Vulnonym.org

▀█░█▀ █░░█ █░░ █▀▀▄ █▀▀█ █▀▀▄ █░░█ █▀▄▀█
░█▄█░ █░░█ █░░ █░░█ █░░█ █░░█ █▄▄█ █░▀░█
░░▀░░ ░▀▀▀ ▀▀▀ ▀░░▀ ▀▀▀▀ ▀░░▀ ▄▄▄█ ▀░░░▀

Search by CVE ID, year or name


    More Information

    This site was created due to the arguable failure of CERT/CC’s vulnonym project. The original intention of the project was to create predictable and memorable names for CVE IDs with the form adjective noun. These were specifically chosen so as to remove any fear, uncertainty and doubt caused by allowing researchers to choose their own names like Heartbleed and Eternal Blue. This however was not accepted by the cybersecurity community as a whole, with the scary and offensive names removed it still produced some great names like “Terrible Meteor”, “Quick Squirt”, “Hulking Rod” and “Crowded Beaver”. While I found these amusing, the principle of being unoffensive was clearly missed, so I decided to create this, a deliberately offensive and unapologetic algorithm for determining unique names from CVE IDs.


    The Wordlist

    Yes, it’s offensive, and somewhat deliberately. I have not made any effort to trim words that may be scary, sexual or otherwise adult in nature, so be warned. A great source of words came from forum and website blocklists, like the offensive wordlist from Carnegie Mellon University here. I paired this with open source dictionaries of unoffensive words (particularly adjectives) and randomised the order of the lists. I don’t expect all of these to make sense, it’s all just a bit of fun.


    The Algorithm

    Just like CERT/CC, I’ve gone with the Cantor Pairing Function with a few modifications

    As an example, for CVE-2019-7725

    ((x+y+1)(x+y))/2+y 
    

    where

    x =  2019
    y = 7725
    result = 47485365
    
    we then take the substring of 47 and 365 and concatenate to 47365
    

    and

    x = 7725
    y = 2019
    result = 47479659
    after concatenating substrings we get 47659
    

    In the case where the returned result is 0, we generate a random number smaller than the max of the wordlist.

    We then select the words 47365 and 47659 from their respective lists


    Vulnonym.org has no affiliation or relation to CERT/CC, NIST or any other related bodies. This website is purely for entertainment purposes only and means to cause no offense to the original authors.

    From Mitre CVE Terms of Use

    MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

    From NIST NVD

    All NVD data is freely available from our XML Data Feeds. There are no fees, licensing restrictions, or even a requirement to register. All NIST publications are available in the public domain according to Title 17 of the United States Code. Acknowledgment of the NVD when using our information is appreciated. In addition, please email [email protected] to let us know how the information is being used.