CVE Announce - July 27, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/July 27, 2017

-------------------------------------------------------

 

Contents:

 

1. REMINDER: "REJECT" Is Not Always a Permanent State for a CVE ID Begins July 27, 2017

2. "CVE IDs and How to Get Them" Talk at DEF CON 25 on July 28

3. Follow us on LinkedIn and Twitter

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

REMINDER: "REJECT" Is Not Always a Permanent State for a CVE ID Begins July 27, 2017

 

CVE IDs in the "REJECT" state can now be changed to another state at any time as appropriate.

 

Please see the initial announcement article "FOCUS ON: Marking a CVE ID "REJECT" Is Not Permanent; It Can Be Updated and Added to the CVE List" at https://cve.mitre.org/news/archives/2017/news.html#June272017_FOCUS_ON:_Marking_a_CVE_ID_as_REJECT_Is_Not_Permanent_It_Can_Be_Updated_and_Added_to_the_CVE_List from June 27, 2017 for details.

 

LINKS:

 

REJECT -

https://cve.mitre.org/about/faqs.html#reject_signify_in_cve_id

 

About CVE IDs -

https://cve.mitre.org/cve/identifiers/index.html

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July272017_REMINDER:_REJECT_Is_Not_Always_a_Permanent_State_for_a_CVE_ID_Begins_July_27_2017

 

---------------------------------------------------------------

"CVE IDs and How to Get Them" Talk at DEF CON 25 on July 28

 

CVE Numbering Authority Program Lead Dan Adinolfi, and CVE Team Member Anthony Singleton, will present a talk entitled "CVE IDs and How to Get Them" at 1:10 p.m. PT in the Neopolitan Ballroom and Milano VIII at Caesars Palace at the "Wall of Sheep" at DEF CON 25 in Las Vegas, Nevada, USA.

 

Talk synopsis from the conference website: "The Common Vulnerabilities and Exposures (CVE) program uniquely identifies and names publicly-disclosed vulnerabilities in software and other codebases. Whether you are a vulnerability researcher, a vendor, or a project maintainer, it has never been easier to have CVE IDs assigned to vulnerabilities you are disclosing or coordinating around. This presentation will be an opportunity to find out how to participate as well as a chance to offer your thoughts, questions, or feedback about CVE. Attendees will learn what is considered a vulnerability for CVE, how to assign CVE IDs to vulnerabilities, how to describe those vulnerabilities within CVE ID entries, how to submit those assignments, and where to get more information about CVE assignment."

 

Visit the CVE Calendar at https://cve.mitre.org/news/archives/2017/calendar.html for information on this and other events.

 

LINKS:

 

"CVE IDs and How to Get Them" talk -

https://www.wallofsheep.com/pages/dc25#dadinolfi

 

DEF CON 25 -

https://www.defcon.org/html/defcon-25/dc-25-index.html

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE IDs -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

CVE Announce - July 24, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/July 24, 2017

-------------------------------------------------------

 

Contents:

 

1. Tenable Added as CVE Numbering Authority (CNA)

2. CVE BLOG: "Come Meet with CVE at Black Hat 2017 on July 27 and DEF CON 25 on July 28"

3. Follow us on LinkedIn and Twitter

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

Tenable Added as CVE Numbering Authority (CNA)

 

Tenable Network Security, Inc. is now a CVE Numbering Authority (CNA) for Tenable products and third-party products upon which they perform their vulnerability research that are not covered by another CNA.

 

CNAs are OS and product vendors, developers, security researchers, and research organizations that assign CVE IDs to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities.

 

CNAs are the main method for requesting a CVE ID. The following 68 organizations currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; Qualcomm; Rapid 7; Red Hat; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable: TIBCO; Trend Micro; VMware; Yandex; Zero Day Initiative, and ZTE.

 

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.

 

LINKS:

 

Tenable -

http://www.tenable.com/security/report/

 

CNAs -

https://cve.mitre.org/cve/cna.html

 

Request a CVE ID from a CNA -

https://cve.mitre.org/cve/request_id.html

 

Become a CNA -

https://cve.mitre.org/cve/cna.html#become_a_cna

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July242017_Tenable_Added_as_CVE_Numbering_Authority_CNA

 

---------------------------------------------------------------

CVE BLOG: "Come Meet with CVE at Black Hat 2017 on July 27 and DEF CON 25 on July 28"

 

CVE Numbering Authority Program Lead Dan Adinolfi, and CVE Team Member Anthony Singleton, will be at Black Hat USA 2017 and DEF CON 25 next week in Las Vegas, Nevada, USA.

 

We invite you to join us to talk CVE at either or both events:

 

 

* CVE Meet-Up, July 27

 

Please join us for an informal get together to talk CVE at Black Hat USA 2017. If you're interested, please meet us at 12:00 p.m. PT outside the House of Blues in the Mandalay Bay Casino.

 

We will determine the final location once we have everyone together. Questions or concerns: cve@mitre.org.

 

 

* CVE Talk, July 28

 

Dan and Anthony will present a talk entitled "CVE IDs and How to Get Them" at 1:10 p.m. PT in the Neopolitan Ballroom and Milano VIII at Caesars Palace at the "Wall of Sheep" at DEF CON 25.

 

Talk synopsis from the conference website: "The Common Vulnerabilities and Exposures (CVE) program uniquely identifies and names publicly-disclosed vulnerabilities in software and other codebases. Whether you are a vulnerability researcher, a vendor, or a project maintainer, it has never been easier to have CVE IDs assigned to vulnerabilities you are disclosing or coordinating around. This presentation will be an opportunity to find out how to participate as well as a chance to offer your thoughts, questions, or feedback about CVE. Attendees will learn what is considered a vulnerability for CVE, how to assign CVE IDs to vulnerabilities, how to describe those vulnerabilities within CVE ID entries, how to submit those assignments, and where to get more information about CVE assignment."

 

 

Please stop by either or both events and say hello. We look forward to seeing you!

- The CVE Team

  July 20, 2017

  cve@mitre.org

 

 

LINKS:

 

CVE website -

https://cve.mitre.org/

 

Black Hat USA 2017 -

https://www.blackhat.com/us-17/

 

"CVE IDs and How to Get Them" talk at DEF CON -

https://www.wallofsheep.com/pages/dc25#dadinolfi

 

DEF CON 25 -

https://www.defcon.org/html/defcon-25/dc-25-index.html

 

CVE Calendar -

https://cve.mitre.org/news/archives/2017/calendar.html

 

CVE Blog post -

https://cve.mitre.org/blog/index.html#July202017_Come_Meet_with_CVE_at_Black_Hat_2017_on_July_27_and_DEF_CON_25_on_July_28

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE IDs -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

CVE Announce - July 18, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/July 18, 2017

-------------------------------------------------------

 

Contents:

 

1. Duo Added as CVE Numbering Authority (CNA)

2. Minutes from CVE Board Teleconference Meeting on July 12 Now Available

3. Follow us on LinkedIn and Twitter

4. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

Duo Added as CVE Numbering Authority (CNA)

 

Duo Security, Inc. is now a CVE Numbering Authority (CNA) for Duo products and its third-party research targets that are not covered by another CNA.

 

CNAs are OS and product vendors, developers, security researchers, and research organizations that assign CVE IDs to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities.

 

CNAs are the main method for requesting a CVE ID. The following 67 organizations currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; Qualcomm; Rapid 7; Red Hat; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; TIBCO; Trend Micro; VMware; Yandex; Zero Day Initiative, and ZTE.

 

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.

 

LINKS:

 

Duo -

https://duo.com/labs/security-response

 

CNAs -

https://cve.mitre.org/cve/cna.html

 

Request a CVE ID from a CNA -

https://cve.mitre.org/cve/request_id.html

 

Become a CNA -

https://cve.mitre.org/cve/cna.html#become_a_cna

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July182017_Duo_Added_as_CVE_Numbering_Authority_CNA

 

---------------------------------------------------------------

Minutes from CVE Board Teleconference Meeting on July 12 Now Available

 

The CVE Board held a teleconference meeting on July 12, 2017. Read the meeting minutes at https://cve.mitre.org/data/board/archives/2017-07/msg00069.html.

 

The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE program. All Board Meetings and Board Email List Discussions are archived for the community.

 

LINKS:

 

CVE Board -

https://cve.mitre.org/community/board/index.html

 

Board Archives -

https://cve.mitre.org/community/board/archive.html#meeting_summaries

https://cve.mitre.org/community/board/archive.html#board_mail_list_archive

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July182017_Minutes_from_CVE_Board_Teleconference_Meeting_on_July_12_Now_Available

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE IDs -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

CVE Announce - July 11, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/July 11, 2017

-------------------------------------------------------

 

Contents:

 

1. ZTE Added as CVE Numbering Authority (CNA)

2. Follow us on LinkedIn and Twitter

3. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

ZTE Added as CVE Numbering Authority (CNA)

 

ZTE Corporation is now a CVE Numbering Authority (CNA) for ZTE products only.

 

CNAs are OS and product vendors, developers, security researchers, and research organizations that assign CVE IDs to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities.

 

CNAs are the main method for requesting a CVE ID. The following 66 organizations currently participate as CNAs: Adobe; Apache; Apple; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Eclipse Foundation; Elastic; F5; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; Qualcomm; Rapid 7; Red Hat; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; TIBCO; Trend Micro; VMware; Yandex; Zero Day Initiative, and ZTE.

 

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.

 

LINKS:

 

ZTE -

http://www.zte.com.cn/

 

CNAs -

https://cve.mitre.org/cve/cna.html

 

Request a CVE ID from a CNA -

https://cve.mitre.org/cve/request_id.html

 

Become a CNA -

https://cve.mitre.org/cve/cna.html#become_a_cna

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July112017_ZTE_Added_as_CVE_Numbering_Authority_CNA

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE IDs -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.

 

CVE Announce - July 5, 2017 (opt-in newsletter from the CVE website)

Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability names. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE Identifiers (CVE IDs) to newly discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.

 

Comments: cve@mitre.org

 

-------------------------------------------------------

CVE-Announce e-newsletter/July 5, 2017

-------------------------------------------------------

 

Contents:

 

1. IMPORTANT: CVE Identifier (CVE ID) Reference Updates Begin on July 10, 2017

2. Follow us on LinkedIn and Twitter

3. Details/Credits + Subscribing and Unsubscribing

 

 

FEATURE STORY:

 

IMPORTANT: CVE Identifier (CVE ID) Reference Updates Begin on July 10, 2017

 

To help keep CVE ID References up-to-date within the CVE List, the CVE Team will be updating a large number of References where necessary in the coming months.

 

The CVE IDs affected include those from years 1999 through 2016. CVE List consumers will see up to 5,000 CVE IDs with updated references beginning on July 10, 2017. On 8-day intervals thereafter, additional batches of up to 5,000 CVE IDs with updated references will occur. These updates will occur indefinitely until further notice.

 

If you have any comments or concerns about this change, please send them to our CVE Request web form at https://cveform.mitre.org/ and select the Other request type.

 

LINKS:

 

CVE List -

https://cve.mitre.org/cve/cve.html

 

CVE Identifier (CVE ID) -

https://cve.mitre.org/about/faqs.html#what_is_cve_identifier

 

CVE ID References -

https://cve.mitre.org/about/faqs.html#cve_id_references

 

CVE Request web form -

https://cveform.mitre.org/

 

CVE News page article -

https://cve.mitre.org/news/archives/2017/news.html#July032017_IMPORTANT:_CVE_Identifier_CVE_ID_Reference_Updates_Begin_July_10_2017

 

---------------------------------------------------------------

Follow us on LinkedIn and Twitter

 

Please follow us on Twitter for the latest from CVE:

 

* Feed of the latest CVE IDs -

https://twitter.com/CVEnew/

 

* Feed of news and announcements about CVE -

https://twitter.com/CVEannounce/

 

Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:

 

* CVE-CWE-CAPEC on LinkedIn -

https://www.linkedin.com/company/11033649

 

* CVE Blog -

https://cve.mitre.org/blog/

 

---------------------------------------------------------------

Details/Credits + Subscribing and Unsubscribing

 

Managing Editor: Dan Adinolfi, Cyber Security Technical Center. Writer: Bob Roberge. The MITRE Corporation (www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.

 

To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".

 

Copyright 2017, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by US-CERT (www.us-cert.gov) in the office of Cybersecurity and Communications (www.dhs.gov/office-cybersecurity-and-communications) at the U.S. Department of Homeland Security (www.dhs.gov).

 

For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.