I need your help as I am stuck on a huge problem.
I have many projects running on different devices, each using RedHat. However, each RedHat doesn't have the same packages from one to another, simply because it depends on the needs of the project running on it.
Now my problem is : I need to know if, based on packages names of a RedHat installation, the project has vulnerabilities (CVEs).
An easier way to say it would be : Does a link between package name and CPE exist ?
Because if such a link exists, it would be "easy" to link packages to CPEs and finally CPEs to CVEs.
What would you do or recommend ?
I'm really getting headaches of that...
Many thanks !