<!--	NVD XML Feed DTD
	This DTD defines National Vulnerability Database XML feed files.
	NVD XML Version: 1.1

	For a more complete definition of the NVD XML feed files, use the NVD Schema
	
	This file is kept at http://nvd.nist.gov/download/nvdcve.dtd
	accompanying schema at http://nvd.nist.gov/download/nvdcve.xsd
	NVD XML feeds and further documentation are available at http://nvd.nist.gov/download.cfm
		
	CVSS Scores and Vectors:
	Common Vulnerability Scoring System scores and vectors are now included in the NVD XML feed.
	Please see http://nvd.nist.gov/cvss.cfm?vectorinfo and http://www.first.org/cvss/cvss-guide.html
	for more information on how to interpret these data.
-->

<!ELEMENT nvd (entry*)>
<!ATTLIST nvd nvd_xml_version 			NMTOKEN	#REQUIRED
		  pub_date    				NMTOKEN	#REQUIRED
		  xmlns:xlink				CDATA		#FIXED	"http://www.w3.org/1999/xlink"
		  xmlns:xsi					CDATA		#FIXED	"http://www.w3.org/2001/XMLSchema-instance"
		  xsi:noNamespaceSchemaLocation	CDATA		#REQUIRED
>
<!--	Root element.  Contains only "entry" child elements.
	Attributes for this element describe the version of the XML feed being read.
	Attributes:
	"nvd_xml_version" (required) => the schema and DTD version number currently supported by this document
	"pub_date" (required) => the date this document was compiled
-->

<!ELEMENT entry (desc, impacts?, sols?, loss_types?, vuln_types?, range?, refs, vuln_soft?)>
<!ATTLIST entry	type		(CAN|CVE)		#REQUIRED
		 	name		ID			#REQUIRED
		 	seq		NMTOKEN		#REQUIRED
			nvd_name	NMTOKEN		#IMPLIED
			discovered	NMTOKEN		#IMPLIED
			published	NMTOKEN		#REQUIRED
			modified	NMTOKEN		#IMPLIED
			severity	(High|Medium|Low)	#IMPLIED
			reject	(1)			#IMPLIED
			CVSS_score	NMTOKEN		#IMPLIED
			CVSS_vector	CDATA			#IMPLIED
>
<!--	Documents one CVE entry.  The child elements should always appear
	in the sequence defined below.  These elements are compatible with
	entry elements from the CVE XML feeds.
	Attributes:
	"type" (required) => CVE or CAN
	"name" (required) => full CVE name
	"seq" (required) => sequence number from CVE name
	"nvd_name" => NVD name (if it exists)
	"discovered" => date discovered
	"published" (required) => date published
	"modified" => date modified
	"severity" => severity as determined by NVD analysts: High, Medium, or Low
	"reject" => indicates that this CVE entry has been rejected by CVE or NVD
	"CVSS_score" => CVSS Severity Score
	"CVSS_vector" => CVSS Base Vector
-->

<!ELEMENT desc (descript*)>
<!--	Description wrapper tag, parent to any documented descriptions of this CVE entry.
	While the "desc" tag will always be present, there may be no "descript" child tags.
	Only one "descript" tag will exist for each description source (i.e. CVE, NVD, ...).
-->

<!ELEMENT descript (#PCDATA)>
<!ATTLIST descript	source	(cve|nvd)	#REQUIRED
>
<!--	Contains a specific description of this CVE entry from source
	indicated by the "source" attribute.
-->

<!ELEMENT impacts (impact+)>
<!--	Impact wrapper tag (may or may not be present).  Only one "impact" tag will exist
	for each impact explanation source.
-->

<!ELEMENT impact (#PCDATA)>
<!ATTLIST impact	source	(nvd)	#REQUIRED
>
<!--	Contains a specific impact explanation of this CVE entry from
	source indicated by the "source" attribute.
-->

<!ELEMENT sols (sol+)>
<!--	Solution wrapper tag (may or may not be present).  Only one "sol" tag will exist
	for each solution explanation source.
-->

<!ELEMENT sol (#PCDATA)>
<!ATTLIST sol	source	(nvd)	#REQUIRED
>
<!--	Contains a specific solution explanation of this CVE entry from
	source indicated by the "source" attribute.
-->

<!ELEMENT loss_types (avail?, conf?, int?, sec_prot?)>
<!--	Loss type tag (may or may not be present).  Contains one loss type child for each loss
	type of this CVE entry.
	Potential loss types are:
	"avail" => availability
	"conf" => confidentiality
	"int" => integrity
	"sec_prot" => security protection
-->

<!ELEMENT avail EMPTY>
<!--	Availability loss type tag -->

<!ELEMENT conf EMPTY>
<!--	Confidentiality loss type tag -->

<!ELEMENT int EMPTY>
<!--	Integrity loss type tag -->

<!ELEMENT sec_prot EMPTY>
<!ATTLIST sec_prot	admin	(1)	#IMPLIED
				user	(1)	#IMPLIED
				other	(1)	#IMPLIED
>
<!--	Security Protection tag with one attribute for each security protection type.
	Potential security protection types are:
	"admin" => gain administrative access
	"user" => gain user access
	"other" => other
-->

<!ELEMENT vuln_types (access?, input?, design?, exception?, env?, config?, race?, other?)>
<!--	Vulnerability type tag (may or may not be present).  Contains one vulnerability type
	child for each vulnerability type of this CVE entry.
	Potential vulnerability types are:
	"access" => Access validation error
	"input" => Input validation error
	"design" => Design error
	"exception" => Exceptional condition error
	"env" => Environmental error
	"config" => Configuration error
	"race" => Race condition error
	"other" => other
-->

<!ELEMENT access EMPTY>
<!--	Access validation error tag -->

<!ELEMENT input EMPTY>
<!ATTLIST input	bound		(1)	#IMPLIED
			buffer	(1)	#IMPLIED
>
<!--	Input validation error tag with one attribute for each input validation error type.
	Potential input validation error types are:
	"bound" => Boundary condition error
	"buffer" => Buffer overflow
-->

<!ELEMENT design EMPTY>
<!--	Design error tag -->

<!ELEMENT exception EMPTY>
<!--	Exceptional condition error tag -->

<!ELEMENT env EMPTY>
<!--	Environmental error tag -->

<!ELEMENT config EMPTY>
<!--	Configuration error -->

<!ELEMENT race EMPTY>
<!--	Race condition error -->

<!ELEMENT other EMPTY>
<!--	Other vulnerability type tag -->

<!ELEMENT range (local?, remote?, user_init?)>
<!--	Vulnerability range tag (may or may not be present).  Contains one vulnerability range
	child for each vulnerability range of this CVE entry.
	Potential vulnerability ranges are:
	"local" => Locally exploitable
	"remote" => Remotely exploitable
	"user_init" => User accesses attacker
-->

<!ELEMENT local EMPTY>
<!--	Locally exploitable vulnerability tag -->

<!ELEMENT remote EMPTY>
<!--	Remotely exploitable vulnerability tag -->

<!ELEMENT user_init EMPTY>
<!--	User accesses attacker vulnerability tag -->

<!ELEMENT refs (ref*)>
<!--	Reference wrapper tag (always present).  External references to this CVE entry are contained
	within this tag.
-->

<!ELEMENT ref (#PCDATA)>
<!ATTLIST	ref	source	CDATA		#REQUIRED
			url		CDATA		#REQUIRED
			sig		(1)		#IMPLIED
			adv		(1)		#IMPLIED
			patch		(1)		#IMPLIED
>
<!--	Individual reference to this CVE entry.  Text is the name of this vulnerability
	at this particular reference.
	Attributes:
	"source" (required) => Name of reference source
	"url" (required) => hyperlink to reference
	"sig" => indicates this reference includes a tool signature
	"adv" => indicates this reference is a Security Advisory
	"patch" => indicates this reference includes a patch for this vulnerability
-->

<!ELEMENT vuln_soft (prod+)>
<!--	Vulnerable software wrapper tag (may or may not be present).  Software affected by this CVE
	entry are listed within this tag.
-->

<!ELEMENT prod (vers+)>
<!ATTLIST prod	name		CDATA	#REQUIRED
			vendor	CDATA	#REQUIRED
>
<!--	Product wrapper tag.  Versions of this product that are affected by this
	vulnerability are listed within this tag.
	Attributes:
	"name" => Product name
	"vendor" => Vendor of this product
-->

<!ELEMENT vers EMPTY>
<!ATTLIST vers	num	CDATA	#REQUIRED
			prev	(1)	#IMPLIED
			edition CDATA	#IMPLIED
>
<!--	Represents a version of this product that is affected by this vulnerability.
	Attributes:
	"num" => This version number
	"prev" => Indicates that versions previous to this version number are also affected by this vulnerability
-->