CVE Announce e-newsletter — June 26, 2019
Welcome to the latest issue of the CVE Announce e-newsletter. This newsletter is intended to keep you up-to-date on recent news about CVE, such as advancements in the program, new CNAs, CVE in the news, and more. Common Vulnerabilities and Exposures (CVE®) is the de facto international standard for vulnerability identification and naming. The CVE Board provides oversight and input into CVE’s strategic direction, ensuring CVE meets the vulnerability identification needs of the global technology community. CVE Numbering Authorities (CNAs) consist of vendors, open source projects, vulnerability researchers, industry and national CERTs, and bug bounty programs authorized to assign CVE Identifiers (CVE IDs) to newly discovered issues and include the CVE IDs in the first public disclosure of the vulnerabilities.
Contents:
1. floragunn GmbH and Robert Bosch GmbH and Added as CVE Numbering Authorities (CNAs)
2. New CVE Board Member from Cisco
3. NOTICE: CVE Request Web Form – System Maintenance from 8:00pm EDT June 28 through 8:00pm EDT June 30
4. CVE in the News
5. Keeping Up with CVE
floragunn GmbH and Robert Bosch GmbH Added as CVE Numbering Authorities (CNAs)
Two additional organizations are now CVE Numbering Authorities (CNAs): floragunn GmbH for issues related to Search Guard only, and Robert Bosch GmbH for Bosch products only.
CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
CNAs are the main method for requesting a CVE ID. The following 98 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Oracle; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; SAP; Schneider Electric; Siemens; SonicWALL; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.
For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.
Read on CVE website or share:
https://cve.mitre.org/news/archives/2019/news.html#June262019_floragunn_Added_as_CVE_Numbering_Authority_CNA
https://cve.mitre.org/news/archives/2019/news.html#May092019_Bosch_Added_as_CVE_Numbering_Authority_CNA
New CVE Board Member from Cisco
Patrick Emsweller of Cisco Systems, Inc. has joined the CVE Board. Read the full announcement and welcome message in the CVE Board email discussion list archive.
The CVE Board includes numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information. Through open and collaborative discussions, the Board provides critical input regarding the data sources, product coverage, coverage goals, operating structure, and strategic direction of the CVE Program. All Board Meetings and Board Email List Discussions are archived for the community.
Read on CVE website or share:
https://cve.mitre.org/news/archives/2019/news.html#June182019_New_CVE_Board_Member_from_Cisco
NOTICE: CVE Request Web Form – System Maintenance from 8:00pm EDT June 28 through 8:00pm EDT June 30
Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA will be unavailable from 8:00 p.m. Eastern time on Friday, June 28, 2019 until 8:00 p.m. Eastern time on Sunday, June 30, 2019.
The 97 other CVE Numbering Authority (CNA) organizations may still be contacted during this time to request CVE IDs.
We apologize for any inconvenience. Please contact us with any comments or concerns.
Read on CVE website or share:
https://cve.mitre.org/news/archives/2019/news.html#June202019_CVE_Request_Web_Form_-_System_Maintenance_from_8pm_EDT_on_June_28_through_8pm_EDT_on_June_30
CVE in the News
The Hunt for Vulnerabilities
https://www.darkreading.com/vulnerabilities---threats/the-hunt-for-vulnerabilities-/a/d-id/1334976
Docker containers are filled with vulnerabilities: Here's how the top 1,000 fared
https://www.techrepublic.com/article/docker-containers-are-filled-with-vulnerabilities-heres-how-the-top-1000-fared/
Millions of Dell PC users urged to update SupportAssist to patch vulnerability
https://www.consumeraffairs.com/news/millions-of-dell-pc-users-urged-to-update-supportassist-to-patch-vulnerability-062419.html
Oracle Warns of New Actively-Exploited WebLogic Flaw
https://threatpost.com/oracle-warns-of-new-actively-exploited-weblogic-flaw/145829/
Attack Campaign Exploits CVE-2019-2725, Abuses Certificate Files to Deliver Monero Miner
https://securityintelligence.com/news/attack-campaign-exploits-cve-2019-2725-abuses-certificate-files-to-deliver-monero-miner/
Microsoft warns about email spam campaign abusing Office vulnerability
https://www.zdnet.com/article/microsoft-warns-about-email-spam-campaign-abusing-office-vulnerability/
Keeping Up with CVE
Follow us for the latest from CVE:
@CVEnew - Twitter feed of the latest CVE Entries
@CVEannounce - Twitter feed of news and announcements about CVE
CVE-CWE-CAPEC - LinkedIn showcase page
CVE Blog - CVE main website
CVEProject - GitHub
CVE Documentation - GitHub
CVE Announce Newsletter - Email
If this newsletter was shared with you, subscribe by sending an email message to LMS@mitre.org with the following text in the SUBJECT of the message: “subscribe cve-announce-list” (do not include the quote marks). You may also subscribe on the CVE website at https://cve.mitre.org/news/newsletter.html. To unsubscribe, send an email message to LMS@mitre.org with the following text in the SUBJECT of the message “signoff cve-announce-list” (do not include the quote marks).
Common Vulnerabilities and Exposures (CVE®) is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 2019, The MITRE Corporation. CVE and the CVE logo are registered trademarks of The MITRE Corporation. MITRE maintains CVE and provides impartial technical guidance to the CVE Board and CVE Numbering Authorities on all matters related to ongoing development of CVE.
No comments:
Post a Comment