Explanation of terms used in Secunia Advisories.
A CVE represents a unique, standardised name and description for a given vulnerability or exposure.
The CVE list is maintained by The Mitre Corporation.
Read more about CVE here.
Secunia is committed to ensuring timely CVE data is appropriately and accurately matched with the verified Secunia Vulnerability Intelligence provided in our Advisories. The CVE list is monitored regularly as an integrated part of our Vulnerability Intelligence gathering. Updates and verification of mapping accuracy are part of regular and continuous processes.
Wherever a CVE reference matches a Secunia Advisory, the CVE reference is included in the advisory report, and further, is linked to a page with description and additional information from CVE Mitre.
CPE is a structured naming scheme for information technology systems, platforms, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a language for describing complex platforms, a method for checking names against a system, and a description format for binding text and tests to a name.
The CPE Dictionary is hosted and maintained by the National Institute for Standards and Technology (NIST) as part of the National Vulnerability Database (NVD) program. NIST is responsible for ensuring that the CPE Dictionary conforms to the CPE Specification (currently at version 2.2), and for managing the content review and quality assurance processes.
Secunia is committed to ensuring an accurate mapping between the official CPE dictionary and products referenced in the verified Secunia Vulnerability Intelligence provided in our Advisories. Updates and verification of mapping accuracy are part of regular and continuous processes.
Wherever a product referenced in a Secunia Advisory has a CPE entry in the official dictionary, that CPE reference is included in the advisory report. Any products referenced in an advisory that do not have an official CPE id are given with only their product name. Only official CPE ids (where relevant) are used throughout Secunia Advisories.
See the Mitre CPE page for more information and the specifications on CPE. Find the official dictionary at NIST
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.
CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score. The Base group represents the intrinsic qualities of a vulnerability. The Temporal group reflects the characteristics of a vulnerability that change over time. The Environmental group represents the characteristics of a vulnerability that are unique to any user's environment. For details on interpreting a CVSS vector, please see: http://www.first.org/cvss/cvss-guide.html
Secunia Advisories include a Secunia derived CVSS score and vector, as well as link to an implementation of the NIST CVSS calculator so a user can adjust temporal and environmental metrics. The The National Vulnerability Database (NVD) CVSS score/vector for each relevant CVE contained in an Advisory is also shown, and similarly linked to the NIST CVSS calculator.
From local system
"From local system" describes vulnerabilities where the attack vector requires that the attacker is a local user on the system.
From local network
"From local network" describes vulnerabilities where the attack vector requires that an attacker is situated on the same network as a vulnerable system (not necessarily a LAN).
This category covers vulnerabilities in certain services (e.g. DHCP, RPC, administrative services) that should not be accessible from the Internet, but only from a local network and optionally a restricted set of external systems.
"From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network.
This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
Extremely Critical (5 of 5)
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild.
These vulnerabilities can exist in services like FTP, HTTP, and SMTP or in certain client systems like email programs or browsers.
Highly Critical (4 of 5)
Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure.
Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.
Moderately Critical (3 of 5)
Typically used for remotely exploitable Denial of Service vulnerabilities against services like FTP, HTTP, and SMTP, and for vulnerabilities that allow system compromises but require user interaction.
This rating is also used for vulnerabilities allowing system compromise on LANs in services like SMB, RPC, NFS, LPD and similar services that are not intended for use over the Internet.
Less Critical (2 of 5)
Typically used for cross-site scripting vulnerabilities and privilege escalation vulnerabilities.
This rating is also used for vulnerabilities allowing exposure of sensitive data to local users.
Not Critical (1 of 5)
Typically used for very limited privilege escalation vulnerabilities and locally exploitable Denial of Service vulnerabilities.
This rating is also used for non-sensitive system information disclosure vulnerabilities (e.g. remote disclosure of installation path of applications).
Used in cases where an application or algorithm allows an attacker to guess passwords in an easy manner.
Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.
Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".
Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
DoS (Denial of Service)
This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system.
Exposure of sensitive information
Vulnerabilities where documents or credentials are leaked or can be revealed either locally or from remote.
Exposure of system information
Vulnerabilities where excessive information about the system (e.g. version numbers, running services, installation paths, and similar) are exposed and can be revealed from remote and in some cases locally.
This covers vulnerabilities where a user session or a communication channel can be taken over by other users or remote attackers.
Manipulation of data
This includes vulnerabilities where a user or a remote attacker can manipulate local data on a system, but not necessarily be able to gain escalated privileges or system access.
The most frequent type of vulnerabilities with this impact are SQL-injection vulnerabilities, where a malicious user or person can manipulate SQL queries.
This covers vulnerabilities where a user is able to conduct certain tasks with the privileges of other users or administrative users.
This typically includes cases where a local user on a client or server system can gain access to the administrator or root account thus taking full control of the system.
This covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application.
The actual impact varies significantly depending on the design and purpose of the affected application.
This covers various vulnerabilities where it is possible for malicious users or people to impersonate other users or systems.
This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Covers various weaknesses, security issues, and vulnerabilities not covered by the other impact types, or where the impact isn't known due to insufficient information from vendors and researchers.
Other frequently used terms
The term "users" generally refers to authenticated users to the operating system or the application affected. This includes anonymous users when talking about FTP and similar.
The term "people" generally refers to people who are able to make network connections but who aren't authenticated.