Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability identifiers. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs that assign CVE Identifiers (CVE IDs) to newly discovered issues, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 24, 2018
-------------------------------------------------------
Contents:
1. CVE List Surpasses 100,000 CVE Entries
2. Hillstone Added as CVE Numbering Authority (CNA)
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
CVE List Surpasses 100,000 CVE Entries
The CVE website now contains 100,051 CVE Entries, each of which is a unique identifier for a publicly known software or firmware vulnerability.
CVE, which began in 1999 with just 321 common entries on the CVE List, is considered the international standard for public vulnerability identifiers.
CVE Entries are assigned to vulnerabilities in any code-based entity or standards upon which code-based entities are designed. This can include software, shared codebases, libraries, protocols, standards, hardware (e.g., firmware or microcode), hardware platforms, file formats, or data encodings. This definition of what CVE considers to be a vulnerability is specified by the "CVE Numbering Authority (CNA) Rules, Version 2.0," a consensus document authored by CNAs and the CVE Board.
Every CVE Entry added to the list is assigned by a CNA. Numerous organizations from around the world already participate as CNAs, with more and more organizations deciding to join the CVE effort and become a CNA to help the community continue to build the CVE List.
LINKS:
CVE List -
https://cve.mitre.org/cve/
CNAs -
https://cve.mitre.org/cve/cna.html
CNA Rules -
https://cve.mitre.org/cve/cna/rules.html
CVE Board -
https://cve.mitre.org/community/board/index.html
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April242018_CVE_List_Surpasses_100000_CVE_Entries
---------------------------------------------------------------
Hillstone Added as CVE Numbering Authority (CNA)
Hillstone Networks, Inc. is now a CVE Numbering Authority (CNA) for all Hillstone products only.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 87 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Hillstone -
https://www.hillstonenet.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
How to become a CNA -
https://cve.mitre.org/cve/cna.html#become_a_cna
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April242018_Hillstone_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE Entries -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Tuesday, April 24, 2018
Monday, April 16, 2018
CVE Announce - April 16, 2018 (opt-in newsletter from the CVE website)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability identifiers. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs that assign CVE Identifiers (CVE IDs) to newly discovered issues, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 16, 2018
-------------------------------------------------------
Contents:
1. Palo Alto Networks Added as CVE Numbering Authority (CNA) 2. Minutes from CVE Board Teleconference Meeting on April 4 Now Available 3. Follow us on LinkedIn and Twitter 4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Palo Alto Networks Added as CVE Numbering Authority (CNA)
Palo Alto Networks, Inc. is now a CVE Numbering Authority (CNA) for all Palo Alto Networks products.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 86 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Palo Alto Networks -
https://www.paloaltonetworks.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
How to become a CNA -
https://cve.mitre.org/cve/cna.html#become_a_cna
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April162018_Palo_Alto_Networks_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
Minutes from CVE Board Teleconference Meeting on April 4 Now Available
The CVE Board held teleconference meetings on April 4, 2018. Read the meeting minutes at https://cve.mitre.org/data/board/archives/2018-04/msg00017.html.
The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE program. All Board Meetings and Board Email List Discussions are archived for the community.
LINKS:
CVE Board -
https://cve.mitre.org/community/board/index.html
Board Archives -
https://cve.mitre.org/community/board/archive.html#meeting_summaries
https://cve.mitre.org/community/board/archive.html#board_mail_list_archive
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April132018_Minutes_from_CVE_Board_Teleconference_Meeting_on_April_4_Now_Available
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE Entries -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE - https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 16, 2018
-------------------------------------------------------
Contents:
1. Palo Alto Networks Added as CVE Numbering Authority (CNA) 2. Minutes from CVE Board Teleconference Meeting on April 4 Now Available 3. Follow us on LinkedIn and Twitter 4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
Palo Alto Networks Added as CVE Numbering Authority (CNA)
Palo Alto Networks, Inc. is now a CVE Numbering Authority (CNA) for all Palo Alto Networks products.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 86 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
Palo Alto Networks -
https://www.paloaltonetworks.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
How to become a CNA -
https://cve.mitre.org/cve/cna.html#become_a_cna
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April162018_Palo_Alto_Networks_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
Minutes from CVE Board Teleconference Meeting on April 4 Now Available
The CVE Board held teleconference meetings on April 4, 2018. Read the meeting minutes at https://cve.mitre.org/data/board/archives/2018-04/msg00017.html.
The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE program. All Board Meetings and Board Email List Discussions are archived for the community.
LINKS:
CVE Board -
https://cve.mitre.org/community/board/index.html
Board Archives -
https://cve.mitre.org/community/board/archive.html#meeting_summaries
https://cve.mitre.org/community/board/archive.html#board_mail_list_archive
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April132018_Minutes_from_CVE_Board_Teleconference_Meeting_on_April_4_Now_Available
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE Entries -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE - https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Thursday, April 12, 2018
CVE Announce Special Announcement - April 12, 2018 (opt-in newsletter from the CVE website)
SPECIAL ANNOUNCEMENT
-------------------------------------------------------
CVE-Announce e-newsletter/April 12, 2018
-------------------------------------------------------
*****NOTICE: CVE Request Web Form - Possible Outage from 8pm-9pm EDT on April 12*****
Due to scheduled maintenance, the "CVE Request Web Form" for contacting the Primary CNA may be temporarily unavailable from 8:00 p.m. until 9:00 p.m. Eastern time today April 12, 2018.
The 84 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs at https://cve.mitre.org/cve/request_id.html.
We apologize for any inconvenience.
Please contact us with any comments or concerns at cve@mitre.org.
LINKS:
CVE List -
https://cve.mitre.org/cve/
CVE Request web form (Primary CNA only) -
https://cveform.mitre.org/
Request CVE IDs from CNAs page -
https://cve.mitre.org/cve/request_id.html
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April122018_CVE_Request_Web_Form_-_Possible_Outage_from_8pm-9pm_EDT_on_April_12
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
-------------------------------------------------------
CVE-Announce e-newsletter/April 12, 2018
-------------------------------------------------------
*****NOTICE: CVE Request Web Form - Possible Outage from 8pm-9pm EDT on April 12*****
Due to scheduled maintenance, the "CVE Request Web Form" for contacting the Primary CNA may be temporarily unavailable from 8:00 p.m. until 9:00 p.m. Eastern time today April 12, 2018.
The 84 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs at https://cve.mitre.org/cve/request_id.html.
We apologize for any inconvenience.
Please contact us with any comments or concerns at cve@mitre.org.
LINKS:
CVE List -
https://cve.mitre.org/cve/
CVE Request web form (Primary CNA only) -
https://cveform.mitre.org/
Request CVE IDs from CNAs page -
https://cve.mitre.org/cve/request_id.html
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April122018_CVE_Request_Web_Form_-_Possible_Outage_from_8pm-9pm_EDT_on_April_12
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Monday, April 9, 2018
CVE Announce - April 9, 2018 (opt-in newsletter from the CVE website)
Welcome to the latest issue of the CVE-Announce e-newsletter. This email newsletter is designed to bring recent news about CVE, such as new website features, new CNAs, CVE in the news, etc. right to your email box. Common Vulnerabilities and Exposures (CVE) is the standard for cybersecurity vulnerability identifiers. The CVE Board provides oversight and input into CVE's strategic direction, ensuring CVE meets the vulnerability identification needs of the technology community. CVE Numbering Authorities (CNAs) are vendors and projects, vulnerability researchers, national and industry CERTs, and bug bounty programs that assign CVE Identifiers (CVE IDs) to newly discovered issues, and include the CVE IDs in the first public disclosure of the vulnerabilities. Details on subscribing (and unsubscribing) to the email newsletter are at the end. Please feel free to pass this newsletter on to interested colleagues.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 9, 2018
-------------------------------------------------------
Contents:
1. SonicWALL Added as CVE Numbering Authority (CNA)
2. CVE BLOG: "CNA Processes Documentation Now on GitHub"
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
SonicWALL Added as CVE Numbering Authority (CNA)
SonicWALL, Inc. is now a CVE Numbering Authority (CNA) for SonicWALL issues only.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 85 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
SonicWALL -
https://www.sonicwall.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
How to become a CNA -
https://cve.mitre.org/cve/cna.html#become_a_cna
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April092018_SonicWALL_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
CVE BLOG: "CNA Processes Documentation Now on GitHub"
We have updated the collection of processes documentation for CVE Numbering Authorities (CNAs) on our CVEProject Documentation website on GitHub at https://cveproject.github.io/. Please note that while many of the documents are hosted on our GitHub website, some are hosted here on the main CVE website.
The purpose of the collection is to provide training and assistance to CNAs so that they can correctly fulfill their responsibilities for properly writing and completing the information required for each CVE Entry they submit to the Primary CNA to be added to the CVE List, as defined by the "CNA Rules, Version 2.0".
CNA PROCESSES DOCUMENTATION & TRAINING SLIDES
This collection of documents at https://cveproject.github.io/docs/ includes the following:
* CNA RESOURCES
https://cveproject.github.io/docs/cna/resources/index.html
- Contacting the Primary CNA
- Basic Information
- Requesting Blocks of CVE IDs/Submitting CVE ID Assignment Information
- CNA Documentation and Training
- CNA Metrics Requirements
* CNA PROCESSES DOCUMENTATION
http://cveproject.github.io/docs/cna/processes_documentation/index.html
- Current CNAs:
* CNA Rules v2.0
* CNA Onboarding Processes
* CVE Content Decisions
* Submitting CVE Entries to Root CNAs
- Prospective CNAs:
* CVE overview for prospective CNAs
* Instructions for how to become a CNA
* CNA TRAINING SLIDES
https://cveproject.github.io/docs/cna/training_slides/index.html
- Becoming a CNA
- CNA Processes
- Counting Rules Training
- Creating a CVE Entry for Submission
- Submitting CVE Entries to Primary CNA
If you have any questions or comments about the collection of CNA Processes Documentation & Training Slides, please contact us via our CVE Request web form by selecting "Other" from the dropdown menu at https://cveform.mitre.org/, or email us directly at cve@mitre.org.
We look forward to hearing from you!
- The CVE Team
April 6, 2018
cve@mitre.org
LINKS:
CNA Documentation on GitHub -
https://cveproject.github.io/docs/
CVE Blog post -
https://cve.mitre.org/blog/index.html#April062018_CNA_Processes_Documentation_Now_on_GitHub
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE Entries -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Comments: cve@mitre.org
-------------------------------------------------------
CVE-Announce e-newsletter/April 9, 2018
-------------------------------------------------------
Contents:
1. SonicWALL Added as CVE Numbering Authority (CNA)
2. CVE BLOG: "CNA Processes Documentation Now on GitHub"
3. Follow us on LinkedIn and Twitter
4. Details/Credits + Subscribing and Unsubscribing
FEATURE STORY:
SonicWALL Added as CVE Numbering Authority (CNA)
SonicWALL, Inc. is now a CVE Numbering Authority (CNA) for SonicWALL issues only.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 85 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID on the CVE website at https://cve.mitre.org/cve/request_id.html.
LINKS:
SonicWALL -
https://www.sonicwall.com/
CNAs -
https://cve.mitre.org/cve/cna.html
Request a CVE ID from a CNA -
https://cve.mitre.org/cve/request_id.html
How to become a CNA -
https://cve.mitre.org/cve/cna.html#become_a_cna
CVE News page article -
https://cve.mitre.org/news/archives/2018/news.html#April092018_SonicWALL_Added_as_CVE_Numbering_Authority_CNA
---------------------------------------------------------------
CVE BLOG: "CNA Processes Documentation Now on GitHub"
We have updated the collection of processes documentation for CVE Numbering Authorities (CNAs) on our CVEProject Documentation website on GitHub at https://cveproject.github.io/. Please note that while many of the documents are hosted on our GitHub website, some are hosted here on the main CVE website.
The purpose of the collection is to provide training and assistance to CNAs so that they can correctly fulfill their responsibilities for properly writing and completing the information required for each CVE Entry they submit to the Primary CNA to be added to the CVE List, as defined by the "CNA Rules, Version 2.0".
CNA PROCESSES DOCUMENTATION & TRAINING SLIDES
This collection of documents at https://cveproject.github.io/docs/ includes the following:
* CNA RESOURCES
https://cveproject.github.io/docs/cna/resources/index.html
- Contacting the Primary CNA
- Basic Information
- Requesting Blocks of CVE IDs/Submitting CVE ID Assignment Information
- CNA Documentation and Training
- CNA Metrics Requirements
* CNA PROCESSES DOCUMENTATION
http://cveproject.github.io/docs/cna/processes_documentation/index.html
- Current CNAs:
* CNA Rules v2.0
* CNA Onboarding Processes
* CVE Content Decisions
* Submitting CVE Entries to Root CNAs
- Prospective CNAs:
* CVE overview for prospective CNAs
* Instructions for how to become a CNA
* CNA TRAINING SLIDES
https://cveproject.github.io/docs/cna/training_slides/index.html
- Becoming a CNA
- CNA Processes
- Counting Rules Training
- Creating a CVE Entry for Submission
- Submitting CVE Entries to Primary CNA
If you have any questions or comments about the collection of CNA Processes Documentation & Training Slides, please contact us via our CVE Request web form by selecting "Other" from the dropdown menu at https://cveform.mitre.org/, or email us directly at cve@mitre.org.
We look forward to hearing from you!
- The CVE Team
April 6, 2018
cve@mitre.org
LINKS:
CNA Documentation on GitHub -
https://cveproject.github.io/docs/
CVE Blog post -
https://cve.mitre.org/blog/index.html#April062018_CNA_Processes_Documentation_Now_on_GitHub
---------------------------------------------------------------
Follow us on LinkedIn and Twitter
Please follow us on Twitter for the latest from CVE:
* Feed of the latest CVE Entries -
https://twitter.com/CVEnew/
* Feed of news and announcements about CVE -
https://twitter.com/CVEannounce/
Please also visit us on LinkedIn to more easily comment on our news articles and CVE Blog posts:
* CVE-CWE-CAPEC on LinkedIn -
https://www.linkedin.com/company/11033649
* CVE Blog -
https://cve.mitre.org/blog/
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Friday, April 6, 2018
CVE Announce Special Announcement - April 6, 2018 (opt-in newsletter from the CVE website)
SPECIAL ANNOUNCEMENT
-------------------------------------------------------
CVE-Announce e-newsletter/April 6, 2018
-------------------------------------------------------
NOTICE: CVE Request Web Form – Possible Outage from 6am-2pm EDT on April 7
Due to scheduled maintenance, the "CVE Request Web Form" for contacting the Primary CNA may be temporarily unavailable from 6:00 a.m. until 2:00 p.m. Eastern time on Saturday, April 7, 2018.
The 83 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs at https://cve.mitre.org/cve/request_id.html.
We apologize for any inconvenience.
Please contact us with any comments or concerns at cve@mitre.org.
LINKS:
CVE List -
CVE Request web form -
Request CVE IDs from CNAs page -
https://cve.mitre.org/cve/request_id.html
CVE News page article -
---------------------------------------------------------------
Details/Credits + Subscribing and Unsubscribing
To unsubscribe from the CVE-Announce e-newsletter, open a new email message and copy the following text to the BODY of the message "SIGNOFF CVE-Announce-List", then send the message to: listserv@lists.mitre.org. To subscribe, send an email message to listserv@lists.mitre.org with the following text in the BODY of the message: "SUBSCRIBE CVE-Announce-List".
CVE is sponsored by US-CERT (https://www.us-cert.gov/) in the office of Cybersecurity and Communications (https://www.dhs.gov/office-cybersecurity-and-communications/) at the U.S. Department of Homeland Security (https://www.dhs.gov/).
Copyright 2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE (https://www.mitre.org) maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
For more information about CVE, visit the CVE website at https://cve.mitre.org or send an email to cve@mitre.org.
Subscribe to:
Comments (Atom)
