News & Events

Please use our LinkedIn page to comment on the articles below, or send an email to cve@mitre.org.
Right-click and copy a URL to share an article.

Palo Alto Networks Added as CVE Numbering Authority (CNA)
April 16, 2018 | Share this article

Palo Alto Networks, Inc. is now a CVE Numbering Authority (CNA) for all Palo Alto Networks products.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 86 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Palo Alto Networks; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 4 Now Available
April 13, 2018 | Share this article

The CVE Board held a teleconference meeting on April 4, 2018. Read the meeting minutes.

NOTICE: CVE Request Web Form – Possible Outage from 8pm-9pm EDT on April 12
April 12, 2018 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Primary CNA may be temporarily unavailable from 8:00 p.m. until 9:00 p.m. Eastern time on Thursday, April 12, 2018.

The 84 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

SonicWALL Added as CVE Numbering Authority (CNA)
April 9, 2018 | Share this article

SonicWALL, Inc. is now a CVE Numbering Authority (CNA) for SonicWALL issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 85 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; SonicWALL; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

NOTICE: CVE Request Web Form – Possible Outage from 6am-2pm EDT on April 7
April 6, 2018 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Primary CNA may be temporarily unavailable from 6:00 a.m. until 2:00 p.m. Eastern time on Saturday, April 7, 2018.

All other CNAs organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on March 21 Now Available
March 29, 2018 | Share this article

The CVE Board held a teleconference meeting on March 21, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on March 7 Now Available
March 22, 2018 | Share this article

The CVE Board held a teleconference meeting on March 7, 2018. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on February 21 Now Available
March 6, 2018 | Share this article

The CVE Board held a teleconference meeting on February 21, 2018. Read the meeting minutes.

Cloudflare Added as CVE Numbering Authority (CNA)
March 5, 2018 | Share this article

Cloudflare, Inc. is now a CVE Numbering Authority (CNA) for all Cloudflare products, projects hosted at https://github.com/cloudflare/, and any vulnerabilities discovered by Cloudflare that are not covered by another CNA.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 84 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Cloudflare; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on February 7 Now Available
March 1, 2018 | Share this article

The CVE Board held a teleconference meeting on February 7, 2018. Read the meeting minutes.

Facebook and Hikvision Added as CVE Numbering Authorities (CNAs)
February 1, 2018 | Share this article

Two additional organizations are now CVE Numbering Authorities (CNAs): Facebook, Inc. for Facebook-supported open source projects, mobile apps, and other software, as well as vulnerabilities in third-party software discovered by Facebook that are not covered by another CNA, and Hangzhou Hikvision Digital Technology Co., Ltd. for all Hikvision Internet of Things (IoT) products including cameras and digital video recorders.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 83 organizations currently participate as CNAs: Adobe; Airbus; Alibaba; Apache; Apple; Atlassian; Autodesk; BlackBerry; Brocade; CA; Canonical; CERT/CC; Check Point; Cisco; Dahua; Debian GNU/Linux; Dell EMC; Distributed Weakness Filing Project; Drupal.org; Duo; Eclipse Foundation; Elastic; F5; Facebook; Flexera Software; Fortinet; FreeBSD; Google; HackerOne; HP; Hewlett Packard Enterprise; Hikvision; Huawei; IBM; ICS-CERT; Intel; IOActive; ISC; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (primary CNA); Mozilla; Netflix; Netgear; Nvidia; Objective Development; OpenSSL; Oracle; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Riverbed; Schneider Electric; Siemens; Silicon Graphics; Symantec; Synology; Talos; Tenable; TIBCO; Trend Micro; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 24 Now Available
February 1, 2018 | Share this article

The CVE Board held a teleconference meeting on January 24, 2018. Read the meeting minutes.

New CVE Board Charter Is Approved
January 19, 2018 | Share this article

We are pleased to announce that the CVE Board has approved the latest version of the “CVE Board Charter,” version 2.5, which includes several important updates to membership, board member responsibilities and conduct, as well as policy and procedure changes.

This update was the result of many hours of hard work by the Board, and the resulting document better positions CVE for success as it continues to expand.

Minutes from CVE Board Teleconference Meeting on January 10 Now Available
January 19, 2018 | Share this article

The CVE Board held a teleconference meeting on January 10, 2018. Read the meeting minutes.

“Meltdown” Is CVE-2017-5754, and “Spectre” Is CVE-2017-5753 and CVE-2017-5715
January 8, 2018 | Share this article

Three CVE Entries are cited in numerous major advisories, posts, and news media references related to the recent critical “Meltdown” and “Spectre” vulnerabilities—CVE-2017-5754 for Meltdown, and CVE-2017-5753 and CVE-2017-5715 for Spectre—including in the following examples:

Other news articles may be found by searching on “CVE-2017-5754”, “CVE-2017-5753”, and “CVE-2017-5715” using your preferred search engine.

Also, the CVE Entry pages https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753, and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 each include a list of advisories used as references.

CVE Refreshes Website with New Look and Feel and Easier-to-Use Navigation Menus
January 3, 2018 | Share this article

We have updated the CVE website to streamline site navigation and simplify content for an improved user experience. Improvements include the following:


CVE List Main Menu

Our new main menu provides you with direct access to the CVE List. Located in the black navigation bar at the top of every page, each item in the main menu links to a single page with a specific purpose:

New Site Organization and Secondary Dropdown Menu

The website is now organized into five sections, each of which is accessible from the dropdown menus located across the very top of every page:

Also, the CVE logo in the upper left corner of every page is the “Home” link to the website's homepage.


Please send any comments or concerns to cve@mitre.org.

CNA Rules, Version 2.0 Document Now Available
January 1, 2018 | Share this article

The CVE Numbering Authorities (CNA) Rules, Version 2.0 document is now available on the CVE website. For details, please see our January 1, 2018 blog post: “CNA Rules, Version 2.0 Now in Effect”.

Page Last Updated or Reviewed: April 16, 2018