...
In practice, The National Vulnerability Database (NVD) is a database of most publicly-known security vulnerabilities, and the CVE IDs are used as globally-unique tracking numbers.
...
CVE IDs are assigned to specific vulnerabilities that occur in software. Effectively, this is used as a globally-unique tracking ID for the vulnerability in question. When security researchers are discussing vulnerabilities in a particular version of a software product, it is much more clear to refer to the vulnerability by the CVE ID than by the name and version of the software. Many private sector and government entities also make use of CVE IDs for tracking vulnerability information. Most vulnerability scanning tools also make use of CVE ID's.
...
In all cases, when requesting a CVE ID, you should include information about the vulnerability and which products and versions are affected. For more information on how to report vulnerabilities and what information to include in your report, see our Guidelines for Requesting Coordination Assistance.
How do I get a CVE
...
dictionary entry updated?
There are two major CVE databases:
...
Others have written about the CVE process. For example, you may consult the following for more information: