Merge pull request #3214 from CVEProject/content-rjr-3182

jdaigneau5 · web-flow · commit 978b0b3d6f48 · 2024-10-25T10:16:01.000-04:00
Content rjr 3182
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -23720,5 +23720,175 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "PingCAP",
+    "cnaID": "CNA-2024-0069",
+    "organizationName": "PingCAP (US), Inc.",
+    "scope": "Vulnerabilities in the following PingCAP maintained products and components: TiDB (code available at <a href='https://github.com/pingcap/tidb' target='_blank'>https://github.com/pingcap/tidb</a>); TiKV (code available at <a href='https://github.com/tikv/tikv' target='_blank'>https://github.com/tikv/tikv</a>); PD (Placement Driver, code available at <a href='https://github.com/tikv/pd' target='_blank'>https://github.com/tikv/pd</a>); TiFlash (code available at <a href='https://github.com/pingcap/tiflash' target='_blank'>https://github.com/pingcap/tiflash</a>); and tidbcloud (PingCAP’s cloud database service). This scope includes vulnerabilities in all supported versions of these products. CVE IDs will not be assigned for vulnerabilities found in unsupported versions or for third-party dependencies not maintained by PingCAP",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@pingcap.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.pingcap.com/security/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.pingcap.com/security/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor",
+        "Open Source",
+        "Hosted Service"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "OMRON",
+    "cnaID": "CNA-2024-0070",
+    "organizationName": "OMRON Corporation",
+    "scope": "Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only",
+    "contact": [
+      {
+        "email": [],
+        "contact": [
+          {
+            "label": "OMRON PSIRT Contact page",
+            "url": "https://www.omron.com/contact/ContactForm.do?FID=00282"
+          }
+        ],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.omron.com/contact/ContactForm.do?FID=00282"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.omron.com/global/en/inquiry/vulnerability_information/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "jpcert",
+        "organizationName": "JPCERT/CC"
+      },
+      "type": [
+        "Vendor"
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "Japan"
+  },
+  {
+    "shortName": "CSA",
+    "cnaID": "CNA-2024-0071",
+    "organizationName": "Cyber Security Agency of Singapore",
+    "scope": "Vulnerabilities reported to CSA unless covered by the scope of another CNA",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "singcert@csa.gov.sg"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.csa.gov.sg/Tips-Resource/Resources/singcert/singcert-vulnerability-disclosure-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.csa.gov.sg/alerts-advisories"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "CERT"
+      ]
+    },
+    "country": "Singapore"
   }
 ]
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1165,7 +1165,7 @@
         },
         {
           "month": "October",
-          "value": "3"
+          "value": "6"
         },
         {
           "month": "November",
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -103,6 +103,69 @@
         }
       ]
     },
+    {
+      "id": 427,
+      "newsType": "news",
+      "title": "Cyber Security Agency of Singapore Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Cyber Security Agency of Singapore Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/CSA'>Cyber Security Agency of Singapore</a> (CSA) is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities reported to CSA unless covered by the scope of another CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>414 CNAs</a> (412 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Cyber Security Agency of Singapore is the 3rd CNA from Singapore."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Cyber Security Agency of Singapore’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 426,
+      "newsType": "news",
+      "title": "OMRON Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "OMRON Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/OMRON'>OMRON Corporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Omron Group companies’ Industrial Automation, Healthcare, Social Systems, Device &amp; Module Solutions issues only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>413 CNAs</a> (411 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. OMRON is the 13th CNA from Japan."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "OMRON’s Root is the <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 425,
+      "newsType": "news",
+      "title": "PingCAP Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "PingCAP Added as CNA",
+      "date": "2024-10-22",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/PingCAP'>PingCAP (US), Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities in the following PingCAP maintained products and components: TiDB (code available at <a href='https://github.com/pingcap/tidb' target='_blank'>https://github.com/pingcap/tidb</a>); TiKV (code available at <a href='https://github.com/tikv/tikv' target='_blank'>https://github.com/tikv/tikv</a>); PD (Placement Driver, code available at <a href='https://github.com/tikv/pd' target='_blank'>https://github.com/tikv/pd</a>); TiFlash (code available at <a href='https://github.com/pingcap/tiflash' target='_blank'>https://github.com/pingcap/tiflash</a>); and tidbcloud (PingCAP’s cloud database service). This scope includes vulnerabilities in all supported versions of these products. CVE IDs will not be assigned for vulnerabilities found in unsupported versions or for third-party dependencies not maintained by PingCAP."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>412 CNAs</a> (410 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. PingCAP is the 224th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "PingCAP’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
     {
       "id": 424,
       "newsType": "blog",
diff --git a/src/assets/images/cvePartnersMap.png b/src/assets/images/cvePartnersMap.png

Original file line number	Diff line number	Diff line change
`@@ -1165,7 +1165,7 @@`
`1165`	`1165`	`},`
`1166`	`1166`	`{`
`1167`	`1167`	`"month": "October",`
`1168`		`- "value": "3"`
	`1168`	`+ "value": "6"`
`1169`	`1169`	`},`
`1170`	`1170`	`{`
`1171`	`1171`	`"month": "November",`