News & Events

Please use our LinkedIn page to comment on the articles below, or send an email to cve@mitre.org.
Right-click and copy a URL to share an article.

Minutes from CVE Board Teleconference Meeting on June 13 Now Available
June 21, 2018 | Share this article

The CVE Board held a teleconference meeting on June 13, 2018. Read the meeting minutes.

Naver Added as CVE Numbering Authority (CNA)
June 14, 2018 | Share this article

Naver Corporation is now a CVE Numbering Authority (CNA) for Naver products only, except Line products.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 88 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Naver; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on May 30 Now Available
June 11, 2018 | Share this article

The CVE Board held a teleconference meeting on May 30, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on May 16 Now Available
May 29, 2018 | Share this article

The CVE Board held a teleconference meeting on May 16, 2018. Read the meeting minutes.

Preparing CVE for the Future Is Main Topic of Article on The Daily Swig
May 23, 2018 | Share this article

CVE is the main topic of a May 16, 2017 article entitled “CVE board looks ahead to the next 20 years of vulnerability identification,” on The Daily Swig. In the article, CVE Board members Kent Landfield of McAfee and Chris Levendis of MITRE “take stock of the program’s journey [during its first 20 years] to becoming the world’s de facto vulnerability identification standard” and discuss how CVE is being effectively positioned for the next 20 years.

The author states: “If ever proof were needed that the security industry is evolving at a rapid pace, the CVE program recently announced that the CVE List had surpassed 100,000 entries – a dubious milestone that demonstrates the program’s diligence, while hammering home the sheer scale of the threat landscape in 2018.”

The author then discusses how CVE growing the number of participants in its CVE Numbering Authority (CNA) program helped the CVE List surpass the 100,000+ entries by having more and more CNAs assigning CVE Entries to vulnerabilities, and how CVE will continue to benefit from this federated approach in the future. The author quotes Chris Levendis about this, who states: “[CVE now has] 87 CNAs in the program, who are all involved in the assignment process and help chart the path forward. The CNAs are going to be the primary means by which we scale the CVE program … As far as onboarding [new] CNAs is concerned, the program will strategically look to target certain organizations to fulfil different kinds of roles. We have open and transparent rules for the requirements to become a CNA.”

The author also quotes Kent Landfield regarding the future of CVE, the role of automation, and the CNA program, who states: “During the next year or so, we’re going to be putting in place lots of different pieces and parts to ensure that federated environment [fully] occurs, and that we have set ourselves up for the next 20 years. We have built working groups into the program that allow the board members, the CNAs, and the public to participate in trying to develop some of that automation.”

“CVE is really a fundamental piece of our security defense mechanisms … I would like to stress the sheer number of external participants who take part in this program. CVE is vital to the security industry, and vital to our ability to defend ourselves.”

New CVE Board Charter Is Approved
May 23, 2018 | Share this article

We are pleased to announce that the CVE Board has approved the latest version of the “CVE Board Charter,” version 2.6, which includes several important updates to board structure; membership descriptions, including the addition of a CNA liaison board member; and voting policies and procedures.

This update was the result of many hours of hard work by the Board, and the resulting document better positions CVE for success as it continues to expand.

Your CVE Announce Email Subscription Is Changing
May 15, 2018 | Share this article

We have upgraded our email server, and your CVE Announce e-newsletter subscription will now be sent from a new email address: “cve-announce-list@mitre.org”. Please add our new email address to your email program’s Safe Senders list.


What will change:

   Old Email List Sender Address:  cve-announce-list@lists.mitre.org

   New Email List Sender Address: cve-announce-list@mitre.org


Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on May 2 Now Available
May 11, 2018 | Share this article

The CVE Board held a teleconference meeting on May 2, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on April 25 Now Available
May 4, 2018 | Share this article

The CVE Board held a teleconference meeting on April 25, 2018. Read the meeting minutes.

CVE List Surpasses 100,000 CVE Entries
April 24, 2018 | Share this article

The CVE website now contains 100,051 CVE Entries, each of which is a unique identifier for a publicly known software or firmware vulnerability.

CVE, which began in 1999 with just 321 common entries on the CVE List, is considered the international standard for public vulnerability identifiers.

CVE Entries are assigned to vulnerabilities in any code-based entity or standards upon which code-based entities are designed. This can include software, shared codebases, libraries, protocols, standards, hardware (e.g., firmware or microcode), hardware platforms, file formats, or data encodings. This definition of what CVE considers to be a vulnerability is specified by the CVE Numbering Authority (CNA) Rules, Version 2.0, a consensus document authored by CNAs and the CVE Board.

Every CVE Entry added to the list is assigned by a CNA. Numerous organizations from around the world already participate as CNAs, with more and more organizations deciding to join the CVE effort and become a CNA to help the community continue to build the CVE List.

Hillstone Added as CVE Numbering Authority (CNA)
April 24, 2018 | Share this article

Hillstone Networks, Inc. is now a CVE Numbering Authority (CNA) for all Hillstone products only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 87 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Palo Alto Networks Added as CVE Numbering Authority (CNA)
April 16, 2018 | Share this article

Palo Alto Networks, Inc. is now a CVE Numbering Authority (CNA) for all Palo Alto Networks products.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 86 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 4 Now Available
April 13, 2018 | Share this article

The CVE Board held a teleconference meeting on April 4, 2018. Read the meeting minutes.

NOTICE: CVE Request Web Form – Possible Outage from 8pm-9pm EDT on April 12
April 12, 2018 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Primary CNA may be temporarily unavailable from 8:00 p.m. until 9:00 p.m. Eastern time on Thursday, April 12, 2018.

The 84 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

SonicWALL Added as CVE Numbering Authority (CNA)
April 9, 2018 | Share this article

SonicWALL, Inc. is now a CVE Numbering Authority (CNA) for SonicWALL issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 85 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

NOTICE: CVE Request Web Form – Possible Outage from 6am-2pm EDT on April 7
April 6, 2018 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Primary CNA may be temporarily unavailable from 6:00 a.m. until 2:00 p.m. Eastern time on Saturday, April 7, 2018.

All other CNAs organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on March 21 Now Available
March 29, 2018 | Share this article

The CVE Board held a teleconference meeting on March 21, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on March 7 Now Available
March 22, 2018 | Share this article

The CVE Board held a teleconference meeting on March 7, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on February 21 Now Available
March 6, 2018 | Share this article

The CVE Board held a teleconference meeting on February 21, 2018. Read the meeting minutes.

Cloudflare Added as CVE Numbering Authority (CNA)
March 5, 2018 | Share this article

Cloudflare, Inc. is now a CVE Numbering Authority (CNA) for all Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not covered by another CNA.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 84 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on February 7 Now Available
March 1, 2018 | Share this article

The CVE Board held a teleconference meeting on February 7, 2018. Read the meeting minutes.

Facebook and Hikvision Added as CVE Numbering Authorities (CNAs)
February 1, 2018 | Share this article

Two additional organizations are now CVE Numbering Authorities (CNAs): Facebook, Inc. for Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not covered by another CNA, and Hangzhou Hikvision Digital Technology Co., Ltd. for all Hikvision Internet of Things (IoT) products including cameras and digital video recorders.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 83 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Android; Apache; Apple; ASUSTOR; Atlassian; Autodesk; BlackBerry; Booz Allen Hamilton; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Forcepoint; Fortinet; FreeBSD; Google; HackerOne; Hewlett Packard Enterprise; Hikvision; HP; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Node.js; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; SAP; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 24 Now Available
February 1, 2018 | Share this article

The CVE Board held a teleconference meeting on January 24, 2018. Read the meeting minutes.

New CVE Board Charter Is Approved
January 19, 2018 | Share this article

We are pleased to announce that the CVE Board has approved the latest version of the “CVE Board Charter,” version 2.5, which includes several important updates to membership, board member responsibilities and conduct, as well as policy and procedure changes.

This update was the result of many hours of hard work by the Board, and the resulting document better positions CVE for success as it continues to expand.

Minutes from CVE Board Teleconference Meeting on January 10 Now Available
January 19, 2018 | Share this article

The CVE Board held a teleconference meeting on January 10, 2018. Read the meeting minutes.

“Meltdown” Is CVE-2017-5754, and “Spectre” Is CVE-2017-5753 and CVE-2017-5715
January 8, 2018 | Share this article

Three CVE Entries are cited in numerous major advisories, posts, and news media references related to the recent critical “Meltdown” and “Spectre” vulnerabilities—CVE-2017-5754 for Meltdown, and CVE-2017-5753 and CVE-2017-5715 for Spectre—including in the following examples:

Other news articles may be found by searching on “CVE-2017-5754”, “CVE-2017-5753”, and “CVE-2017-5715” using your preferred search engine.

Also, the CVE Entry pages https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753, and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 each include a list of advisories used as references.

CVE Refreshes Website with New Look and Feel and Easier-to-Use Navigation Menus
January 3, 2018 | Share this article

We have updated the CVE website to streamline site navigation and simplify content for an improved user experience. Improvements include the following:


CVE List Main Menu

Our new main menu provides you with direct access to the CVE List. Located in the black navigation bar at the top of every page, each item in the main menu links to a single page with a specific purpose:

New Site Organization and Secondary Dropdown Menu

The website is now organized into five sections, each of which is accessible from the dropdown menus located across the very top of every page:

Also, the CVE logo in the upper left corner of every page is the “Home” link to the website's homepage.


Please send any comments or concerns to cve@mitre.org.

CNA Rules, Version 2.0 Document Now Available
January 1, 2018 | Share this article

The CVE Numbering Authorities (CNA) Rules, Version 2.0 document is now available on the CVE website. For details, please see our January 1, 2018 blog post: “CNA Rules, Version 2.0 Now in Effect”.

Page Last Updated or Reviewed: June 21, 2018