Practice vocabulary for CVE publication: NVD listings, CVSS scores, affected version ranges, fix versions, and vendor advisories.
0 / 5 completed
1 / 5
The US government database where CVE records are officially published and searchable is called:
The CVE is published in the NVD (National Vulnerability Database) — operated by NIST, it is the authoritative source for CVE details and CVSS scores.
2 / 5
A score of 9.8 on the standard vulnerability severity scale indicates the vulnerability is:
The CVSS base score is 9.8 (Critical) — CVSS scores range from 0-10, with 9.0-10.0 being Critical. Score 9.8 typically indicates network-exploitable RCE or similar.
3 / 5
When describing which software versions are affected by a CVE, you would say:
The vulnerability affects versions X.X through Y.Y — specifying exact version ranges is critical for operators to assess their exposure.
4 / 5
When informing users which version they should upgrade to in order to be protected, you say:
The fix is available in version Z.Z — this precise phrasing tells users exactly which version to install to remediate the vulnerability.
5 / 5
When the vendor publishes their own security notice at the same time the CVE goes public, it is described as:
The vendor advisory was published simultaneously — coordinating the vendor advisory with CVE publication prevents confusion and ensures users get complete context.