u8bfb\u53d6\u7ec4\u4ef6\u5217\u8868\u3002\u6709\u4e24\u79cd\u64cd\u4f5c\u6a21\u5f0f\uff1a\n<ol class=\"wp-block-list\">\n<li>\u4f7f\u7528\u4e8c\u8fdb\u5236\u68c0\u67e5\u5668\u548c\u8bed\u8a00\u7ec4\u4ef6\u5217\u8868\uff08\u5982 python \u7684requirements.txt\uff09\u7684\u7ec4\u5408\u521b\u5efa\u7ec4\u4ef6\u5217\u8868\uff08\u5305\u62ec\u7248\u672c\uff09\u3002<\/li>\n\n\n\n<li>\u9605\u8bfb SBOM\uff08\u4f7f\u7528\u6807\u51c6\u5316\u8f6f\u4ef6\u7269\u6599\u6e05\u5355\u683c\u5f0f\u7684\u73b0\u6709\u7ec4\u4ef6\u5217\u8868\u3002<\/li>\n<\/ol>\n<\/li>\n\n\n\n<li>\u521b\u5efa CVE \u5217\u8868\n<ul class=\"wp-block-list\">\n<li>\u8fd9\u5c06\u67e5\u627e\u4ece\u73b0\u6709\u7269\u6599\u6e05\u5355\u4e2d\u627e\u5230\u6216\u8bfb\u53d6\u7684\u6240\u6709\u7ec4\u4ef6\uff0c\u5e76\u62a5\u544a\u4e0e\u5b83\u4eec\u76f8\u5173\u7684\u4efb\u4f55\u5df2\u77e5\u95ee\u9898<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u5305\u62ec\u4f1a\u5ba1\/\u9644\u52a0\u6570\u636e\n<ul class=\"wp-block-list\">\n<li>\u6709\u51e0\u4e2a\u9009\u9879\u53ef\u7528\u4e8e\u6dfb\u52a0\u5206\u7c7b\/\u6ce8\u91ca\u3001\u4ee5\u524d\u62a5\u544a\u4e2d\u7684\u4fe1\u606f\u4ee5\u8ddf\u8e2a\u6f0f\u6d1e\u968f\u65f6\u95f4\u7684\u53d8\u5316\u6216\u5df2\u77e5\u7684\u4fee\u590d\u6570\u636e<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>\u751f\u6210\u4e00\u79cd\u6216\u591a\u79cd\u683c\u5f0f\uff08\u63a7\u5236\u53f0\u3001json\u3001csv\u3001html\u3001pdf\uff09\u7684\u62a5\u544a<\/li>\n<\/ol>\n\n\n\n<p>\u6709\u5173\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605\u6211\u4eec\u7684<a href=\"https:\/\/cve-bin-tool.readthedocs.io\/en\/latest\/\">\u6587\u6863<\/a>\u6216\u6b64<a href=\"https:\/\/cve-bin-tool.readthedocs.io\/en\/latest\/README.html\">\u5feb\u901f\u5165\u95e8\u6307\u5357<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5b89\u88c5 CVE \u4e8c\u8fdb\u5236\u5de5\u5177<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#installing-cve-binary-tool\"><\/a><\/p>\n\n\n\n<p>\u53ef\u4ee5\u4f7f\u7528 pip \u5b89\u88c5 CVE \u4e8c\u8fdb\u5236\u5de5\u5177\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">pip install cve-bin-tool<\/pre><\/div>\n\n\n\n<p>\u5982\u679c\u4f60\u60f3\u5c1d\u8bd5&nbsp;<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\">cve-bin-tool github<\/a>&nbsp;\u4e0a\u7684\u6700\u65b0\u4ee3\u7801\u6216\u8fdb\u884c\u5f00\u53d1\uff0c\u4f60\u4e5f\u53ef\u4ee5\u4ece\u76ee\u5f55\u5b89\u88c5\u672c\u5730\u526f\u672c\u3002<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/CONTRIBUTING.md\">\u8d21\u732e\u8005\u6587\u6863<\/a>\u66f4\u8be6\u7ec6\u5730\u4ecb\u7ecd\u4e86\u5982\u4f55\u4e3a\u672c\u5730\u5f00\u53d1\u8fdb\u884c\u8bbe\u7f6e\u3002<code>pip install --user -e .<\/code><\/p>\n\n\n\n<p>Pip \u5c06\u4e3a\u60a8\u5b89\u88c5 python \u8981\u6c42\uff0c\u4f46\u5bf9\u4e8e\u67d0\u4e9b\u7c7b\u578b\u7684\u63d0\u53d6\uff0c\u6211\u4eec\u4f7f\u7528\u7cfb\u7edf\u5e93\u3002\u5982\u679c\u60a8\u5728\u63d0\u53d6\u6587\u4ef6\u65f6\u9047\u5230\u56f0\u96be\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u67e5\u770b\u6211\u4eec<a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#additional-requirements\">\u9488\u5bf9 Linux \u548c Windows \u7684\u5176\u4ed6\u8981\u6c42\u5217\u8868<\/a>\u3002<\/p>\n\n\n\n<p>\u9996\u6b21\u4f7f\u7528\u65f6\uff08\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u6bcf\u5929\u4e00\u6b21\uff09 \u8be5\u5de5\u5177\u5c06\u4ece<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/MANUAL.md#data-sources\">\u4e00\u7ec4\u5df2\u77e5\u7684\u6f0f\u6d1e\u6570\u636e\u6e90<\/a>\u4e0b\u8f7d\u6f0f\u6d1e\u6570\u636e\u3002\u7531\u4e8e NVD \u7684\u53ef\u9760\u6027\u95ee\u9898\uff0c\u4ece 3.3 \u7248\u5f00\u59cb\uff0c\u6211\u4eec\u5c06\u9ed8\u8ba4<a href=\"https:\/\/cveb.in\/\">\u4f7f\u7528\u6211\u4eec\u81ea\u5df1\u7684 NVD<\/a>&nbsp;\u955c\u50cf https:\/\/cveb.in\/\uff0c\u800c\u4e0d\u662f\u76f4\u63a5\u8054\u7cfb NVD\u3002\u5982\u679c\u60a8\u5e0c\u671b\u76f4\u63a5\u4ece NVD \u670d\u52a1\u5668\u83b7\u53d6\u6570\u636e\uff0c\u5219\u5fc5\u987b<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/MANUAL.md#--nvd-api-key-nvd_api_key\">\u63d0\u4f9b\u81ea\u5df1\u7684NVD_API_KEY<\/a>\u624d\u80fd\u4f7f\u7528\u5176 API\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u4f7f\u7528\u7684\u662f 3.3 \u4e4b\u524d\u7684\u7248\u672c\uff0c\u4f46\u8be5\u7248\u672c\u4e0d\u4f7f\u7528\u6211\u4eec\u7684\u955c\u50cf\uff0c\u8bf7\u4f7f\u7528\u4e0a\u8ff0NVD_API_KEY\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u9700\u8981 NVD_API_KEY\uff0c\u5219\u9700\u8981\u5230 <\/p>\n\n\n\n<p><a href=\"https:\/\/nvd.nist.gov\/developers\/request-an-api-key\">https:\/\/nvd.nist.gov\/developers\/request-an-api-key<\/a><\/p>\n\n\n\n<p>\u7533\u8bf7\uff0c\u9700\u8981\u90ae\u4ef6\u786e\u8ba4\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u6700\u53d7\u6b22\u8fce\u7684\u4f7f\u7528\u9009\u9879<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#most-popular-usage-options\"><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u4f7f\u7528\u4e8c\u8fdb\u5236\u626b\u63cf\u7a0b\u5e8f\u67e5\u627e\u5df2\u77e5\u6f0f\u6d1e<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#finding-known-vulnerabilities-using-the-binary-scanner\"><\/a><\/p>\n\n\n\n<p>\u8981\u5728\u76ee\u5f55\u6216\u6587\u4ef6\u4e0a\u8fd0\u884c\u4e8c\u8fdb\u5236\u626b\u63cf\u7a0b\u5e8f\uff0c\u8bf7\u6267\u884c\u4ee5\u4e0b\u64cd\u4f5c\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool &lt;directory\/file&gt;<\/pre><\/div>\n\n\n\n<p><strong>\u6ce8\u610f<\/strong>\uff1a\u6b64\u9009\u9879\u8fd8\u5c06\u4f7f\u7528\u4efb\u4f55<a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#language-specific-checkers\">\u7279\u5b9a\u4e8e\u8bed\u8a00\u7684\u68c0\u67e5\u5668<\/a>\u6765\u67e5\u627e\u7ec4\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8be5\u5de5\u5177\u5047\u5b9a\u60a8\u6b63\u5728\u5c1d\u8bd5\u626b\u63cf\u6574\u4e2a\u76ee\u5f55\uff0c\u4f46\u5982\u679c\u60a8\u4e3a\u5176\u63d0\u4f9b\u5217\u51fa\u4f9d\u8d56\u9879\u7684\u5355\u4e2a.csv\u6216.json\u6587\u4ef6\uff0c\u5219\u4f1a\u5c06\u5176\u89c6\u4e3a\u7269\u6599\u6e05\u5355\u3002\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528&nbsp;<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/MANUAL.md#-i-input_file---input-file-input_file\"><code>--input-file<\/code>&nbsp;\u9009\u9879<\/a>\u76f4\u63a5\u6307\u5b9a\u7269\u6599\u6e05\u5355\u6587\u4ef6\uff0c\u6216\u6309\u7167\u4ee5\u4e0b\u8bf4\u660e\u626b\u63cf SBOM\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u6ca1\u6709\u4e0b\u8f7d\u9ed8\u8ba4\u7684\u5e93\uff0c\u5982\u679c\u6709 nvd api key, \u5219\u53ef\u4ee5\u52a0\u4e0a &#8211;nvd-api-key \u9009\u9879,\u5219\u7b2c\u4e00\u6b21\u4f1a\u81ea\u52a8\u4e0b\u8f7d\uff0ctest \u662f\u6587\u4ef6\u6216\u662f\u76ee\u5f55<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool test --nvd-api-key xxxxx<\/pre><\/div>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u626b\u63cf SBOM \u6587\u4ef6\u4ee5\u67e5\u627e\u5df2\u77e5\u6f0f\u6d1e<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#scanning-an-sbom-file-for-known-vulnerabilities\"><\/a><\/p>\n\n\n\n<p>\u8981\u626b\u63cf\u8f6f\u4ef6\u7269\u6599\u6e05\u5355\u6587\u4ef6 \uff08SBOM\uff09\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool --sbom &lt;sbom_filetype&gt; --sbom-file &lt;sbom_filename&gt;<\/pre><\/div>\n\n\n\n<p>\u6709\u6548\u7684 SBOM \u7c7b\u578b\u5305\u62ec&nbsp;<a href=\"https:\/\/spdx.dev\/specifications\/\">SPDX<\/a>\u3001<a href=\"https:\/\/cyclonedx.org\/specification\/overview\/\">CycloneDX<\/a>&nbsp;\u548c&nbsp;<a href=\"https:\/\/csrc.nist.gov\/projects\/software-identification-swid\/guidelines\">SWID\u3002<\/a>&nbsp;\u626b\u63cf SBOM \u6587\u4ef6\u4e2d\u7684\u4ea7\u54c1\u540d\u79f0\u4e0d\u533a\u5206\u5927\u5c0f\u5199\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/how_to_guides\/sbom.md\">SBOM \u626b\u63cf\u64cd\u4f5c\u6307\u5357<\/a>\u63d0\u4f9b\u4e86\u5176\u4ed6 SBOM \u626b\u63cf\u793a\u4f8b\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u751f\u6210 SBOM<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#generating-an-sbom\"><\/a><\/p>\n\n\n\n<p>\u9664\u4e86\u626b\u63cf SBOM \u5916\uff0cCVE Binary Tool \u8fd8\u53ef\u7528\u4e8e\u4ece\u626b\u63cf\u751f\u6210 SBOM\uff0c\u5982\u4e0b\u6240\u793a\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool  --sbom-type &lt;sbom_type&gt; --sbom-format &lt;sbom-format&gt; --sbom-output &lt;sbom_filename&gt; &lt;other scan options as required&gt;<\/pre><\/div>\n\n\n\n<p>\u6709\u6548\u7684 SBOM \u7c7b\u578b\u4e3a&nbsp;<a href=\"https:\/\/spdx.dev\/specifications\/\">SPDX<\/a>&nbsp;\u548c&nbsp;<a href=\"https:\/\/cyclonedx.org\/specification\/overview\/\">CycloneDX<\/a>\u3002<\/p>\n\n\n\n<p>\u751f\u6210\u7684 SBOM \u5c06\u5305\u62ec\u4ea7\u54c1\u540d\u79f0\u3001\u7248\u672c\u548c\u4f9b\u5e94\u5546\uff08\u5982\u679c\u53ef\u7528\uff09\u3002\u672a\u63d0\u4f9b\u8bb8\u53ef\u8bc1\u4fe1\u606f\u3002<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/how_to_guides\/sbom_generation.md\">SBOM \u751f\u6210\u64cd\u4f5c\u6307\u5357<\/a>\u63d0\u4f9b\u4e86\u5176\u4ed6 SBOM \u751f\u6210\u793a\u4f8b\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u5bf9\u6f0f\u6d1e\u8fdb\u884c\u5206\u7c7b<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#triaging-vulnerabilities\"><\/a><\/p>\n\n\n\n<p>\u8be5\u9009\u9879\u53ef\u7528\u4e8e\u5728\u626b\u63cf\u76ee\u5f55\u65f6\u6dfb\u52a0\u989d\u5916\u7684\u5206\u7c7b\u6570\u636e\uff0c\u5982\u5907\u6ce8\u3001\u6ce8\u91ca\u7b49\uff0c\u4ee5\u4fbf\u8f93\u51fa\u5c06\u53cd\u6620\u6b64\u5206\u7c7b\u6570\u636e\uff0c\u5e76\u4e14\u53ef\u4ee5\u8282\u7701\u91cd\u65b0\u5206\u7c7b\u7684\u65f6\u95f4\uff08\u7528\u6cd5\uff1a\uff09\u3002 \u652f\u6301\u7684\u683c\u5f0f\u662f<a href=\"https:\/\/cyclonedx.org\/capabilities\/vex\/\">CycloneDX<\/a>&nbsp;VEX\u683c\u5f0f\uff0c\u53ef\u4ee5\u4f7f\u7528\u8be5\u9009\u9879\u751f\u6210\u3002<code>--triage-input-file<\/code><code>cve-bin-tool --triage-input-file test.vex \/path\/to\/scan<\/code><code>--vex<\/code><\/p>\n\n\n\n<p>\u5178\u578b\u7528\u6cd5\uff1a<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>\u4f7f\u7528<code>cve-bin-tool \/path\/to\/scan --vex triage.vex<\/code><\/li>\n\n\n\n<li>\u4f7f\u7528\u60a8\u559c\u6b22\u7684\u6587\u672c\u7f16\u8f91\u5668\u7f16\u8f91 triage.vex\uff0c\u4ee5\u63d0\u4f9b\u6709\u5173\u6240\u5217\u6f0f\u6d1e\u7684\u5206\u7c7b\u4fe1\u606f\u3002<\/li>\n\n\n\n<li>\u5c06\u6b64\u5206\u7c7b\u6587\u4ef6\u7528\u4e8e\u5c06\u6765\u7684\u626b\u63cf\uff0c\u5982\u4e0b\u6240\u793a\uff1a<code>cve-bin-tool \/path\/to\/scan --triage-input-file triage.vex<\/code><\/li>\n<\/ol>\n\n\n\n<p>\u5e94\u8be5\u53ef\u4ee5\u5728cve-bin-tool\u7684\u4e0d\u540c\u8fd0\u884c\u4e4b\u95f4\u5171\u4eab\u5206\u7c7b\u6570\u636e\uff0c\u6216\u8005\u4e0e\u5176\u4ed6\u652f\u6301CycloneDX VEX\u683c\u5f0f\u7684\u5de5\u5177\u5171\u4eab\u5206\u7c7b\u6570\u636e\u3002\u8fd9\u5bf9\u4e8e\u626b\u63cf\u76f8\u5173\u4ea7\u54c1\u6216\u5bb9\u5668\u7684\u56e2\u961f\u3001\u51fa\u4e8e\u5408\u89c4\u6027\u539f\u56e0\u9700\u8981\u4f7f\u7528\u591a\u79cd\u5de5\u5177\u7684\u56e2\u961f\u3001\u5177\u6709\u63d0\u4f9b\u6709\u5173\u6f0f\u6d1e\u4f1a\u5ba1\u6307\u5bfc\u7684\u4e2d\u592e\u5b89\u5168\u7b56\u7565\u7ec4\u7684\u516c\u53f8\u7b49\u7279\u522b\u6709\u7528\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u79bb\u7ebf\u4f7f\u7528\u8be5\u5de5\u5177<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#using-the-tool-offline\"><\/a><\/p>\n\n\n\n<p>\u5728\u8fd0\u884c\u626b\u63cf\u65f6\u6307\u5b9a\u8be5\u9009\u9879\u53ef\u786e\u4fdd cve-bin-tool \u4e0d\u4f1a\u5c1d\u8bd5\u4e0b\u8f7d\u6700\u65b0\u7684\u6570\u636e\u5e93\u6587\u4ef6\u6216\u68c0\u67e5\u8be5\u5de5\u5177\u7684\u66f4\u65b0\u7248\u672c\u3002<code>--offline<\/code><\/p>\n\n\n\n<p>\u8bf7\u6ce8\u610f\uff0c\u60a8\u9700\u8981\u5148\u83b7\u53d6\u6f0f\u6d1e\u6570\u636e\u7684\u526f\u672c\uff0c\u7136\u540e\u8be5\u5de5\u5177\u624d\u80fd\u5728\u8131\u673a\u6a21\u5f0f\u4e0b\u8fd0\u884c\u3002<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/how_to_guides\/offline.md\">\u8131\u673a\u64cd\u4f5c\u6307\u5357\u5305\u542b\u6709\u5173\u5982\u4f55\u8bbe\u7f6e\u6570\u636e\u5e93\u7684\u8be6\u7ec6\u4fe1\u606f\u3002<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u5728 GitHub Actions \u4e2d\u4f7f\u7528 CVE \u4e8c\u8fdb\u5236\u5de5\u5177<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#using-cve-binary-tool-in-github-actions\"><\/a><\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u60f3\u5c06 cve-bin-tool \u96c6\u6210\u4e3a github \u64cd\u4f5c\u7ba1\u9053\u7684\u4e00\u90e8\u5206\uff0c\u60a8\u53ef\u4ee5\u4f7f\u7528 cve-bin-tool \u7684\u5b98\u65b9 GitHub \u64cd\u4f5c\u3002 \u5728\u6b64\u5904\u67e5\u627e<a href=\"https:\/\/github.com\/intel\/cve-bin-tool-action\/#cve-binary-tool-github-action\">\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\u3002<\/a>GitHub Action \u5728\u5b89\u5168\u9009\u9879\u5361\u4e0a\u63d0\u4f9b\u62a5\u544a\uff0c\u8be5\u9009\u9879\u5361\u53ef\u4f9b\u5f00\u6e90\u9879\u76ee\u4ee5\u53ca\u4e3a\u8be5\u8bbf\u95ee\u4ed8\u8d39\u7684 GitHub \u5ba2\u6237\u4f7f\u7528\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u5e0c\u671b\u76f4\u63a5\u4f7f\u7528\u8be5\u5de5\u5177\uff0c\u6211\u4eec\u8fd8\u63d0\u4f9b\u4e86\u4e00\u4e2a<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/how_to_guides\/cve_scanner_gh_action.yml\">\u793a\u4f8b GitHub \u64cd\u4f5c<\/a>\u3002\u5bf9\u4e8e\u60f3\u8981\u5c06\u62a5\u544a\u5b58\u50a8\u5728\u8bc1\u636e\u50a8\u7269\u67dc\u4e2d\u7684\u56e2\u961f\u6216\u65e0\u6743\u8bbf\u95ee GitHub Security \u9009\u9879\u5361\u7684\u56e2\u961f\u6765\u8bf4\uff0c\u8fd9\u53ef\u80fd\u662f\u4e00\u4e2a\u4e0d\u9519\u7684\u9009\u62e9\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u8f93\u51fa\u9009\u9879<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#output-options\"><\/a><\/p>\n\n\n\n<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cCVE \u4e8c\u8fdb\u5236\u5de5\u5177\u63d0\u4f9b\u57fa\u4e8e\u63a7\u5236\u53f0\u7684\u8f93\u51fa\u3002\u5982\u679c\u8981\u63d0\u4f9b\u5176\u4ed6\u683c\u5f0f\uff0c\u53ef\u4ee5\u5728\u547d\u4ee4\u884c\u4e0a\u4f7f\u7528 \u6307\u5b9a\u6b64\u683c\u5f0f\u548c\u6587\u4ef6\u540d\u3002\u6709\u6548\u683c\u5f0f\u4e3a CSV\u3001JSON\u3001\u63a7\u5236\u53f0\u3001HTML \u548c PDF\u3002\u53ef\u4ee5\u4f7f\u7528\u6807\u5fd7\u6307\u5b9a\u8f93\u51fa\u6587\u4ef6\u540d\u3002<code>--format<\/code><code>--output-file<\/code><\/p>\n\n\n\n<p>\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528\u9017\u53f7 \uff08&#8217;\uff0c&#8217;\uff09 \u4f5c\u4e3a\u5206\u9694\u7b26\u6765\u6307\u5b9a\u591a\u79cd\u8f93\u51fa\u683c\u5f0f\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool file -f csv,json,html -o report<\/pre><\/div>\n\n\n\n<p>\u6ce8\u610f\uff1a\u4e0d\u5f97\u5728\u9017\u53f7\uff08&#8217;\uff0c&#8217;\uff09\u548c\u8f93\u51fa\u683c\u5f0f\u4e4b\u95f4\u4f7f\u7528\u7a7a\u683c\u3002<\/p>\n\n\n\n<p>\u6b64\u5916\uff0c\u8fd8\u53ef\u4ee5\u5728 \u6f0f\u6d1e\u4ea4\u6362 \uff08VEX\uff09 \u683c\u5f0f\u901a\u8fc7\u6307\u5b9a\u547d\u4ee4\u884c\u9009\u9879\u3002 \u7136\u540e\uff0c\u751f\u6210\u7684 VEX \u6587\u4ef6\u53ef\u4ee5\u7528\u4f5c\u652f\u6301 \u4f1a\u5ba1\u8fc7\u7a0b\u3002<code>--vex<\/code><code>--triage-input-file<\/code><\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u5e0c\u671b\u4f7f\u7528 PDF \u652f\u6301\uff0c\u5219\u9700\u8981\u5355\u72ec\u5b89\u88c5\u8be5\u5e93\u3002<code>reportlab<\/code><\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u6253\u7b97\u5728\u5b89\u88c5 cve-bin-tool \u65f6\u4f7f\u7528 PDF \u652f\u6301\uff0c\u60a8\u53ef\u4ee5\u6307\u5b9a\u5b83\uff0c\u62a5\u544a\u5b9e\u9a8c\u5ba4\u5c06\u4f5c\u4e3a cve-bin-tool \u5b89\u88c5\u7684\u4e00\u90e8\u5206\u5b89\u88c5\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">pip install cve-bin-tool[PDF]<\/pre><\/div>\n\n\n\n<p>\u5982\u679c\u60a8\u5df2\u7ecf\u5b89\u88c5\u4e86 cve-bin-tool\uff0c\u5219\u53ef\u4ee5\u5728\u4e8b\u540e\u6dfb\u52a0 reportlab \u4f7f\u7528\u753b\u4e2d\u753b\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">pip install --upgrade reportlab<\/pre><\/div>\n\n\n\n<p>\u8bf7\u6ce8\u610f\uff0creportlab \u5df2\u4ece\u9ed8\u8ba4\u7684 cve-bin-tool \u5b89\u88c5\u4e2d\u5220\u9664\uff0c\u56e0\u4e3a \u5b83\u6709\u4e00\u4e2a\u4e0e\u4e4b\u5173\u8054\u7684\u5df2\u77e5 CVE \uff08<a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-28463\">CVE-2020-28463<\/a>\uff09\u3002\u8fd9 cve-bin-tool \u4ee3\u7801\u4f7f\u7528\u5efa\u8bae\u7684\u7f13\u89e3\u63aa\u65bd\u6765\u9650\u5236\u54ea\u4e9b\u8d44\u6e90 \u6dfb\u52a0\u5230 PDF \u4e2d\uff0c\u4ee5\u53ca\u5176\u4ed6\u8f93\u5165\u9a8c\u8bc1\u3002\u8fd9\u6709\u70b9\u50cf \u5947\u602a\u7684 CVE\uff0c\u56e0\u4e3a\u5b83\u63cf\u8ff0\u4e86 PDF \u7684\u6838\u5fc3\u529f\u80fd\uff1a\u5916\u90e8\u9879\u76ee\u3001 \u4f8b\u5982\u56fe\u50cf\uff0c\u53ef\u4ee5\u5d4c\u5165\u5176\u4e2d\uff0c\u56e0\u6b64\u4efb\u4f55\u67e5\u770b PDF \u7684\u4eba\u90fd\u53ef\u4ee5 \u52a0\u8f7d\u5916\u90e8\u56fe\u50cf\uff08\u7c7b\u4f3c\u4e8e\u67e5\u770b\u7f51\u9875\u5982\u4f55\u89e6\u53d1\u5916\u90e8\u56fe\u50cf \u8d1f\u8f7d\uff09\u3002\u5bf9\u6b64\u6ca1\u6709\u56fa\u6709\u7684\u201c\u4fee\u590d\u201d\uff0c\u53ea\u6709\u7f13\u89e3\u63aa\u65bd\uff0c\u5176\u4e2d\u7528\u6237 \u5e93\u5fc5\u987b\u786e\u4fdd\u5728 PDF \u65f6\u4ec5\u5c06\u9884\u671f\u9879\u76ee\u6dfb\u52a0\u5230 PDF \u4e2d \u4ee3\u3002<\/p>\n\n\n\n<p>\u7531\u4e8e\u7528\u6237\u53ef\u80fd\u4e0d\u5e0c\u671b\u4f7f\u7528\u5f00\u653e\u7684\u3001\u65e0\u6cd5\u4fee\u590d\u7684 CVE \u5b89\u88c5\u8f6f\u4ef6 \u4e0e\u4e4b\u76f8\u5173\uff0c\u6211\u4eec\u9009\u62e9\u4ec5\u5411\u4ee5\u4e0b\u7528\u6237\u63d0\u4f9b PDF \u652f\u6301 \u81ea\u5df1\u5b89\u88c5\u4e86\u5e93\u3002\u5b89\u88c5\u5e93\u540e\uff0cPDF \u62a5\u544a\u9009\u9879\u5c06\u8d77\u4f5c\u7528\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u914d\u7f6e<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#configuration\"><\/a><\/p>\n\n\n\n<p>\u60a8\u53ef\u4ee5\u4f7f\u7528\u9009\u9879\u4e3a\u5de5\u5177\u63d0\u4f9b\u914d\u7f6e\u6587\u4ef6\u3002\u60a8\u4ecd\u7136\u53ef\u4ee5\u4f7f\u7528\u547d\u4ee4\u884c\u53c2\u6570\u8986\u76d6\u914d\u7f6e\u6587\u4ef6\u4e2d\u6307\u5b9a\u7684\u9009\u9879\u3002\u8bf7\u53c2\u9605&nbsp;<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/test\/config\/\">test\/config<\/a>&nbsp;\u4e2d\u7684\u793a\u4f8b\u914d\u7f6e\u6587\u4ef6<code>--config<\/code><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u81ea\u52a8\u68c0\u6d4b\u7ec4\u4ef6<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#auto-detection-of-components\"><\/a><\/p>\n\n\n\n<p>CVE \u4e8c\u8fdb\u5236\u5de5\u5177\u5c1d\u8bd5\u4f7f\u7528\u4e8c\u8fdb\u5236\u68c0\u67e5\u5668\u3001\u652f\u6301\u7684\u8bed\u8a00\u7ec4\u4ef6\u5217\u8868\u548c\u6587\u4ef6\u63d0\u53d6\u65b9\u6cd5\u5bf9\u7ec4\u4ef6\u8fdb\u884c\u81ea\u52a8\u68c0\u6d4b\u3002\u4e0b\u9762\u5217\u51fa\u4e86\u652f\u6301\u7684\u81ea\u52a8\u68c0\u6d4b\u5de5\u5177\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u4e8c\u8fdb\u5236\u68c0\u67e5\u5668\u5217\u8868<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#binary-checker-list\"><\/a><\/p>\n\n\n\n<p>\u4ee5\u4e0b\u68c0\u67e5\u5668\u53ef\u7528\u4e8e\u5728\u4e8c\u8fdb\u5236\u6587\u4ef6\u4e2d\u67e5\u627e\u7ec4\u4ef6\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th><\/th><th><\/th><th>Available checkers<\/th><th><\/th><th><\/th><th><\/th><\/tr><\/thead><tbody><tr><td>accountsservice<\/td><td>acpid<\/td><td>apache_http_server<\/td><td>apcupsd<\/td><td>apparmor<\/td><td>asn1c<\/td><td>assimp<\/td><\/tr><tr><td>asterisk<\/td><td>atftp<\/td><td>avahi<\/td><td>axel<\/td><td>bash<\/td><td>bind<\/td><td>binutils<\/td><\/tr><tr><td>bird<\/td><td>bison<\/td><td>bluez<\/td><td>boinc<\/td><td>botan<\/td><td>bro<\/td><td>bubblewrap<\/td><\/tr><tr><td>busybox<\/td><td>bwm_ng<\/td><td>bzip2<\/td><td>c_ares<\/td><td>capnproto<\/td><td>ceph<\/td><td>chess<\/td><\/tr><tr><td>chrony<\/td><td>civetweb<\/td><td>clamav<\/td><td>collectd<\/td><td>commons_compress<\/td><td>connman<\/td><td>coreutils<\/td><\/tr><tr><td>cpio<\/td><td>cronie<\/td><td>cryptsetup<\/td><td>cups<\/td><td>curl<\/td><td>cvs<\/td><td>darkhttpd<\/td><\/tr><tr><td>dav1d<\/td><td>davfs2<\/td><td>dbus<\/td><td>debianutils<\/td><td>dhclient<\/td><td>dhcpcd<\/td><td>dhcpd<\/td><\/tr><tr><td>dmidecode<\/td><td>dnsmasq<\/td><td>docker<\/td><td>domoticz<\/td><td>dosfstools<\/td><td>dotnet<\/td><td>dovecot<\/td><\/tr><tr><td>doxygen<\/td><td>dpkg<\/td><td>dropbear<\/td><td>e2fsprogs<\/td><td>ed<\/td><td>elfutils<\/td><td>emacs<\/td><\/tr><tr><td>enscript<\/td><td>exfatprogs<\/td><td>exim<\/td><td>exiv2<\/td><td>f2fs_tools<\/td><td>faad2<\/td><td>fastd<\/td><\/tr><tr><td>ffmpeg<\/td><td>file<\/td><td>firefox<\/td><td>flac<\/td><td>fluidsynth<\/td><td>freeradius<\/td><td>freerdp<\/td><\/tr><tr><td>fribidi<\/td><td>frr<\/td><td>gawk<\/td><td>gcc<\/td><td>gdal<\/td><td>gdb<\/td><td>gdk_pixbuf<\/td><\/tr><tr><td>gimp<\/td><td>git<\/td><td>glib<\/td><td>glibc<\/td><td>gmp<\/td><td>gnomeshell<\/td><td>gnupg<\/td><\/tr><tr><td>gnutls<\/td><td>go<\/td><td>gpgme<\/td><td>gpsd<\/td><td>graphicsmagick<\/td><td>grep<\/td><td>grub2<\/td><\/tr><tr><td>gstreamer<\/td><td>gupnp<\/td><td>gvfs<\/td><td>gzip<\/td><td>haproxy<\/td><td>harfbuzz<\/td><td>haserl<\/td><\/tr><tr><td>hdf5<\/td><td>heimdal<\/td><td>hostapd<\/td><td>hunspell<\/td><td>hwloc<\/td><td>i2pd<\/td><td>icecast<\/td><\/tr><tr><td>icu<\/td><td>iperf3<\/td><td>ipmitool<\/td><td>ipsec_tools<\/td><td>iptables<\/td><td>irssi<\/td><td>iucode_tool<\/td><\/tr><tr><td>iwd<\/td><td>jack2<\/td><td>jacksondatabind<\/td><td>janus<\/td><td>jhead<\/td><td>jq<\/td><td>json_c<\/td><\/tr><tr><td>kbd<\/td><td>keepalived<\/td><td>kerberos<\/td><td>kexectools<\/td><td>kodi<\/td><td>kubernetes<\/td><td>ldns<\/td><\/tr><tr><td>lftp<\/td><td>libarchive<\/td><td>libass<\/td><td>libbpg<\/td><td>libcoap<\/td><td>libconfuse<\/td><td>libcurl<\/td><\/tr><tr><td>libdb<\/td><td>libde265<\/td><td>libebml<\/td><td>libevent<\/td><td>libexpat<\/td><td>libgcrypt<\/td><td>libgd<\/td><\/tr><tr><td>libgit2<\/td><td>libheif<\/td><td>libical<\/td><td>libidn2<\/td><td>libinput<\/td><td>libjpeg<\/td><td>libjpeg_turbo<\/td><\/tr><tr><td>libksba<\/td><td>liblas<\/td><td>libmatroska<\/td><td>libmemcached<\/td><td>libmicrohttpd<\/td><td>libmodbus<\/td><td>libnss<\/td><\/tr><tr><td>libpcap<\/td><td>libraw<\/td><td>librsvg<\/td><td>librsync<\/td><td>libsamplerate<\/td><td>libseccomp<\/td><td>libsndfile<\/td><\/tr><tr><td>libsolv<\/td><td>libsoup<\/td><td>libsrtp<\/td><td>libssh<\/td><td>libssh2<\/td><td>libtasn1<\/td><td>libtiff<\/td><\/tr><tr><td>libtomcrypt<\/td><td>libupnp<\/td><td>libuv<\/td><td>libvips<\/td><td>libvirt<\/td><td>libvncserver<\/td><td>libvorbis<\/td><\/tr><tr><td>libvpx<\/td><td>libxslt<\/td><td>lighttpd<\/td><td>linux_kernel<\/td><td>lldpd<\/td><td>logrotate<\/td><td>lrzip<\/td><\/tr><tr><td>lua<\/td><td>luajit<\/td><td>lxc<\/td><td>lynx<\/td><td>lz4<\/td><td>mailx<\/td><td>mariadb<\/td><\/tr><tr><td>mbedtls<\/td><td>mdadm<\/td><td>memcached<\/td><td>micropython<\/td><td>minetest<\/td><td>mini_httpd<\/td><td>minicom<\/td><\/tr><tr><td>minidlna<\/td><td>miniupnpc<\/td><td>miniupnpd<\/td><td>moby<\/td><td>modsecurity<\/td><td>monit<\/td><td>mosquitto<\/td><\/tr><tr><td>motion<\/td><td>mpg123<\/td><td>mpv<\/td><td>msmtp<\/td><td>mtr<\/td><td>mupdf<\/td><td>mutt<\/td><\/tr><tr><td>mysql<\/td><td>nano<\/td><td>nasm<\/td><td>nbd<\/td><td>ncurses<\/td><td>neon<\/td><td>nessus<\/td><\/tr><tr><td>netatalk<\/td><td>netdata<\/td><td>netkit_ftp<\/td><td>netpbm<\/td><td>nettle<\/td><td>nghttp2<\/td><td>nginx<\/td><\/tr><tr><td>ngircd<\/td><td>nmap<\/td><td>node<\/td><td>ntfs_3g<\/td><td>ntp<\/td><td>ntpsec<\/td><td>open_iscsi<\/td><\/tr><tr><td>open_vm_tools<\/td><td>openafs<\/td><td>opencv<\/td><td>openjpeg<\/td><td>openldap<\/td><td>opensc<\/td><td>openssh<\/td><\/tr><tr><td>openssl<\/td><td>openswan<\/td><td>openvpn<\/td><td>p7zip<\/td><td>pango<\/td><td>patch<\/td><td>pcre<\/td><\/tr><tr><td>pcre2<\/td><td>pcsc_lite<\/td><td>perl<\/td><td>php<\/td><td>picocom<\/td><td>pigz<\/td><td>pixman<\/td><\/tr><tr><td>png<\/td><td>polarssl_fedora<\/td><td>poppler<\/td><td>postgresql<\/td><td>ppp<\/td><td>privoxy<\/td><td>procps_ng<\/td><\/tr><tr><td>proftpd<\/td><td>protobuf_c<\/td><td>pspp<\/td><td>pure_ftpd<\/td><td>putty<\/td><td>python<\/td><td>qemu<\/td><\/tr><tr><td>qpdf<\/td><td>qt<\/td><td>quagga<\/td><td>radare2<\/td><td>radvd<\/td><td>raptor<\/td><td>rauc<\/td><\/tr><tr><td>rdesktop<\/td><td>readline<\/td><td>rpm<\/td><td>rsync<\/td><td>rsyslog<\/td><td>rtl_433<\/td><td>rtmpdump<\/td><\/tr><tr><td>runc<\/td><td>rust<\/td><td>samba<\/td><td>sane_backends<\/td><td>sdl<\/td><td>seahorse<\/td><td>shadowsocks_libev<\/td><\/tr><tr><td>snapd<\/td><td>sngrep<\/td><td>snort<\/td><td>socat<\/td><td>sofia_sip<\/td><td>speex<\/td><td>spice<\/td><\/tr><tr><td>sqlite<\/td><td>squashfs<\/td><td>squid<\/td><td>sslh<\/td><td>stellarium<\/td><td>strongswan<\/td><td>stunnel<\/td><\/tr><tr><td>subversion<\/td><td>sudo<\/td><td>suricata<\/td><td>sylpheed<\/td><td>syslogng<\/td><td>sysstat<\/td><td>systemd<\/td><\/tr><tr><td>tar<\/td><td>tcpdump<\/td><td>tcpreplay<\/td><td>terminology<\/td><td>tesseract<\/td><td>thrift<\/td><td>thttpd<\/td><\/tr><tr><td>thunderbird<\/td><td>timescaledb<\/td><td>tinyproxy<\/td><td>tor<\/td><td>tpm2_tss<\/td><td>traceroute<\/td><td>transmission<\/td><\/tr><tr><td>trousers<\/td><td>ttyd<\/td><td>twonky_server<\/td><td>u_boot<\/td><td>udisks<\/td><td>unbound<\/td><td>unixodbc<\/td><\/tr><tr><td>upx<\/td><td>util_linux<\/td><td>varnish<\/td><td>vim<\/td><td>vlc<\/td><td>vorbis_tools<\/td><td>vsftpd<\/td><\/tr><tr><td>webkitgtk<\/td><td>wget<\/td><td>wireshark<\/td><td>wolfssl<\/td><td>wpa_supplicant<\/td><td>xerces<\/td><td>xml2<\/td><\/tr><tr><td>xscreensaver<\/td><td>xwayland<\/td><td>yasm<\/td><td>zabbix<\/td><td>zchunk<\/td><td>zeek<\/td><td>zlib<\/td><\/tr><tr><td>znc<\/td><td>zsh<\/td><td>zstandard<\/td><td><\/td><td><\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u6240\u6709\u68c0\u67e5\u5668\u90fd\u53ef\u4ee5\u5728\u68c0\u67e5\u5668\u76ee\u5f55\u4e2d\u627e\u5230\uff0c<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/cve_bin_tool\/checkers\/README.md\">\u6709\u5173\u5982\u4f55\u6dfb\u52a0\u65b0\u68c0\u67e5\u5668\u7684\u8bf4\u660e<\/a>\u4e5f\u53ef\u4ee5\u627e\u5230\u3002 \u53ef\u4ee5\u901a\u8fc7&nbsp;<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/issues\">GitHub \u95ee\u9898<\/a>\u8bf7\u6c42\u5bf9\u65b0\u68c0\u67e5\u5668\u7684\u652f\u6301\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u7279\u5b9a\u8bed\u8a00\u68c0\u67e5\u5668<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#language-specific-checkers\"><\/a><\/p>\n\n\n\n<p>\u8bb8\u591a\u68c0\u67e5\u5668\u53ef\u7528\u4e8e\u67e5\u627e\u7279\u5b9a\u8bed\u8a00\u5305\u4e2d\u7684\u6613\u53d7\u653b\u51fb\u7684\u7ec4\u4ef6\u3002<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Language<\/th><th>Files supported<\/th><\/tr><\/thead><tbody><tr><td>Dart<\/td><td><code>pubspec.lock<\/code><\/td><\/tr><tr><td>Go<\/td><td><code>Go.mod<\/code><\/td><\/tr><tr><td>Java<\/td><td><code>pom.xml<\/code>; JAR, WAR and EAR archives<\/td><\/tr><tr><td>JavaScript<\/td><td><code>package-lock.json<\/code><\/td><\/tr><tr><td>Rust<\/td><td><code>Cargo.lock<\/code><\/td><\/tr><tr><td>Ruby<\/td><td><code>Gemfile.lock<\/code><\/td><\/tr><tr><td>R<\/td><td><code>renv.lock<\/code><\/td><\/tr><tr><td>Swift<\/td><td><code>Package.resolved<\/code><\/td><\/tr><tr><td>Python<\/td><td><code>requirements.txt<\/code>,&nbsp;<code>PKG-INFO<\/code>,&nbsp;<code>METADATA<\/code>; .whl and .egg files<\/td><\/tr><tr><td>Perl<\/td><td><code>cpanfile<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>\u6709\u5173<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/doc\/MANUAL.md#language-specific-checkers\">\u7279\u5b9a\u8bed\u8a00\u68c0\u67e5\u5668<\/a>\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605&nbsp;<a href=\"https:\/\/cve-bin-tool.readthedocs.io\/en\/latest\/MANUAL.html\">CVE \u4e8c\u8fdb\u5236\u5de5\u5177\u624b\u518c<\/a>\u3002<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>\u652f\u6301\u7684\u5b58\u6863\u683c\u5f0f<\/strong><\/h3>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#supported-archive-formats\"><\/a><\/p>\n\n\n\n<p>\u81ea\u52a8\u89e3\u538b\u5668\u5f53\u524d\u652f\u6301\u4ee5\u4e0b\u5b58\u6863\u683c\u5f0f\uff1a<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><th>Archive Format<\/th><th>File Extension<\/th><\/tr><\/thead><tbody><tr><td>zip<\/td><td>.zip, .exe, .jar, .msi, .egg, .whl, .war, .ear<\/td><\/tr><tr><td>tar<\/td><td>.tar, .tgz, .tar.gz, .tar.xz, .tar.bz2<\/td><\/tr><tr><td>deb<\/td><td>.deb, .ipk<\/td><\/tr><tr><td>rpm<\/td><td>.rpm<\/td><\/tr><tr><td>cab<\/td><td>.cab<\/td><\/tr><tr><td>apk<\/td><td>.apk<\/td><\/tr><tr><td>zst<\/td><td>.zst<\/td><\/tr><tr><td>pkg<\/td><td>.pkg<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5176\u4ed6\u8981\u6c42<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#additional-requirements\"><\/a><\/p>\n\n\n\n<p>\u8981\u4f7f\u7528\u81ea\u52a8\u89e3\u538b\u5668\uff0c\u60a8\u53ef\u80fd\u9700\u8981\u4ee5\u4e0b\u5b9e\u7528\u7a0b\u5e8f\uff0c\u5177\u4f53\u53d6\u51b3\u4e8e\u60a8\u9700\u8981\u89e3\u538b<a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#supported-archive-formats\">\u7684\u53d7\u652f\u6301\u5b58\u6863\u683c\u5f0f<\/a>\u7684\u7c7b\u578b\u3002<\/p>\n\n\n\n<p>\u5728 Linux \u4e0a\u8fd0\u884c\u5b8c\u6574\u6d4b\u8bd5\u5957\u4ef6\u9700\u8981\u4ee5\u4e0b\u5b9e\u7528\u7a0b\u5e8f\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>file<\/code><\/li>\n\n\n\n<li><code>strings<\/code><\/li>\n\n\n\n<li><code>tar<\/code><\/li>\n\n\n\n<li><code>unzip<\/code><\/li>\n\n\n\n<li><code>rpm2cpio<\/code><\/li>\n\n\n\n<li><code>cpio<\/code><\/li>\n\n\n\n<li><code>ar<\/code><\/li>\n\n\n\n<li><code>cabextract<\/code><\/li>\n<\/ul>\n\n\n\n<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u5176\u4e2d\u5927\u591a\u6570\u90fd\u5b89\u88c5\u5728\u8bb8\u591a Linux \u7cfb\u7edf\u4e0a\uff0c\u4f46\u5c24\u5176\u53ef\u80fd\u9700\u8981\u5b89\u88c5\u3002<code>cabextract<\/code><code>rpm2cpio<\/code><\/p>\n\n\n\n<p>\u5728 Windows \u7cfb\u7edf\u4e0a\uff0c\u60a8\u53ef\u80fd\u9700\u8981\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>ar<\/code><\/li>\n\n\n\n<li><code>7z<\/code><\/li>\n\n\n\n<li><code>Expand<\/code><\/li>\n\n\n\n<li><code>pdftotext<\/code><\/li>\n<\/ul>\n\n\n\n<p>\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0cWindows \u5df2\u5b89\u88c5\uff0c\u4f46\u53ef\u80fd\u9700\u8981\u5b89\u88c5\u3002 \u5982\u679c\u60a8\u60f3\u8fd0\u884c\u6211\u4eec\u7684\u6d4b\u8bd5\u5957\u4ef6\u6216\u626b\u63cf zstd \u538b\u7f29\u6587\u4ef6\uff0c\u6211\u4eec\u5efa\u8bae\u5b89\u88c5 7zip \u7684\u8fd9\u4e2a&nbsp;<a href=\"https:\/\/github.com\/mcmilk\/7-Zip-zstd\">7-zip-zstd<\/a>&nbsp;\u5206\u652f\u3002\u6211\u4eec\u76ee\u524d\u7528\u4e8e\u63d0\u53d6 \u3001 \u3001 \u548c \u6587\u4ef6\u3002 \u8981\u5b89\u88c5\uff0c\u60a8\u53ef\u4ee5\u4ece<a href=\"https:\/\/www.mingw-w64.org\/downloads\/#msys2\">\u6b64\u5904<\/a>\u5b89\u88c5 MinGW\uff08\u5176\u4e2d\u5305\u542b binutils \u4f5c\u4e3a\u5176\u4e2d\u7684\u4e00\u90e8\u5206\uff09\u5e76\u8fd0\u884c\u4e0b\u8f7d\u7684 .exe \u6587\u4ef6\u3002<code>Expand<\/code><code>ar<\/code><code>7z<\/code><code>7z<\/code><code>jar<\/code><code>apk<\/code><code>msi<\/code><code>exe<\/code><code>rpm<\/code><code>ar<\/code><\/p>\n\n\n\n<p>\u5982\u679c\u5728\u5c1d\u8bd5\u4ece pip \u5b89\u88c5\u65f6\u6536\u5230\u6709\u5173\u6784\u5efa\u5e93\u7684\u9519\u8bef\uff0c \u60a8\u53ef\u80fd\u9700\u8981\u5b89\u88c5 Windows \u751f\u6210\u5de5\u5177\u3002Windows \u751f\u6210\u5de5\u5177\u5305\u62ec&nbsp;<a href=\"https:\/\/visualstudio.microsoft.com\/visual-cpp-build-tools\/\">\u514d\u8d39\u63d0\u4f9b https:\/\/visualstudio.microsoft.com\/visual-cpp-build-tools\/<\/a><\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u5728 Windows \u4e0a\u5b89\u88c5 brotlipy \u65f6\u9047\u5230\u9519\u8bef\uff0c\u8bf7\u5b89\u88c5 \u4e0a\u9762\u7684\u7f16\u8bd1\u5668\u5e94\u8be5\u53ef\u4ee5\u4fee\u590d\u5b83\u3002<\/p>\n\n\n\n<p><code>pdftotext<\/code>\u662f\u8fd0\u884c\u6d4b\u8bd5\u6240\u5fc5\u9700\u7684\u3002\uff08cve-bin-tool \u7684\u7528\u6237\u53ef\u80fd\u4e0d\u9700\u8981\u5b83\uff0c\u4f46\u5f00\u53d1\u4eba\u5458\u53ef\u80fd\u4f1a\u9700\u8981\u5b83\u3002\u5728 Windows \u4e0a\u5b89\u88c5\u5b83\u7684\u6700\u4f73\u65b9\u6cd5\u662f\u4f7f\u7528&nbsp;<a href=\"https:\/\/docs.conda.io\/projects\/conda\/en\/latest\/user-guide\/install\/windows.html\">conda<\/a>\uff08\u5355\u51fb<a href=\"https:\/\/anaconda.org\/conda-forge\/pdftotext\">\u6b64\u5904<\/a>\u83b7\u53d6\u8fdb\u4e00\u6b65\u8bf4\u660e\uff09\u3002<\/p>\n\n\n\n<p>\u60a8\u53ef\u4ee5\u67e5\u770b<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/.github\/workflows\/testing.yml\">\u6211\u4eec\u7684 CI \u914d\u7f6e<\/a>\uff0c\u4e86\u89e3\u6211\u4eec\u6b63\u5728\u663e\u5f0f\u6d4b\u8bd5\u7684 python \u7248\u672c\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5c40\u9650\u6027<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#limitations\"><\/a><\/p>\n\n\n\n<p>\u6b64\u626b\u63cf\u7a0b\u5e8f\u4e0d\u4f1a\u5c1d\u8bd5\u5229\u7528\u95ee\u9898\u6216\u68c0\u67e5\u4ee3\u7801 \u7ec6\u8282;\u5b83\u53ea\u67e5\u627e\u5e93\u7b7e\u540d\u548c\u7248\u672c\u53f7\u3002\u56e0\u6b64\uff0c\u5b83 \u65e0\u6cd5\u5224\u65ad\u662f\u5426\u6709\u4eba\u5c06\u4fee\u590d\u7a0b\u5e8f\u5411\u540e\u79fb\u690d\u5230\u6613\u53d7\u653b\u51fb\u7684\u7248\u672c\uff0c\u5e76\u4e14\u5b83 \u5982\u679c\u5e93\u6216\u7248\u672c\u4fe1\u606f\u88ab\u6545\u610f\u6df7\u6dc6\uff0c\u5219\u4e0d\u8d77\u4f5c\u7528\u3002<\/p>\n\n\n\n<p>\u8be5\u5de5\u5177\u65e8\u5728\u7528\u4f5c\u5feb\u901f\u8fd0\u884c\u3001\u6613\u4e8e\u81ea\u52a8\u5316\u7684\u7b7e\u5165 \u975e\u6076\u610f\u73af\u5883\uff0c\u4ee5\u4fbf\u5f00\u53d1\u4eba\u5458\u53ef\u4ee5\u4e86\u89e3\u65e7\u5e93 \u5df2\u7f16\u8bd1\u5230\u5176\u4e8c\u8fdb\u5236\u6587\u4ef6\u4e2d\u7684\u5b89\u5168\u95ee\u9898\u3002<\/p>\n\n\n\n<p>\u8be5\u5de5\u5177\u4e0d\u4fdd\u8bc1\u62a5\u544a\u7684\u4efb\u4f55\u6f0f\u6d1e\u786e\u5b9e\u5b58\u5728\u6216\u53ef\u5229\u7528\uff0c\u4e5f\u65e0\u6cd5\u4fdd\u8bc1\u627e\u5230\u6240\u6709\u5b58\u5728\u7684\u6f0f\u6d1e\u3002<\/p>\n\n\n\n<p>\u7528\u6237\u53ef\u4ee5\u5c06\u4f1a\u5ba1\u4fe1\u606f\u6dfb\u52a0\u5230\u62a5\u8868\u4e2d\uff0c\u4ee5\u5c06\u95ee\u9898\u6807\u8bb0\u4e3a\u8bef\u62a5\uff0c\u6307\u793a\u5df2\u901a\u8fc7\u914d\u7f6e\/\u4f7f\u7528\u60c5\u51b5\u66f4\u6539\u6765\u7f13\u89e3\u98ce\u9669\u7b49\u3002<\/p>\n\n\n\n<p>\u5206\u7c7b\u8be6\u7ec6\u4fe1\u606f\u53ef\u4ee5\u5728\u5176\u4ed6\u9879\u76ee\u4e2d\u91cd\u590d\u4f7f\u7528\uff0c\u4f8b\u5982\uff0cLinux \u57fa\u7840\u6620\u50cf\u4e0a\u7684\u5206\u7c7b\u53ef\u4ee5\u5e94\u7528\u4e8e\u4f7f\u7528\u8be5\u6620\u50cf\u7684\u591a\u4e2a\u5bb9\u5668\u3002<\/p>\n\n\n\n<p>\u6709\u5173\u8be5\u5de5\u5177\u7684\u5206\u7c7b\u4fe1\u606f\u7684\u66f4\u591a\u4fe1\u606f\u548c\u7528\u6cd5\uff0c\u8bf7\u67e5\u770b<a href=\"https:\/\/cve-bin-tool.readthedocs.io\/en\/latest\/MANUAL.html#triage-input-file-input-file\">\u6b64\u5904<\/a>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u60a8\u4f7f\u7528\u7684\u662f\u4e8c\u8fdb\u5236\u626b\u63cf\u5668\u529f\u80fd\uff0c\u8bf7\u6ce8\u610f\uff0c\u6211\u4eec\u53ea\u6709\u6709\u9650\u6570\u91cf\u7684\u4e8c\u8fdb\u5236\u68c0\u67e5\u5668\uff08\u89c1\u4e0a\u8868\uff09\uff0c\u56e0\u6b64\u6211\u4eec\u53ea\u80fd\u68c0\u6d4b\u8fd9\u4e9b\u5e93\u3002\u968f\u65f6\u6b22\u8fce\u65b0\u8df3\u68cb\u7684\u8d21\u732e\uff01\u60a8\u8fd8\u53ef\u4ee5\u4f7f\u7528\u5176\u4ed6\u65b9\u6cd5\u6765\u68c0\u6d4b\u7ec4\u4ef6\uff08\u4f8b\u5982\uff0c\u7269\u6599\u6e05\u5355\u5de5\u5177\uff0c\u5982&nbsp;<a href=\"https:\/\/github.com\/tern-tools\/tern\">tern<\/a>\uff09\uff0c\u7136\u540e\u5c06\u751f\u6210\u7684\u5217\u8868\u7528\u4f5c cve-bin-tool \u7684\u8f93\u5165\uff0c\u4ee5\u83b7\u5f97\u66f4\u5168\u9762\u7684\u6f0f\u6d1e\u5217\u8868\u3002<\/p>\n\n\n\n<p>\u8be5\u5de5\u5177\u4f7f\u7528\u6f0f\u6d1e\u6570\u636e\u5e93\u6765\u68c0\u6d4b\u5f53\u524d\u7684\u6f0f\u6d1e\uff0c\u5982\u679c\u6570\u636e\u5e93\u4e0d\u7ecf\u5e38\u66f4\u65b0\uff08\u7279\u522b\u662f\u5982\u679c\u8be5\u5de5\u5177\u5728\u79bb\u7ebf\u6a21\u5f0f\u4e0b\u4f7f\u7528\uff09\uff0c\u8be5\u5de5\u5177\u5c06\u65e0\u6cd5\u68c0\u6d4b\u5230\u4efb\u4f55\u65b0\u53d1\u73b0\u7684\u6f0f\u6d1e\u3002\u56e0\u6b64\uff0c\u5f3a\u70c8\u5efa\u8bae\u4fdd\u6301\u6570\u636e\u5e93\u66f4\u65b0\u3002<\/p>\n\n\n\n<p>\u8be5\u5de5\u5177\u4e0d\u4fdd\u8bc1\u62a5\u544a\u6240\u6709\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u8be5\u5de5\u5177\u53ea\u80fd\u8bbf\u95ee\u6709\u9650\u6570\u91cf\u7684\u516c\u5f00\u53ef\u7528\u7684\u6f0f\u6d1e\u6570\u636e\u5e93\u3002 \u6211\u4eec\u59cb\u7ec8\u6b22\u8fce\u4e3a\u8be5\u5de5\u5177\u5f15\u5165\u65b0\u7684\u6570\u636e\u6e90\u505a\u51fa\u8d21\u732e\u3002<\/p>\n\n\n\n<p>\u867d\u7136\u5bf9\u6f0f\u6d1e\u6570\u636e\u5e93\u4e2d\u7684\u6570\u636e\u6267\u884c\u4e86\u4e00\u4e9b\u9a8c\u8bc1\u68c0\u67e5\uff0c\u4f46\u8be5\u5de5\u5177\u65e0\u6cd5\u65ad\u8a00\u6570\u636e\u7684\u8d28\u91cf\u6216\u7ea0\u6b63\u4efb\u4f55 \u5982\u679c\u6570\u636e\u4e0d\u5b8c\u6574\u6216\u4e0d\u4e00\u81f4\uff0c\u5219\u5b58\u5728\u5dee\u5f02\u3002\u4f8b\u5982\uff0c\u8fd9\u53ef\u80fd\u4f1a\u5bfc\u81f4\u67d0\u4e9b\u6f0f\u6d1e\u62a5\u544a\u7684\u4e25\u91cd\u6027\u62a5\u544a\u4e3a\u201c\u672a\u77e5\u201d\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u53cd\u9988\u548c\u8d21\u732e<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#feedback--contributions\"><\/a><\/p>\n\n\n\n<p>\u53ef\u4ee5\u901a\u8fc7 GitHub \u63d0\u51fa\u9519\u8bef\u548c\u529f\u80fd\u8bf7\u6c42<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/issues\">&nbsp;\u95ee\u9898<\/a>\u3002\u8bf7\u6ce8\u610f\uff0c\u8fd9\u4e9b\u95ee\u9898\u662f \u4e0d\u662f\u79c1\u6709\u7684\uff0c\u6240\u4ee5\u5728\u63d0\u4f9b\u8f93\u51fa\u65f6\u8981\u5c0f\u5fc3\uff0c\u4ee5\u786e\u4fdd\u4f60\u4e0d\u662f \u62ab\u9732\u5176\u4ed6\u4ea7\u54c1\u4e2d\u7684\u5b89\u5168\u95ee\u9898\u3002<\/p>\n\n\n\n<p>\u4e5f\u6b22\u8fce\u901a\u8fc7 git \u63d0\u51fa\u62c9\u53d6\u8bf7\u6c42\u3002<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\u65b0\u8d21\u732e\u8005\u5e94\u9605\u8bfb<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/CONTRIBUTING.md\">\u8d21\u732e\u8005\u6307\u5357<\/a>\u4ee5\u5f00\u59cb\u4f7f\u7528\u3002<\/li>\n\n\n\n<li>\u5df2\u7ecf\u6709\u4e3a\u5f00\u6e90\u9879\u76ee\u505a\u51fa\u8d21\u732e\u7ecf\u9a8c\u7684\u4eba\u53ef\u80fd\u4e0d\u9700\u8981\u5b8c\u6574\u7684\u6307\u5357\uff0c\u4f46\u4ecd\u7136\u5e94\u8be5\u4f7f\u7528<a href=\"https:\/\/github.com\/intel\/cve-bin-tool\/blob\/main\/CONTRIBUTING.md#checklist-for-a-great-pull-request\">\u62c9\u53d6\u8bf7\u6c42\u6e05\u5355<\/a>\u6765\u8ba9\u6bcf\u4e2a\u4eba\u90fd\u80fd\u8f7b\u677e\u5b8c\u6210\u5de5\u4f5c\u3002<\/li>\n<\/ul>\n\n\n\n<p>CVE \u4e8c\u8fdb\u5236\u5de5\u5177\u8d21\u732e\u8005\u88ab\u8981\u6c42\u9075\u5b88&nbsp;<a href=\"https:\/\/www.python.org\/psf\/conduct\/\">Python \u793e\u533a\u884c\u4e3a\u51c6\u5219<\/a>\u3002\u5982\u679c\u60a8\u5bf9\u672c\u884c\u4e3a\u51c6\u5219\u6709\u4efb\u4f55\u7591\u8651\u6216\u7591\u95ee\uff0c\u8bf7\u8054\u7cfb&nbsp;<a href=\"https:\/\/github.com\/terriko\/\">Terri<\/a>\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u5b89\u5168\u95ee\u9898<\/strong><\/h2>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool?tab=readme-ov-file#security-issues\"><\/a><\/p>\n\n\n\n<p>\u5de5\u5177\u672c\u8eab\u7684\u5b89\u5168\u95ee\u9898\u53ef\u4ee5\u62a5\u544a\u7ed9\u82f1\u7279\u5c14\u7684\u5b89\u5168\u90e8\u95e8 \u4e8b\u4ef6\u54cd\u5e94\u56e2\u961f\u901a\u8fc7&nbsp;<a href=\"https:\/\/intel.com\/security\">https:\/\/intel.com\/security<\/a>\u3002<\/p>\n\n\n\n<p>\u5982\u679c\u5728\u4f7f\u7528\u6b64\u5de5\u5177\u7684\u8fc7\u7a0b\u4e2d\uff0c\u60a8\u53d1\u73b0\u67d0\u4eba\u5b58\u5728\u5b89\u5168\u95ee\u9898 \u5176\u4ed6\u4ee3\u7801\uff0c\u8bf7\u8d1f\u8d23\u4efb\u5730\u5411\u76f8\u5173\u65b9\u62ab\u9732\u3002<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u5b8c\u6574\u9009\u9879\u5217\u8868<\/h2>\n\n\n\n<p>\u7528\u6cd5\uff1a<\/p>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \">cve-bin-tool &lt;directory\/file to scan&gt;<\/pre><\/div>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:sh decode:true \" >options:\n  -h, --help            show this help message and exit\n  -e EXCLUDE, --exclude EXCLUDE\n                        Comma separated Exclude directory path\n  -V, --version         show program's version number and exit\n  --disable-version-check\n                        skips checking for a new version\n  --disable-validation-check\n                        skips checking xml files against schema\n  --offline             operate in offline mode\n  --detailed            add CVE description in csv or json report (no effect on console, html or pdf)\n\nCVE Data Download:\n  Arguments related to data sources and Cache Configuration\n\n  -n {api,api2,json,json-mirror,json-nvd}, --nvd {api,api2,json,json-mirror,json-nvd}\n                        choose method for getting CVE lists from NVD\n  -u {now,daily,never,latest}, --update {now,daily,never,latest}\n                        update schedule for data sources and exploits database (default: daily)\n  --nvd-api-key NVD_API_KEY\n                        Specify NVD API key (used to improve NVD rate limit).\n                        Set to `no` to ignore any keys in the environment.\n  -d DISABLE_DATA_SOURCE, --disable-data-source DISABLE_DATA_SOURCE\n                        comma-separated list of data sources (CURL, EPSS, GAD, NVD, OSV, REDHAT, RSD) to disable (default: NONE) \n\n  --use-mirror USE_MIRROR\n                        use an mirror to update the database\n\nInput:\n  directory             directory to scan\n  -i INPUT_FILE, --input-file INPUT_FILE\n                        provide input filename\n  --triage-input-file TRIAGE_INPUT_FILE\n                        provide input filename for triage data\n  -C CONFIG, --config CONFIG\n                        provide config file\n  -L PACKAGE_LIST, --package-list PACKAGE_LIST\n                        provide package list\n  --sbom {spdx,cyclonedx,swid}\n                        specify type of software bill of materials (sbom) (default: spdx)\n  --sbom-file SBOM_FILE\n                        provide sbom filename\n\nOutput:\n  -q, --quiet           suppress output\n  -l {debug,info,warning,error,critical}, --log {debug,info,warning,error,critical}\n                        log level (default: info)\n  -o OUTPUT_FILE, --output-file OUTPUT_FILE\n                        provide output filename (default: output to stdout)\n  --html-theme HTML_THEME\n                        provide custom theme directory for HTML Report\n  -f {csv,json,console,html,pdf}, --format {csv,json,console,html,pdf}\n                        update output format (default: console)\n                        specify multiple output formats by using comma (',') as a separator\n                        note: don't use spaces between comma (',') and the output formats.\n  --generate-config {yaml,toml,yaml,toml,toml,yaml}\n                        generate config file for cve bin tool in toml and yaml formats.\n  -c CVSS, --cvss CVSS  minimum CVSS score (as integer in range 0 to 10) to report (default: 0)\n  -S {low,medium,high,critical}, --severity {low,medium,high,critical}\n                        minimum CVE severity to report (default: low)\n  --metrics             \n                        check for metrics (e.g., EPSS) from found cves\n  --epss-percentile EPSS_PERCENTILE\n                        minimum epss percentile of CVE range between 0 to 100 to report\n  --epss-probability EPSS_PROBABILITY\n                        minimum epss probability of CVE range between 0 to 100 to report\n  --no-0-cve-report     only produce report when CVEs are found\n  -A [-], --available-fix [-]\n                        Lists available fixes of the package from Linux distribution\n  -b [-], --backport-fix [-]\n                        Lists backported fixes if available from Linux distribution\n  --affected-versions   Lists versions of product affected by a given CVE (to facilitate upgrades)\n  --vex VEX             Provide vulnerability exchange (vex) filename\n  --sbom-output SBOM_OUTPUT\n                        provide software bill of materials (sbom) filename to generate\n  --sbom-type {spdx,cyclonedx}\n                        specify type of software bill of materials (sbom) to generate (default: spdx)\n  --sbom-format {tag,json,yaml}\n                        specify format of software bill of materials (sbom) to generate (default: tag)\n\nMerge Report:\n  Arguments related to Intermediate and Merged Reports\n\n  -a [APPEND], --append [APPEND]\n                        save output as intermediate report in json format\n  -t TAG, --tag TAG     add a unique tag to differentiate between multiple intermediate reports\n  -m MERGE, --merge MERGE\n                        comma separated intermediate reports path for merging\n  -F FILTER, --filter FILTER\n                        comma separated tag string for filtering intermediate reports\n\nCheckers:\n  -s SKIPS, --skips SKIPS\n                        comma-separated list of checkers to disable\n  -r RUNS, --runs RUNS  comma-separated list of checkers to enable\n\nDatabase Management:\n  --import-json IMPORT_JSON\n                        import database from json files chopped by years\n  --ignore-sig          do not verify PGP signature while importing json data\n  --log-signature-error\n                        when the signature doesn't match log the error only instead of halting (UNSAFE)\n  --verify PGP_PUBKEY_PATH\n                        verify PGP sign while importing json files\n  --export-json EXPORT_JSON\n                        export database as json files chopped by years\n  --pgp-sign PGP_PRIVATE_KEY_PATH\n                        sign exported json files with PGP\n  --passphrase PASSPHRASE\n                        required passphrase for signing with PGP\n  --export EXPORT       export database filename\n  --import IMPORT       import database filename\n\nExploits:\n  --exploits            check for exploits from found cves\n\nDeprecated:\n  -x, --extract         autoextract compressed files\n  --report              Produces a report even if there are no CVE for the respective output format<\/pre><\/div>\n\n\n\n<p>\u6709\u5173\u6240\u6709\u8fd9\u4e9b\u9009\u9879\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605&nbsp;<a href=\"https:\/\/cve-bin-tool.readthedocs.io\/en\/latest\/MANUAL.html\">CVE \u4e8c\u8fdb\u5236\u5de5\u5177\u7528\u6237\u624b\u518c<\/a>\u3002<\/p>\n\n\n\n<p>\u53c2\u8003\u94fe\u63a5\uff1a<\/p>\n\n\n\n<p><a href=\"https:\/\/github.com\/intel\/cve-bin-tool\">https:\/\/github.com\/intel\/cve-bin-tool<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u66f4\u65b0<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:python decode:true \" >cve-bin-tool --update now --nvd-api-key xxxx<\/pre><\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>\u6d4b\u8bd5<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-urvanov-syntax-highlighter-code-block\"><pre class=\"lang:sh decode:true \" >cve-bin-tool test --nvd-api-key xxxx\n[11:16:18] INFO     cve_bin_tool - CVE Binary Tool v3.3                                                                                                                                                              cli.py:571\n           INFO     cve_bin_tool - This product uses the NVD API but is not endorsed or certified by the NVD.                                                                                                        cli.py:572\n           INFO     cve_bin_tool.CVEDB - Using cached CVE data (&lt;24h old). Use -u now to update immediately.                                                                                                       cvedb.py:285\n[11:16:19] INFO     cve_bin_tool.CVEDB - There are 387734 CVE entries in the database                                                                                                                              cvedb.py:362\n           INFO     cve_bin_tool.CVEDB - There are 242000 CVE entries from NVD in the database                                                                                                                     cvedb.py:364\n           INFO     cve_bin_tool.CVEDB - There are 107302 CVE entries from OSV in the database                                                                                                                     cvedb.py:364\n           INFO     cve_bin_tool.CVEDB - There are 20543 CVE entries from GAD in the database                                                                                                                      cvedb.py:364\n           INFO     cve_bin_tool.CVEDB - There are 17889 CVE entries from REDHAT in the database                                                                                                                   cvedb.py:364\n           INFO     cve_bin_tool - CVE database contains CVEs from National Vulnerability Database (NVD), Open Source Vulnerability Database (OSV), Gitlab Advisory Database (GAD) and RedHat                        cli.py:832\n           INFO     cve_bin_tool - CVE database last updated on 13 June 2024 at 10:51:49                                                                                                                             cli.py:835\n           INFO     cve_bin_tool - Number of checkers: 359                                                                                                                                                          cli.py:1019\n           INFO     cve_bin_tool.VersionScanner - Checkers: accountsservice, acpid, apache_http_server, apcupsd, apparmor, asn1c, assimp, asterisk, atftp, avahi, axel, bash, bind, binutils, bird,      version_scanner.py:113\n                    bison, bluez, boinc, botan, bro, bubblewrap, busybox, bwm_ng, bzip2, c_ares, capnproto, ceph, chess, chrony, civetweb, clamav, collectd, commons_compress, connman, coreutils, cpio,\n                    cronie, cryptsetup, cups, curl, cvs, darkhttpd, dav1d, davfs2, dbus, debianutils, dhclient, dhcpcd, dhcpd, dmidecode, dnsmasq, docker, domoticz, dosfstools, dotnet, dovecot,\n                    doxygen, dpkg, dropbear, e2fsprogs, ed, elfutils, emacs, enscript, exfatprogs, exim, exiv2, f2fs_tools, faad2, fastd, ffmpeg, file, firefox, flac, fluidsynth, freeradius, freerdp,\n                    fribidi, frr, gawk, gcc, gdal, gdb, gdk_pixbuf, gimp, git, glib, glibc, gmp, gnomeshell, gnupg, gnutls, go, gpgme, gpsd, graphicsmagick, grep, grub2, gstreamer, gupnp, gvfs, gzip,\n                    haproxy, harfbuzz, haserl, hdf5, heimdal, hostapd, hunspell, hwloc, i2pd, icecast, icu, iperf3, ipmitool, ipsec_tools, iptables, irssi, iucode_tool, iwd, jack2, jacksondatabind,\n                    janus, jhead, jq, json_c, kbd, keepalived, kerberos, kexectools, kodi, kubernetes, ldns, lftp, libarchive, libass, libbpg, libcoap, libconfuse, libcurl, libdb, libde265, libebml,\n                    libevent, libexpat, libgcrypt, libgd, libgit2, libheif, libical, libidn2, libinput, libjpeg, libjpeg_turbo, libksba, liblas, libmatroska, libmemcached, libmicrohttpd, libmodbus,\n                    libnss, libpcap, libraw, librsvg, librsync, libsamplerate, libseccomp, libsndfile, libsolv, libsoup, libsrtp, libssh, libssh2, libtasn1, libtiff, libtomcrypt, libupnp, libuv,\n                    libvips, libvirt, libvncserver, libvorbis, libvpx, libxslt, lighttpd, linux_kernel, lldpd, logrotate, lrzip, lua, luajit, lxc, lynx, lz4, mailx, mariadb, mbedtls, mdadm, memcached,\n                    micropython, minetest, mini_httpd, minicom, minidlna, miniupnpc, miniupnpd, moby, modsecurity, monit, mosquitto, motion, mpg123, mpv, msmtp, mtr, mupdf, mutt, mysql, nano, nasm,\n                    nbd, ncurses, neon, nessus, netatalk, netdata, netkit_ftp, netpbm, nettle, nghttp2, nginx, ngircd, nmap, node, ntfs_3g, ntp, ntpsec, open_iscsi, open_vm_tools, openafs, opencv,\n                    openjpeg, openldap, opensc, openssh, openssl, openswan, openvpn, p7zip, pango, patch, pcre, pcre2, pcsc_lite, perl, php, picocom, pigz, pixman, png, polarssl_fedora, poppler,\n                    postgresql, ppp, privoxy, procps_ng, proftpd, protobuf_c, pspp, pure_ftpd, putty, python, qemu, qpdf, qt, quagga, radare2, radvd, raptor, rauc, rdesktop, readline, rpm, rsync,\n                    rsyslog, rtl_433, rtmpdump, runc, rust, samba, sane_backends, sdl, seahorse, shadowsocks_libev, snapd, sngrep, snort, socat, sofia_sip, speex, spice, sqlite, squashfs, squid, sslh,\n                    stellarium, strongswan, stunnel, subversion, sudo, suricata, sylpheed, syslogng, sysstat, systemd, tar, tcpdump, tcpreplay, terminology, tesseract, thrift, thttpd, thunderbird,\n                    timescaledb, tinyproxy, tor, tpm2_tss, traceroute, transmission, trousers, twonky_server, u_boot, udisks, unbound, unixodbc, upx, util_linux, varnish, vim, vlc, vorbis_tools,\n                    vsftpd, webkitgtk, wget, wireshark, wolfssl, wpa_supplicant, xerces, xml2, xscreensaver, xwayland, yasm, zabbix, zchunk, zeek, zlib, znc, zsh, zstandard\n           INFO     cve_bin_tool - Number of language checkers: 11                                                                                                                                                  cli.py:1024\n           INFO     cve_bin_tool.VersionScanner - Language Checkers: Dart, Go, Java, Javascript, Perl, Php, Python, R, Ruby, Rust, Swift                                                                 version_scanner.py:138\n           INFO     cve_bin_tool.CVEScanner - 5 CVE(s) in gnu.gcc version 4.8.5                                                                                                                              cve_scanner.py:285\n           INFO     cve_bin_tool - Overall CVE summary:                                                                                                                                                             cli.py:1059\n           INFO     cve_bin_tool - There are 1 products with known CVEs detected                                                                                                                                    cli.py:1060\n           INFO     cve_bin_tool - Known CVEs in ('gnu.gcc', '4.8.5'):                                                                                                                                              cli.py:1071\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503                                                                                                CVE BINARY TOOL version: 3.3                                                                                                 \u2503\n\u2517\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u251b\n\n \u2022 Report Generated: 2024-06-13  11:16:19\n \u2022 Time of last update of CVE Data: 2024-06-13  10:51:49\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 CVE SUMMARY \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Severity \u2503 Count \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 CRITICAL \u2502 0     \u2502\n\u2502 HIGH     \u2502 3     \u2502\n\u2502 MEDIUM   \u2502 1     \u2502\n\u2502 LOW      \u2502 0     \u2502\n\u2502 UNKNOWN  \u2502 1     \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502 CPE SUMMARY \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Vendor \u2503 Product \u2503 Version \u2503 Latest Upstream Stable Version \u2503 CRITICAL CVEs Count \u2503 HIGH CVEs Count \u2503 MEDIUM CVEs Count \u2503 LOW CVEs Count \u2503 UNKNOWN CVEs Count \u2503 TOTAL CVEs Count \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 14.1.0                         \u2502 0                   \u2502 3               \u2502 1                 \u2502 0              \u2502 1                  \u2502 5                \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502  NewFound CVEs  \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Vendor \u2503 Product \u2503 Version \u2503 CVE Number     \u2503 Source \u2503 Severity \u2503 Score (CVSS Version) \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 CVE-2015-5276  \u2502 NVD    \u2502 UNKNOWN  \u2502 5 (v2)               \u2502\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 CVE-2018-12886 \u2502 NVD    \u2502 HIGH     \u2502 8.1 (v3)             \u2502\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 CVE-2019-15847 \u2502 NVD    \u2502 HIGH     \u2502 7.5 (v3)             \u2502\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 CVE-2021-37322 \u2502 NVD    \u2502 HIGH     \u2502 7.8 (v3)             \u2502\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 CVE-2023-4039  \u2502 NVD    \u2502 MEDIUM   \u2502 4.8 (v3)             \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Vendor \u2503 Product \u2503 Version \u2503 Root                 \u2503 Filename \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2502 gnu    \u2502 gcc     \u2502 4.8.5   \u2502 \/mnt\/d\/VA\/intel\/test \u2502 cli      \u2502\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n\u256d\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256e\n\u2502  Products with No Identified Vulnerabilities  \u2502\n\u2570\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u256f\n\u250f\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2533\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2513\n\u2503 Vendor \u2503 Product \u2503 Version \u2503\n\u2521\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2547\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2529\n\u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2534\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518\n<\/pre><\/div>\n","protected":false},"excerpt":{"rendered":"<p>CCVE \u4e8c\u8fdb\u5236\u5de5\u5177\u662f\u4e00\u4e2a\u514d\u8d39\u7684\u5f00\u6e90\u5de5\u5177\uff0c\u53ef\u5e2e\u52a9\u60a8\u67e5\u627e\u8f6f\u4ef6\u4e2d\u7684\u5df2\u77e5\u6f0f\u6d1e\uff0c\u4f7f\u7528\u6765\u81ea\u56fd\u5bb6\u6f0f\u6d1e\u6570\u636e\u5e93&nbsp;\uff08N [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[43],"tags":[493,494],"class_list":["post-4145","post","type-post","status-publish","format-standard","hentry","category-infoarticle","tag-cve","tag-cve-bin-tool"],"views":5385,"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4145","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4145"}],"version-history":[{"count":8,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4145\/revisions"}],"predecessor-version":[{"id":4156,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=\/wp\/v2\/posts\/4145\/revisions\/4156"}],"wp:attachment":[{"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4145"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4145"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aqwu.net\/wp\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4145"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}