Merge pull request #3214 from CVEProject/content-rjr-3182

Content rjr 3182
CVEProject · Oct 25, 2024 · 978b0b3 · 978b0b3
2 parents 38fd6b6 + 0a6022c
commit 978b0b3
Show file tree

Hide file tree

Showing 4 changed files with 234 additions and 1 deletion.
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -23720,5 +23720,175 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "PingCAP",
+    "cnaID": "CNA-2024-0069",
+    "organizationName": "PingCAP (US), Inc.",
+    "scope": "Vulnerabilities in the following PingCAP maintained products and components: TiDB (code available at <a href='https://github.com/pingcap/tidb' target='_blank'>https://github.com/pingcap/tidb</a>); TiKV (code available at <a href='https://github.com/tikv/tikv' target='_blank'>https://github.com/tikv/tikv</a>); PD (Placement Driver, code available at <a href='https://github.com/tikv/pd' target='_blank'>https://github.com/tikv/pd</a>); TiFlash (code available at <a href='https://github.com/pingcap/tiflash' target='_blank'>https://github.com/pingcap/tiflash</a>); and tidbcloud (PingCAP’s cloud database service). This scope includes vulnerabilities in all supported versions of these products. CVE IDs will not be assigned for vulnerabilities found in unsupported versions or for third-party dependencies not maintained by PingCAP",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.pingcap.com/security/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.pingcap.com/security/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor",
+        "Open Source",
+        "Hosted Service"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "OMRON",
+    "cnaID": "CNA-2024-0070",
+    "organizationName": "OMRON Corporation",
+    "scope": "Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only",
+    "contact": [
+      {
+        "email": [],
+        "contact": [
+          {
+            "label": "OMRON PSIRT Contact page",
+            "url": "https://www.omron.com/contact/ContactForm.do?FID=00282"
+          }
+        ],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.omron.com/contact/ContactForm.do?FID=00282"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.omron.com/global/en/inquiry/vulnerability_information/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "jpcert",
+        "organizationName": "JPCERT/CC"
+      },
+      "type": [
+        "Vendor"
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "Japan"
+  },
+  {
+    "shortName": "CSA",
+    "cnaID": "CNA-2024-0071",
+    "organizationName": "Cyber Security Agency of Singapore",
+    "scope": "Vulnerabilities reported to CSA unless covered by the scope of another CNA",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.csa.gov.sg/Tips-Resource/Resources/singcert/singcert-vulnerability-disclosure-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.csa.gov.sg/alerts-advisories"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "CERT"
+      ]
+    },
+    "country": "Singapore"
   }
 ]
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1165,7 +1165,7 @@
         },
         {
           "month": "October",
-          "value": "3"
+          "value": "6"
         },
         {
           "month": "November",

diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -103,6 +103,69 @@
         }
       ]
     },
+    {
+      "id": 427,
+      "newsType": "news",
+      "title": "Cyber Security Agency of Singapore Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Cyber Security Agency of Singapore Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/CSA'>Cyber Security Agency of Singapore</a> (CSA) is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities reported to CSA unless covered by the scope of another CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>414 CNAs</a> (412 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Cyber Security Agency of Singapore is the 3rd CNA from Singapore."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Cyber Security Agency of Singapore’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 426,
+      "newsType": "news",
+      "title": "OMRON Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "OMRON Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/OMRON'>OMRON Corporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>413 CNAs</a> (411 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. OMRON is the 13th CNA from Japan."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "OMRON’s Root is the <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 425,
+      "newsType": "news",
+      "title": "PingCAP Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "PingCAP Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/PingCAP'>PingCAP (US), Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in the following PingCAP maintained products and components: TiDB (code available at <a href='https://github.com/pingcap/tidb' target='_blank'>https://github.com/pingcap/tidb</a>); TiKV (code available at <a href='https://github.com/tikv/tikv' target='_blank'>https://github.com/tikv/tikv</a>); PD (Placement Driver, code available at <a href='https://github.com/tikv/pd' target='_blank'>https://github.com/tikv/pd</a>); TiFlash (code available at <a href='https://github.com/pingcap/tiflash' target='_blank'>https://github.com/pingcap/tiflash</a>); and tidbcloud (PingCAP’s cloud database service). This scope includes vulnerabilities in all supported versions of these products. CVE IDs will not be assigned for vulnerabilities found in unsupported versions or for third-party dependencies not maintained by PingCAP."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>412 CNAs</a> (410 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. PingCAP is the 224th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "PingCAP’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
     {
       "id": 424,
       "newsType": "blog",

diff --git a/src/assets/images/cvePartnersMap.png b/src/assets/images/cvePartnersMap.png