News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Ampere Computing Added as CVE Numbering Authority (CNA)
February 14, 2020 | Share this article

Ampere Computing is now a CVE Numbering Authority (CNA) for Ampere issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 116 organizations from 22 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Help Choose Our New CVE Logo!
February 13, 2020 | Share this article

The CVE Program would like the CVE Community to help us choose a new CVE logo!

The CVE Outreach and Communications Working Group (OCWG) officially launched the CVE logo contest on January 29, 2020. We received over 260 logo design concepts and the OCWG down selected to eight logo design finalists.

There are eight logo options to vote on via our CVE Logo Poll on 99 Designs. The winner of the contest is determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

How to Vote

  1. Visit https://99designs.com/contests/poll/aa730ecca6.
  2. Vote for one or more logo designs by awarding each logo between 0-5 stars (0 is lowest and 5 highest).
  3. Add a Comment about each logo (optional).
  4. Enter your name and email address and click Submit.

Voting opens at 12:00 p.m. EST on Thursday, February 13, 2020, and closes at 12:00 a.m. EST on Friday, February 21, 2020. Participation is free.

Thank you for participating! Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on February 5 Now Available
February 11, 2020 | Share this article

The CVE Board held a teleconference meeting on February 5, 2020. Read the meeting minutes.

Google LLC Added as CVE Numbering Authority (CNA)
February 4, 2020 | Share this article

Google LLC is now a CVE Numbering Authority (CNA) for Google products that are not covered by Android and Chrome only. Android and Chrome are also CNAs.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 115 organizations from 22 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Alias Robotics Added as CVE Numbering Authority (CNA)
February 3, 2020 | Share this article

Alias Robotics S.L. is now a CVE Numbering Authority (CNA) for all Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 114 organizations from 22 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 22 Now Available
January 28, 2020 | Share this article

The CVE Board held a teleconference meeting on January 22, 2020. Read the meeting minutes.

Tcpdump Group Added as CVE Numbering Authority (CNA)
January 23, 2020 | Share this article

Tcpdump Group is now a CVE Numbering Authority (CNA) for Tcpdump and Libpcap only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 113 organizations from 22 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Spanish National Cybersecurity Institute (INCIBE) Added as CVE Numbering Authority (CNA)
January 16, 2020 | Share this article

Spanish National Cybersecurity Institute, S.A. (INCIBE) is now a CVE Numbering Authority (CNA) for vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 112 organizations from 22 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Cybellum Added as CVE Numbering Authority (CNA)
January 14, 2020 | Share this article

Cybellum Technologies LTD is now a CVE Numbering Authority (CNA) for all Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope. Read Cybellum’s news release.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 111 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 8 Now Available
January 14, 2020 | Share this article

The CVE Board held a teleconference meeting on January 8, 2020. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on December 11 Now Available
December 17, 2019 | Share this article

The CVE Board held a teleconference meeting on December 11, 2019. Read the meeting minutes.

Opera Added as CVE Numbering Authority (CNA)
December 13, 2019 | Share this article

Opera Software AS is now a CVE Numbering Authority (CNA) for Opera issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 110 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

New CVE Board Charter Is Approved
December 6, 2019 | Share this article

We are pleased to announce that the CVE Board has approved the latest version of the “CVE Board Charter,” version 3.0, which includes important updates to the CNA Liaison board member description and requirements; addition of a new section focused on organizational voting; and other updates to voting policies and procedures.

This update was the result of many hours of hard work by the Board, and the resulting document better positions CVE for success as it continues to expand.

Visit Our CVE Booth at Black Hat Europe 2019 on December 4-5
December 2, 2019 | Share this article

The CVE Program will host a CVE Booth on December 4-5, 2019 at Black Hat Europe 2019 at the ExCeL London in London, United Kingdom. Members of the CVE Team will be in attendance, as will some CVE Board members and CVE Numbering Authorities (CNAs).

Please stop by Booth #615 and say hello! Visitors will learn how using CVE Entries for vulnerability coordination and management helps enhances cybersecurity, how easy it is to assign your own CVE IDs, and more.

CVE Booth #615 at Black Hat Europe 2019

CVE Booth #615 at Black Hat Europe 2019

Business Hall exhibition hours are from 10:00 AM – 6:30 PM on December 4, and 10:00 AM – 4:00 PM on December 5. The conference itself runs December 2-5. View the exhibition hall floor plan.

We look forward to seeing you there!

SICK Added as CVE Numbering Authority (CNA)
December 2, 2019 | Share this article

SICK AG is now a CVE Numbering Authority (CNA) for SICK AG issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 109 organizations from 20 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; CyberSecurity Philippines - CERT; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Page Last Updated or Reviewed: February 13, 2020