CVE
Common Vulnerabilities and Exposures (CVE) IDs are a unique identifiers given to security flaws. The CVE FAQ describes it best. CVE has be come a de facto standard for identifying vulnerabilities and security flaws.
A1. What is CVE?
CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate
vulnerability capabilities (tools, repositories, and services) with this "common enumeration."
Obtaining a CVE id
CVE monitors common vulnerability disclosure sources and assigns CVEs as new vulnerabilities are reported. To obtain a CVE before public disclosure, contact CVE or another CVE Numbering Authority (CNA). CVE IDs for publicly-disclosed vulnerabilities in Open Source software are best obtained by posting a request to the oss-security mailing list.
See also:
Required
Email address of requester (so we can contact them)
Software name and optionally vendor name
At least one of (to determine is this a security issue):
Type of vulnerability
Exploitation vectors
Attack outcome
For Open Source at least one of:
Link to vulnerable source code or fix
Link to source code change log
Link to security advisory
Link to bug entry
Request comes from project member (a.k.a. “trust me, it's a problem”)
Affected version(s) (3.2.4, 3.x, current version, all current releases, something)
Whether or not this has been previously requested (i.e. on
OSS-Sec or to cve-assign)
Is this an Open Source or commercial software request
Is this an embargoed issue (if yes and commercial: send to cve-assign, if yes and open source: send to distros@?)
If multiple issues are listed please list affected versions for each issue and/or who reported them (so we can determine CVE split/merge).
REQUESTED
More of the above information of course
Software version(s) fixed (if available)
For closed source any of the information from “For Open Source at least one of:”
Any additional information
