diff --git a/oval/debian.go b/oval/debian.go
index e7e05523..cd07d0ac 100644
--- a/oval/debian.go
+++ b/oval/debian.go
@@ -28,15 +28,37 @@ type DebianBase struct {
 	Base
 }
 
-// fillFromOvalDB returns scan result after updating CVE info by OVAL
-func (o DebianBase) fillFromOvalDB(r *models.ScanResult) error {
-	defs, err := getDefsByPackNameFromOvalDB(o.family, r.Release, r.Packages)
-	if err != nil {
-		return err
+// FillWithOval returns scan result after updating CVE info by OVAL
+func (o DebianBase) FillWithOval(r *models.ScanResult) (err error) {
+	var defs []ovalmodels.Definition
+	if o.isFetchViaHTTP() {
+		if defs, err = getDefsByPackNameViaHTTP(r); err != nil {
+			return err
+		}
+	} else {
+		if defs, err = getDefsByPackNameFromOvalDB(o.family, r.Release, r.Packages); err != nil {
+			return err
+		}
 	}
+
 	for _, def := range defs {
 		o.update(r, &def)
 	}
+
+	for _, vuln := range r.ScannedCves {
+		switch models.NewCveContentType(o.family) {
+		case models.Debian:
+			if cont, ok := vuln.CveContents[models.Debian]; ok {
+				cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
+				vuln.CveContents[models.Debian] = cont
+			}
+		case models.Ubuntu:
+			if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
+				cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
+				vuln.CveContents[models.Ubuntu] = cont
+			}
+		}
+	}
 	return nil
 }
 
@@ -105,32 +127,6 @@ func NewDebian() Debian {
 	}
 }
 
-// FillWithOval returns scan result after updating CVE info by OVAL
-func (o Debian) FillWithOval(r *models.ScanResult) error {
-	if o.isFetchViaHTTP() {
-		defs, err := getDefsByPackNameViaHTTP(r)
-		if err != nil {
-			return err
-		}
-		for _, def := range defs {
-			o.update(r, &def)
-		}
-	} else {
-		if err := o.fillFromOvalDB(r); err != nil {
-			return err
-		}
-	}
-
-	// TODO merge to VulnInfo.VendorLinks
-	for _, vuln := range r.ScannedCves {
-		if cont, ok := vuln.CveContents[models.Debian]; ok {
-			cont.SourceLink = "https://security-tracker.debian.org/tracker/" + cont.CveID
-			vuln.CveContents[models.Debian] = cont
-		}
-	}
-	return nil
-}
-
 // Ubuntu is the interface for Debian OVAL
 type Ubuntu struct {
 	DebianBase
@@ -146,29 +142,3 @@ func NewUbuntu() Ubuntu {
 		},
 	}
 }
-
-// FillWithOval returns scan result after updating CVE info by OVAL
-func (o Ubuntu) FillWithOval(r *models.ScanResult) error {
-	if o.isFetchViaHTTP() {
-		defs, err := getDefsByPackNameViaHTTP(r)
-		if err != nil {
-			return err
-		}
-		for _, def := range defs {
-			o.update(r, &def)
-		}
-	} else {
-		if err := o.fillFromOvalDB(r); err != nil {
-			return err
-		}
-	}
-
-	// TODO merge to VulnInfo.VendorLinks
-	for _, vuln := range r.ScannedCves {
-		if cont, ok := vuln.CveContents[models.Ubuntu]; ok {
-			cont.SourceLink = "http://people.ubuntu.com/~ubuntu-security/cve/" + cont.CveID
-			vuln.CveContents[models.Ubuntu] = cont
-		}
-	}
-	return nil
-}
diff --git a/oval/redhat.go b/oval/redhat.go
index 2541c3cb..46e8153c 100644
--- a/oval/redhat.go
+++ b/oval/redhat.go
@@ -34,49 +34,41 @@ type RedHatBase struct {
 }
 
 // FillWithOval returns scan result after updating CVE info by OVAL
-func (o RedHatBase) FillWithOval(r *models.ScanResult) error {
+func (o RedHatBase) FillWithOval(r *models.ScanResult) (err error) {
+	var defs []ovalmodels.Definition
 	if o.isFetchViaHTTP() {
-		defs, err := getDefsByPackNameViaHTTP(r)
-		if err != nil {
+		if defs, err = getDefsByPackNameViaHTTP(r); err != nil {
 			return err
 		}
-		for _, def := range defs {
-			o.update(r, &def)
-		}
 	} else {
-		if err := o.fillFromOvalDB(r); err != nil {
+		if defs, err = getDefsByPackNameFromOvalDB(
+			o.family, r.Release, r.Packages); err != nil {
 			return err
 		}
 	}
 
+	for _, def := range defs {
+		o.update(r, &def)
+	}
+
 	// TODO merge to VulnInfo.VendorLinks
 	for _, vuln := range r.ScannedCves {
 		switch models.NewCveContentType(o.family) {
 		case models.RedHat:
 			if cont, ok := vuln.CveContents[models.RedHat]; ok {
 				cont.SourceLink = "https://access.redhat.com/security/cve/" + cont.CveID
+				vuln.CveContents[models.RedHat] = cont
 			}
 		case models.Oracle:
 			if cont, ok := vuln.CveContents[models.Oracle]; ok {
 				cont.SourceLink = fmt.Sprintf("https://linux.oracle.com/cve/%s.html", cont.CveID)
+				vuln.CveContents[models.Oracle] = cont
 			}
 		}
 	}
 	return nil
 }
 
-// fillFromOvalDB returns scan result after updating CVE info by OVAL
-func (o RedHatBase) fillFromOvalDB(r *models.ScanResult) error {
-	defs, err := getDefsByPackNameFromOvalDB(o.family, r.Release, r.Packages)
-	if err != nil {
-		return err
-	}
-	for _, def := range defs {
-		o.update(r, &def)
-	}
-	return nil
-}
-
 func (o RedHatBase) update(r *models.ScanResult, definition *ovalmodels.Definition) {
 	ctype := models.NewCveContentType(o.family)
 	for _, cve := range definition.Advisory.Cves {