News & Events

Please use our LinkedIn page to comment on the articles below, or use our CVE Request Web Form by selecting “Other” from the dropdown.
Right-click and copy a URL to share an article.

Japanese Translations of CNA Onboarding Slides Now Available
June 30, 2020 | Share this article

Thank you to JPCERT/CC for providing Japanese translations of our CVE Numbering Authority (CNA) Program onboarding slides for new CNAs: CVE Program Overview, Becoming a CNA, CNA Processes, Assigning CVE IDs, CVE Entry Creation, and CVE Entry Submission Process.

Please visit CNA Onboarding Slides & Videos for English versions of the slides and videos.

To learn more about the CNA Program, and the business benefits of becoming a CNA, visit Why Become a CNA?

Minutes from CVE Board Teleconference Meeting on June 24 Now Available
June 30, 2020 | Share this article

The CVE Board held a teleconference meeting on June 24, 2020. Read the meeting minutes.

openEuler Added as CVE Numbering Authority (CNA)
June 24, 2020 | Share this article

openEuler is now a CVE Numbering Authority (CNA) for openEuler issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 129 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); GitLab; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; NortonLifeLock; Nvidia; Objective Development; Odoo; openEuler; OpenSSL; OpenVPN; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Xiaomi; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

CVE Blog Publishes First-Ever Article Authored by a CVE Community Member: Shannon Sabens of ZDI/Trend Micro
June 22, 2020 | Share this article

In her article on the CVE Blog, CVE Board Member Shannon Sabens of Zero Day Initiative (ZDI)/Trend Micro discusses “Our CVE Story: Bringing Our ZDI Community to the CVE Community.”

Minutes from CVE Board Teleconference Meeting on June 10 Now Available
June 16, 2020 | Share this article

The CVE Board held a teleconference meeting on June 10, 2020. Read the meeting minutes.

CVE Board Charter Updated to Version 3.2
June 2, 2020 | Share this article

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.2, which adds one additional section: Section 2.15 Charter Exceptions.

Minutes from CVE Board Teleconference Meeting on May 27 Now Available
June 2, 2020 | Share this article

The CVE Board held a teleconference meeting on May 27, 2020. Read the meeting minutes.

Xiaomi Added as CVE Numbering Authority (CNA)
May 28, 2020 | Share this article

Xiaomi Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Xiaomi issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 128 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); GitLab; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; NortonLifeLock; Nvidia; Objective Development; Odoo; OpenSSL; OpenVPN; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Xiaomi; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

COMPLETED: CVE Main Website and CVE Request Web Form – Possible Intermittent Outages from 7:00pm May 21 until 10:00pm EDT on May 23
May 23, 2020 (Updated from May 21 and 22, 2020) | Share this article

Maintenance for the CVE Website and CVE Request Web Form was completed on May 23, 2020. The CVE Main Website and CVE Request Web Form were temporarily unavailable at times from 7:00 p.m. on Thursday, May 21, 2020 until 10:00 p.m. EDT on Saturday, May 23, 2020. This announcement was also posted to Twitter and LinkedIn.

We apologize for any inconvenience. Please contact us with any comments or concerns.

GitLab Added as CVE Numbering Authority (CNA)
May 22, 2020 | Share this article

GitLab Inc. is now a CVE Numbering Authority (CNA) for the GitLab application, any project hosted on GitLab.com in a public repository, and any vulnerabilities discovered by GitLab that are not in another CNA’s scope. Read GitLab’s news release.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 127 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); GitLab; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; NortonLifeLock; Nvidia; Objective Development; Odoo; OpenSSL; OpenVPN; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

NOTICE: CVE Main Website – Possible Intermittent Outages from 7:00pm May 21 until 7:00am EDT on May 22
May 21, 2020 | Share this article

Please see the updated notice for the most recent information.

New CVE Board Member from Cybersecurity and Infrastructure Security Agency (CISA)
May 20, 2020 | Share this article

Jay Gazlay of U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) has joined the CVE Board.

Read the full announcement and welcome message in the CVE Board email discussion list archive.

OpenVPN Added as CVE Numbering Authority (CNA)
May 19, 2020 | Share this article

OpenVPN Inc. is now a CVE Numbering Authority (CNA) for all products and projects in which OpenVPN is directly involved commercially and for OpenVPN community projects, including Private Tunnel.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 126 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; NortonLifeLock; Nvidia; Objective Development; Odoo; OpenSSL; OpenVPN; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on May 13 Now Available
May 19, 2020 | Share this article

The CVE Board held a teleconference meeting on May 13, 2020. Read the meeting minutes.

NortonLifeLock Added as CVE Numbering Authority (CNA)
May 15, 2020 | Share this article

NortonLifeLock Inc. is now a CVE Numbering Authority (CNA) for NortonLifeLock products only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 125 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; NortonLifeLock; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

NOTICE: CVE Request Web Form – Possible Intermittent Outages from 6:00pm EDT May 15 through 6:00pm EDT May 16
May 14, 2020 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times, and confirmation emails may be delayed, from 6:00 p.m. Eastern time on Friday, May 15, 2020 until 6:00 p.m. Eastern time on Saturday, May 16, 2020. Any delayed confirmation emails will be sent once the upgrade is completed.

The 123 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

CVE Entries Used in CISA and FBI’s “Top 10 Most Routinely Exploited Vulnerabilities”
May 14, 2020 | Share this article

CVE Entries are used to identify the vulnerabilities cited in the “Top 10 Routinely Exploited Vulnerabilities” list released on May 12, 2020 by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). CISA sponsors the CVE Program.

The list was created to “advise IT security professionals at public and private sector organizations to place an increased priority on patching the most commonly known vulnerabilities exploited by sophisticated foreign cyber actors. [The list] provides details on vulnerabilities routinely exploited by foreign cyber actors—primarily Common Vulnerabilities and Exposures (CVEs)[1]—to help organizations reduce the risk of these foreign threats.”

The CVE Entries cited in the “Top 10 Routinely Exploited Vulnerabilities” are:

The report also includes “indicators of compromise (IOCs) and additional guidance associated with the CVEs” in a Mitigations section of the document.

Visit “CISA Alert (AA20-133A): Top 10 Routinely Exploited Vulnerabilities” for detailed information.

Sierra Wireless Added as CVE Numbering Authority (CNA)
May 14, 2020 | Share this article

Sierra Wireless Inc. is now a CVE Numbering Authority (CNA) for Sierra Wireless products only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 124 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sierra Wireless; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Teradici Added as CVE Numbering Authority (CNA)
May 12, 2020 | Share this article

Teradici Corporation is now a CVE Numbering Authority (CNA) for Teradici issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 123 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; Teradici; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Advanced Micro Devices Added as CVE Numbering Authority (CNA)
May 6, 2020 | Share this article

Advanced Micro Devices, Inc. (AMD) is now a CVE Numbering Authority (CNA) for AMD branded products and technologies only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 122 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; AMD; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Pegasystems Added as CVE Numbering Authority (CNA)
May 5, 2020 | Share this article

Pegasystems, Inc. is now a CVE Numbering Authority (CNA) for Pegasystems products only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 121 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; Pegasystems; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 29 Now Available
May 5, 2020 | Share this article

The CVE Board held a teleconference meeting on April 29, 2020. Read the meeting minutes.

Silver Peak Added as CVE Numbering Authority (CNA)
April 23, 2020 | Share this article

Silver Peak Systems, Inc. is now a CVE Numbering Authority (CNA) for Silver Peak product issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 120 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Silver Peak; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

CVE Board Charter Updated to Version 3.1
April 23, 2020 | Share this article

The CVE Board has approved the latest version of the “CVE Board Charter,” version 3.1, which adds two additional sections about CVE Working Groups: Section 2.13 Disbanding or Pausing Working Groups and Section 2.14 Guidelines.

CERT@VDE Added as CVE Numbering Authority (CNA)
April 22, 2020 (updated April 30, 2020) | Share this article

CERT@VDE is now a CVE Numbering Authority (CNA) for Beckhoff, Bender, Endress+Hauser, Etherwan Systems, HIMA, Festo, Koramis, ifm, Miele, Pepperl+Fuchs, Phoenix Contact, PILZ, Sysmik, Weidmueller, and WAGO products, as well as industrial and infrastructure control systems (and its components) of European Union (EU) based vendors as long as there is no CNA with a more specific scope for the vulnerability.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 119 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; CERT@VDE; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on April 15 Now Available
April 21, 2020 | Share this article

The CVE Board held a teleconference meeting on April 15, 2020. Read the meeting minutes.

Minutes from CVE Board Teleconference Meeting on April 1 Now Available
April 7, 2020 | Share this article

The CVE Board held a teleconference meeting on April 1, 2020. Read the meeting minutes.

Zscaler Added as CVE Numbering Authority (CNA)
April 6, 2020 | Share this article

Zscaler, Inc. is now a CVE Numbering Authority (CNA) for Zscaler issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 118 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; Zscaler; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Vivo Added as CVE Numbering Authority (CNA)
April 2, 2020 | Share this article

Vivo Mobile Communication Technology Co., Ltd. is now a CVE Numbering Authority (CNA) for Vivo issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 117 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; Vivo; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

CVE Program Launches YouTube Channel
March 31, 2020 | Share this article

The CVE Program is now on YouTube!

Our new CVE Program Channel on YouTube currently includes two playlists: “CVE Basics” with introductory videos for all audiences, and “CNA Onboarding Guidance” with several videos of detailed processes and procedures guidance for organizations that have signed on to participate as official CVE Numbering Authorities (CNAs).


CVE Program Channel on YouTube


You can watch the videos and download the slides to follow along here on the CVE website, or you can watch directly on YouTube. Please check out the videos and let us know what you think by commenting on YouTube. We look forward to hearing from you!

NOTICE: CVE Request Web Form – Possible Intermittent Outages from 7:30am-9:30am EDT on March 31
March 30, 2020 | Share this article

Due to scheduled maintenance, the CVE Request Web Form for contacting the Program Root CNA may be temporarily unavailable at times from 7:30 a.m. until 9:30 a.m. Eastern time on Tuesday, March 31, 2020.

The 115 other CVE Numbering Authority (CNA) organizations can still be contacted during this time to request CVE IDs.

We apologize for any inconvenience. Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on March 18 Now Available
March 25, 2020 | Share this article

The CVE Board held a teleconference meeting on March 18, 2020. Read the meeting minutes.

GitHub (Products Only) Added as CVE Numbering Authority (CNA)
March 12, 2020 | Share this article

GitHub, Inc. (Products Only) is now a CVE Numbering Authority (CNA) for GitHub Enterprise Server issues only. GitHub, Inc. is also a CNA for libraries and products hosted on github.com in a public repository. Read the GitHub (Products Only) announcement.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 116 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; GitHub (Products Only); Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Announcing the Winner of the CVE Logo Contest
March 6, 2020 | Share this article

The CVE Program is extremely happy to announce the winner of our CVE logo contest!

The contest began in January 2020, with 38 designers providing 260 initial design concepts, from which the CVE Outreach and Communications Working Group (OCWG) selected 8 finalists for the community to vote upon. The contest ran for two weeks, and one logo design by graphic designer Joe Abelgas received the most votes.

We are excited to announce that our new CVE logo is:


CVE Logo Contest Winner Announced - March 6, 2020

Our new CVE logo!


The new logo will be rolled out on the website, social media accounts, and in our other communications materials over the next few months. Thank you again to everyone in the CVE Community who voted to help us choose our new CVE logo; we really appreciate it!

CNA Rules, Version 3.0 Document Now Available
March 5, 2020 | Share this article

The CVE Numbering Authorities (CNA) Rules, Version 3.0 document is now available on the CVE website. For details, please see our March 5, 2020 blog post: “CNA Rules, Version 3.0 Now in Effect”.

Thank You to Everyone Who Voted in Our Poll to Help Us Choose a New CVE Logo
March 1, 2020 | Share this article

The CVE Program would like to thank the CVE Community for helping us choose a new CVE logo.

The poll closed at 12:00 a.m. EST on Friday, February 28, 2020. Votes are currently being tallied, and the winner of the contest will be determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on February 19 Now Available
February 25, 2020 | Share this article

The CVE Board held a teleconference meeting on February 19, 2020. Read the meeting minutes.

CVE at RSA 2020
February 24, 2020 | Share this article

Members of the CVE Team will be at RSA Conference 2020 at the Moscone Center in San Francisco, California, USA on February 24-28, 2020. Please look for us on the show floor and say hello. We look forward to seeing you!

Ampere Computing Added as CVE Numbering Authority (CNA)
February 14, 2020 | Share this article

Ampere Computing is now a CVE Numbering Authority (CNA) for Ampere issues only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 115 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Ampere; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

UPDATED: Voting Extended through February 28 to Help Choose a New CVE Logo!
February 13, 2020 (updated February 24, 2019) | Share this article

The CVE Program would like the CVE Community to help us choose a new CVE logo!

The CVE Outreach and Communications Working Group (OCWG) officially launched the CVE logo contest on January 29, 2020. We received over 260 logo design concepts and the OCWG down selected to eight logo design finalists.

There are eight logo options to vote on via our CVE Logo Poll on 99 Designs. The winner of the contest is determined by the average rating and number of votes. Once tallies are complete, and if one winner is selected, the CVE Board will announce the winner on Friday, March 6, 2020. In the event of a tie, the CVE Board will break the tie and the winner will be announced no later than Friday, April 3, 2020. The winner will be announced on the CVE website, LinkedIn, and Twitter.

How to Vote

  1. Visit https://99designs.com/contests/poll/aa730ecca6.
  2. Vote for one or more logo designs by awarding each logo between 0-5 stars (0 is lowest and 5 highest).
  3. Add a Comment about each logo (optional).
  4. Enter your name and email address and click Submit.

Voting opens at 12:00 p.m. EST on Thursday, February 13, 2020, and closes at 12:00 a.m. EST on Friday, February 28, 2020 (updated from February 21). Participation is free.

Thank you for participating! Please contact us with any comments or concerns.

Minutes from CVE Board Teleconference Meeting on February 5 Now Available
February 11, 2020 | Share this article

The CVE Board held a teleconference meeting on February 5, 2020. Read the meeting minutes.

Google LLC Added as CVE Numbering Authority (CNA)
February 4, 2020 | Share this article

Google LLC is now a CVE Numbering Authority (CNA) for Google products that are not covered by Android and Chrome only. Android and Chrome are also CNAs.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 114 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; Google; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Alias Robotics Added as CVE Numbering Authority (CNA)
February 3, 2020 | Share this article

Alias Robotics S.L. is now a CVE Numbering Authority (CNA) for all Alias Robotics products, as well as vulnerabilities in third-party robots and robot components (software and hardware) discovered by Alias Robotics that are not in another CNA’s scope.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 113 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alias Robotics; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 22 Now Available
January 28, 2020 | Share this article

The CVE Board held a teleconference meeting on January 22, 2020. Read the meeting minutes.

Tcpdump Group Added as CVE Numbering Authority (CNA)
January 23, 2020 | Share this article

Tcpdump Group is now a CVE Numbering Authority (CNA) for Tcpdump and Libpcap only.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 112 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tcpdump; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Spanish National Cybersecurity Institute (INCIBE) Added as CVE Numbering Authority (CNA)
January 16, 2020 | Share this article

Spanish National Cybersecurity Institute, S.A. (INCIBE) is now a CVE Numbering Authority (CNA) for vulnerability assignment related to its vulnerability coordination role for Industrial Control Systems (ICS), Information Technologies (IT), and Internet of Things (IoT) systems issues at the national level.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 111 organizations from 21 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; INCIBE; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Cybellum Added as CVE Numbering Authority (CNA)
January 14, 2020 | Share this article

Cybellum Technologies LTD is now a CVE Numbering Authority (CNA) for all Cybellum products, as well as vulnerabilities in third-party software discovered by Cybellum that are not in another CNA’s scope. Read Cybellum’s news release.

CNAs are organizations from around the world that are authorized to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

CNAs are the main method for requesting a CVE ID. The following 110 organizations from 20 countries currently participate as CNAs: ABB; Adobe; Airbus; Alibaba; Android; Apache; Apple; Appthority; Atlassian; Autodesk; Avaya; Bitdefender; BlackBerry; Bosch; Brocade; CA; Canonical; CERT/CC; Check Point; Chrome; Cisco; Cloudflare; Cybellum; Dahua; Debian GNU/Linux; Dell; Document Foundation; Drupal.org; Eaton; Eclipse Foundation; Elastic; F5; Facebook; Fedora Project; Flexera Software; floragunn; Forcepoint; Fortinet; FreeBSD; GitHub; HackerOne; HCL; Hewlett Packard Enterprise; Hikvision; Hillstone; HP; Huawei; IBM; ICS-CERT; Intel; ISC; Jenkins Project; Johnson Controls; JPCERT/CC; Juniper; Kaspersky; KrCERT/CC; Kubernetes; Larry Cashdollar; Lenovo; MarkLogic; McAfee; Micro Focus; Microsoft; MITRE (CVE Program Root CNA); MongoDB; Mozilla; Naver; NetApp; Netflix; Node.js; Nvidia; Objective Development; Odoo; OpenSSL; Opera; OPPO; Oracle; OTRS; Palo Alto Networks; PHP Group; Pivotal Software; Puppet; Qihoo 360; QNAP; Qualcomm; Rapid 7; Red Hat; Salesforce; SAP; Schneider Electric; SICK; Siemens; Sonicwall; Splunk; SUSE; Symantec; Snyk; Synology; Talos; Tenable; TIBCO; Tigera; Trend Micro; TWCERT/CC; VMware; Yandex; Zephyr Project; Zero Day Initiative; and ZTE.

For more information about requesting CVE ID numbers from CNAs, visit Request a CVE ID.

Minutes from CVE Board Teleconference Meeting on January 8 Now Available
January 14, 2020 | Share this article

The CVE Board held a teleconference meeting on January 8, 2020. Read the meeting minutes.

Page Last Updated or Reviewed: June 30, 2020