Merge pull request #3519 from CVEProject/int

4/1/25 Release: INT to MAIN

Author: jdaigneau5

src/assets/data/CNAsList.json

@@ -3648,7 +3648,7 @@
     "shortName": "hpe",
     "cnaID": "CNA-2016-0003",
     "organizationName": "Hewlett Packard Enterprise (HPE)",
-    "scope": "HPE issues only.",
+    "scope": "HPE and acquisitions issues only.",
     "contact": [
       {
         "email": [
@@ -8120,7 +8120,7 @@
     "shortName": "suse",
     "cnaID": "CNA-2014-0003",
     "organizationName": "SUSE",
-    "scope": "SUSE and Rancher issues only.",
+    "scope": "SUSE and Rancher specific security issues, and vulnerabilities discovered by SUSE that are not covered by the scope of another CNA.",
     "contact": [
       {
         "email": [
@@ -8158,7 +8158,8 @@
       },
       "type": [
         "Vendor",
-        "Open Source"
+        "Open Source",
+        "Researcher"
       ],
       "TLR": {
         "shortName": "mitre",
@@ -8319,7 +8320,7 @@
           "url": "https://www.synaptics.com/products/touchpad-family"
         },
         {
-          "label": "Biomentrics Advisories",
+          "label": "Biometrics Advisories",
           "url": "https://www.synaptics.com/products/biometrics"
         },
         {
@@ -14284,7 +14285,7 @@
       {
         "label": "Policy",
         "language": "",
-        "url": "https://onekey.com/resposible-disclosure-policy/"
+        "url": "https://www.onekey.com/responsible-disclosure-policy"
       }
     ],
     "securityAdvisories": {
@@ -25527,8 +25528,8 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "redhat",
+        "organizationName": "Red Hat, Inc."
       },
       "roles": [
         {

src/assets/data/NotificationBanner.json

@@ -19,6 +19,32 @@
     {
       "contentType": "paragraph",
       "content": "."
+    },
+    {
+      "contentType": "paragraph",
+      "content": "<br/><br/>"
+    },
+    {
+      "contentType": "paragraph",
+      "content": "<b>NOTICE &mdash;</b>"
+    },
+
+    {
+      "contentType": "paragraph", 
+      "content": "Due to routine maintenance, the "
+    },
+    {
+      "contentType": "internalLink",
+      "link": "/",
+      "linkText": "CVE List on the CVE.ORG website"
+    },
+    {
+      "contentType": "paragraph", 
+      "content": "will be <strong>unavailable on April 2, 2025 between 1:00 PM and 5:00 PM EDT</strong>. As a result, searching CVE IDs and CVE Records on the CVE.ORG website will be unavailable during this time. We apologize for the inconvenience and thank you for your understanding."
+    },
+    {
+      "contentType": "paragraph",
+      "content": "<br/><br/>"
     }
   ]
 }

src/assets/data/events.json

@@ -34,7 +34,7 @@
       "displayOnHomepageOrder": 1,
       "title": "CVE/FIRST VulnCon 2025",
       "location": "Raleigh, North Carolina, USA & Virtual",
-      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Agenda</strong>:<br/> Available <a href='https://www.first.org/conference/vulncon2025/program' target='_blank'>here</a>.<br/><br/><strong>Registration</strong>:<br/>Open. Details <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>here</a>.<br/><ul><li>Virtual Admission: US $100.00</li><li>In-person Standard Admission (by March 15, 2025): US $300.00</li><li>In-person Late Rate Admission (after March 15, 2025): US $375.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. Location to be announced in January. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; Plenary, Vendor Tables, Welcome Reception<br/>* Day 2: Tuesday, April 8 &mdash; Plenary, Vendor Tables, Off-site Social Event<br/>* Day 3: Wednesday, April 9 &mdash; Plenary, Breakouts, Vendor Tables<br/>* Day 4: Thursday, April 10 &mdash; Plenary, Breakouts, Vendor Tables<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Call for Papers</strong>:<br/>Closed on January 31, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
+      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Agenda</strong>:<br/> Available <a href='https://www.first.org/conference/vulncon2025/program' target='_blank'>here</a>.<br/><br/><strong>Registration</strong>:<br/>Virtual registration available until April 4, 2025. Details <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>here</a>.<br/><ul><li>Virtual Admission: US $100.00 (until April 4, 2025)</li><li>In-person Standard Admission (closed): US $300.00</li><li>In-person Late Rate Admission (closed): US $375.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. Location to be announced in January. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; Plenary, Vendor Tables, Welcome Reception<br/>* Day 2: Tuesday, April 8 &mdash; Plenary, Vendor Tables, Off-site Social Event<br/>* Day 3: Wednesday, April 9 &mdash; Plenary, Breakouts, Vendor Tables<br/>* Day 4: Thursday, April 10 &mdash; Plenary, Breakouts, Vendor Tables<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Call for Papers</strong>:<br/>Closed on January 31, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
       "permission": "public",
       "url": "https://www.first.org/conference/vulncon2025/",
       "date": {

src/assets/data/metrics.json

@@ -1137,7 +1137,7 @@
         },
         {
           "month": "March",
-          "value": "3"
+          "value": "4"
         },
         {
           "month": "April",

src/assets/data/news.json

@@ -1,7 +1,126 @@
 {
   "currentNews": [
+    {
+      "id": 503,
+      "displayOnHomepageOrder": 1,
+      "newsType": "blog",
+      "title": "LAST CHANCE &mdash; Virtual Registration for <i>CVE/FIRST VulnCon 2025</i> Closes April 4",
+      "urlKeywords": "VulnCon 2025 Registration Closes April 4",
+      "date": "2025-04-01",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "Registration for virtual attendance to <a href='https://www.first.org/conference/vulncon2025/' target='_blank'><i>CVE/FIRST VulnCon 2025</i></a> is open through April 4, 2025, on the <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>FIRST conference website</a>. Virtual admission registration is US $100.00. Discounted rates are not offered for this event regardless of membership or speaking status. This is your last chance, so <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>register today</a>!"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> are co-hosting <i><a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon 2025</a></i> at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025. <a href='/PartnerInformation/ListofPartners'>CVE Numbering Authorities (CNAs)</a> &mdash;  VulnCon 2025 takes the place of the 2025 Spring CVE Global Summit."
+        },
+        {
+          "contentnewsType": "image",
+          "imageWidth": "",
+          "href": "/news/VulnCon2025.png",
+          "altText": "CVE/FIRST VulnCon 2025, April 7-10, 2025",
+          "captionText": "<a href='https://www.first.org/conference/vulncon2025/' target='_blank'><i>VulnCon 2025</i>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<h3>Agenda</h3>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "View the <a href='https://www.first.org/conference/vulncon2025/program'>full agenda</a> on the <a href='https://www.first.org/conference/vulncon2025/program' target='_blank'>conference web page</a> or view the schedule by day:"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<strong>Monday, April 7</strong> &mdash; <a href='https://www.first.org/conference/vulncon2025/program#d20250407' target='_blank'>View day 1 schedule</a><br/><strong>Tuesday, April 8</strong> &mdash;  <a href='https://www.first.org/conference/vulncon2025/program#d20250408' target='_blank'>View day 2 schedule</a><br/><strong>Wednesday, April 9</strong> &mdash; <a href='https://www.first.org/conference/vulncon2025/program#d20250409' target='_blank'>View day 3 schedule</a><br/><strong>Thursday, April 10</strong> &mdash; <a href='https://www.first.org/conference/vulncon2025/program#d20250410' target='_blank'>View day 4 schedule</a>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<h3>Venue</h3>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center</a><br/>North Carolina State University<br/>1101 Gorman St.<br/>Raleigh, North Carolina 27606<br/>USA"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<h3>Learn More About VulnCon 2025</h3>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The purpose of the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> &mdash; which is open to the public &mdash; is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For the most up-to-date information, visit the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>CVE/FIRST VulnCon 2025</a> conference page hosted on the FIRST website."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "We look forward to seeing you at this exciting community event and encourage you to <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>register today!</a>"
+        }
+      ]
+    },
+    {
+      "id": 502,
+      "displayOnHomepageOrder": 2,
+      "newsType": "blog",
+      "title": "FINAL REMINDER &mdash; Please Complete Our “CVE Data Usage and Satisfaction Survey” by April 4",
+      "urlKeywords": "CVE Data Usage Satisfaction Survey Final Reminder",
+      "date": "2025-04-01",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a target='_blank' href='https://forms.office.com/g/hx168RPctg'>CVE Data Usage and Satisfaction Survey</a>,” which opened on March 4, 2025, will close at <strong>11:59 PM ET on April 4, 2025</strong>. If you are a consumer of <a href='/ResourcesSupport/Glossary#glossaryRecord'>CVE Records</a>, or a defender, the <a href='/'>CVE Program</a> would like to hear from you about such topics as:<ul><li>Where do you get your CVE data from?</li><li>How do you use CVE data?</li><li>Do you store a copy of the CVE data?</li><li>What data types (i.e., fields) are most important to you in a CVE Record?</li><li>Are there data types that you’d like to see added to CVE Records in the future (e.g., purl)?</li></ul>To participate in the survey, please click <a target='_blank' href='https://forms.office.com/g/hx168RPctg'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Your feedback will play a crucial role in enhancing the CVE Program and its service offerings. Your responses, which will be anonymous unless you provide your contact information in the final optional question, will be used solely for research and improvement purposes."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "If you have any questions or need assistance, please use the  <a target='_blank' href='https://cveform.mitre.org/'>CVE Request Web Form</a> and select “Other” from the dropdown menu."
+        }
+      ]
+    },
+    {
+      "id": 501,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on March 5 Now Available",
+      "urlKeywords": "CVE Board Minutes from March 5",
+      "date": "2025-04-01",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on March 5, 2025. Read the <a href='https://cve.mitre.org/community/board/meeting_summaries/05_March_2025.pdf' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 500,
+      "displayOnHomepageOrder": 4,
       "newsType": "news",
       "title": "Digi Added as CVE Numbering Authority (CNA)",
       "urlKeywords": "Digi Added as CNA",
@@ -23,6 +142,7 @@
     },
     {
       "id": 499,
+      "displayOnHomepageOrder": 3,
       "newsType": "blog",
       "title": "Vulnerability Data Enrichment for CVE Records: 250 CNAs on the Enrichment Recognition List for March 25, 2025",
       "urlKeywords": "CNA Enrichment Recognition List Update",
@@ -59,7 +179,6 @@
     },
     {
       "id": 498,
-      "displayOnHomepageOrder": 1,
       "newsType": "blog",
       "title": "Reminder for CVE Consumers &mdash; Please Complete the “CVE Data Usage and Satisfaction Survey” Before April 4, 2025",
       "urlKeywords": "CVE Data Usage and Satisfaction Survey Reminder",
@@ -210,7 +329,6 @@
     },
     {
       "id": 492,
-      "displayOnHomepageOrder": 2,
       "newsType": "blog",
       "title": "Full Agenda Now Available for <i>CVE/FIRST VulnCon 2025</i> on April 7-10, 2025!",
       "urlKeywords": "Full Agenda for CVE FIRST VulnCon 2025",

src/views/Home.vue

@@ -12,9 +12,9 @@
         Identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
         <button v-if="cveRecordsLoading" class="button is-loading cve-margin-top-neg7 cve-button-ghost"></button>
         <p class="subtile mt-2" v-if="!cveRecordsLoading && !cveRecordsRequestErrored">
-          Currently, there are <span class="has-text-weight-bold">{{cveRecordsTotal}}</span> CVE Records accessible via
-          <router-link to="/Downloads">Download</router-link>
-          or <span class="has-text-weight-bold">Keyword Search</span> above
+          There are currently over <span class="has-text-weight-bold">{{cveRecordsTotal}}</span>
+          CVE Records accessible via <router-link to="/Downloads">Download</router-link>
+          or <span class="has-text-weight-bold">Keyword Search</span> above.
         </p>
       </div>
       <div class="notification is-warning is-light" role="alert" v-if="cveRecordsRequestErrored">
@@ -82,6 +82,12 @@ export default {
 
           if ((typeof count === 'number') && !Number.isNaN(count)) {
             this.cveRecordsRequestErrored = false;
+
+            // As of March 2025, we're reporting the CVE record count rounded
+            // to the next lowest thousand, and reporting it as "over xxx"
+            // thousand records (a la McDonald's), instead of the actual count.
+
+            count = Math.floor(count / 1000) * 1000;
             this.cveRecordsTotal = count.toString().replace(/\B(?=(\d{3})+(?!\d))/g, ',');
           } else {
             this.cveRecordsRequestErrored = true;