internal/worker: handle false positive changes
Add a triage state for false positives. When determining whether
a changed CVE with false-positive state needs an issue, ignore
the reference URLs we already know about.
Here is the scenario this CL is designed to address:
1. A CVE is a known false positive, meaning that although it has a
reference URL that suggests Go is involved, we know it isn't. We
initialize the DB with it.
2. In a later commit, the CVE changes. Perhaps references are added.
3. On the next update, the triage algorithm will match the same
URLs that triggered it the first time, and we will change the state
to NeedsIssue.
By distinguishing the states NoActionNeeded and FalsePositive, and
remembering the reference URLs that were used when the false positive
was identified, we can avoid this. But if a new, Go-relevant URLs is
added, we'll see that it's not in our list and then, validly, re-label
the CVE as NeedsIssue.
Also, add a HasVuln state for CVEs that are already covered
by existing Go vulnerability reports. Even though we check
the Go vulndb when we triage, we need to represent
these specially because the Go vuln report can mention only
one CVE, so other matching ones must be handled this way.
Change-Id: I3c67a8c8911b261a376a64fcc7f54f387c2bd457
Reviewed-on: https://go-review.googlesource.com/c/vuln/+/370838
Trust: Jonathan Amsterdam <jba@google.com>
Run-TryBot: Jonathan Amsterdam <jba@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julie@golang.org>
diff --git a/internal/worker/false_positive_records.gen.go b/internal/worker/false_positive_records.gen.go
index 7628d98..dbd5aae 100644
--- a/internal/worker/false_positive_records.gen.go
+++ b/internal/worker/false_positive_records.gen.go
@@ -9,5404 +9,7374 @@
import "golang.org/x/vuln/internal/worker/store"
var falsePositives = []*store.CVERecord{
-
{
- ID: "CVE-2013-2124",
- Path: "2013/2xxx/CVE-2013-2124.json",
- BlobHash: "b1ff88f81a229ecf77fe19b4abcaea1188732b10",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2013-2124",
+ Path: "2013/2xxx/CVE-2013-2124.json",
+ BlobHash: "b1ff88f81a229ecf77fe19b4abcaea1188732b10",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://seclists.org/oss-sec/2013/q2/431",
+ "https://github.com/libguestfs/libguestfs/commit/fa6a76050d82894365dfe32916903ef7fee3ffcd",
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/85145",
+ "https://www.redhat.com/archives/libguestfs/2013-May/msg00079.html",
+ "https://www.redhat.com/archives/libguestfs/2013-May/msg00080.html",
+ "http://osvdb.org/93724",
+ "http://www.securityfocus.com/bid/60205",
+ },
},
-
{
- ID: "CVE-2013-2233",
- Path: "2013/2xxx/CVE-2013-2233.json",
- BlobHash: "fff4e81581d35ca5feb18f441687a4e8ac2ef346",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2013-2233",
+ Path: "2013/2xxx/CVE-2013-2233.json",
+ BlobHash: "fff4e81581d35ca5feb18f441687a4e8ac2ef346",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.ansible.com/security",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=980821",
+ "https://github.com/ansible/ansible/issues/857",
+ "http://www.openwall.com/lists/oss-security/2013/07/01/2",
+ "http://www.openwall.com/lists/oss-security/2013/07/02/6",
+ },
},
-
{
- ID: "CVE-2014-0177",
- Path: "2014/0xxx/CVE-2014-0177.json",
- BlobHash: "2b106b8cbe92d17dbe0f40ef2bf8131a19a79dcc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-0177",
+ Path: "2014/0xxx/CVE-2014-0177.json",
+ BlobHash: "2b106b8cbe92d17dbe0f40ef2bf8131a19a79dcc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://secunia.com/advisories/58273",
+ "https://github.com/github/hub/commit/016ec99d25b1cb83cb4367e541177aa431beb600",
+ },
},
-
{
- ID: "CVE-2014-3498",
- Path: "2014/3xxx/CVE-2014-3498.json",
- BlobHash: "82cec2c1ae4a884effa2c621469c9018ad07b09e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-3498",
+ Path: "2014/3xxx/CVE-2014-3498.json",
+ BlobHash: "82cec2c1ae4a884effa2c621469c9018ad07b09e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1335551",
+ },
},
-
{
- ID: "CVE-2014-3971",
- Path: "2014/3xxx/CVE-2014-3971.json",
- BlobHash: "cef39ff58a76f2b3b266e9fe49e3e1af75aa4199",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-3971",
+ Path: "2014/3xxx/CVE-2014-3971.json",
+ BlobHash: "cef39ff58a76f2b3b266e9fe49e3e1af75aa4199",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b",
+ "https://jira.mongodb.org/browse/SERVER-13753",
+ },
},
-
{
- ID: "CVE-2014-4657",
- Path: "2014/4xxx/CVE-2014-4657.json",
- BlobHash: "973d958f719b33379fa47ac5330f68c79ad9b0f4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4657",
+ Path: "2014/4xxx/CVE-2014-4657.json",
+ BlobHash: "973d958f719b33379fa47ac5330f68c79ad9b0f4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
+ "https://www.securityfocus.com/bid/68232",
+ },
},
-
{
- ID: "CVE-2014-4658",
- Path: "2014/4xxx/CVE-2014-4658.json",
- BlobHash: "831c7a476ec7ddeebe0311821efd8ec207878b06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4658",
+ Path: "2014/4xxx/CVE-2014-4658.json",
+ BlobHash: "831c7a476ec7ddeebe0311821efd8ec207878b06",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
+ "https://www.securityfocus.com/bid/68233",
+ },
},
-
{
- ID: "CVE-2014-4659",
- Path: "2014/4xxx/CVE-2014-4659.json",
- BlobHash: "1fcaa970aab33beb1c8f5e94544a976060829bd5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4659",
+ Path: "2014/4xxx/CVE-2014-4659.json",
+ BlobHash: "1fcaa970aab33beb1c8f5e94544a976060829bd5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
+ "https://www.securityfocus.com/bid/68234",
+ },
},
-
{
- ID: "CVE-2014-4660",
- Path: "2014/4xxx/CVE-2014-4660.json",
- BlobHash: "1aff32c0d305a69e039cf6f5a909b9e3adb88965",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4660",
+ Path: "2014/4xxx/CVE-2014-4660.json",
+ BlobHash: "1aff32c0d305a69e039cf6f5a909b9e3adb88965",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/blob/release1.5.5/CHANGELOG.md",
+ "https://www.securityfocus.com/bid/68231",
+ "https://www.openwall.com/lists/oss-security/2014/06/26/19",
+ "https://security-tracker.debian.org/tracker/CVE-2014-4660",
+ "https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08",
+ },
},
-
{
- ID: "CVE-2014-4678",
- Path: "2014/4xxx/CVE-2014-4678.json",
- BlobHash: "453d55a513a567b647daee742272a73d06d2bbb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4678",
+ Path: "2014/4xxx/CVE-2014-4678.json",
+ BlobHash: "453d55a513a567b647daee742272a73d06d2bbb3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916",
+ "https://groups.google.com/forum/message/raw?msg=ansible-announce/ieV1vZvcTXU/5Q93ThkY9rIJ",
+ "https://security-tracker.debian.org/tracker/CVE-2014-4678",
+ "https://www.openwall.com/lists/oss-security/2014/06/26/30",
+ "https://www.openwall.com/lists/oss-security/2014/07/02/2",
+ "https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2014-4678",
+ "https://www.rapid7.com/db/vulnerabilities/freebsd-vid-2c493ac8-205e-11e5-a4a5-002590263bf5",
+ },
},
-
{
- ID: "CVE-2014-4966",
- Path: "2014/4xxx/CVE-2014-4966.json",
- BlobHash: "e3378a01598473a0e0ec5b3576a3893236d1951e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4966",
+ Path: "2014/4xxx/CVE-2014-4966.json",
+ BlobHash: "e3378a01598473a0e0ec5b3576a3893236d1951e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.ocert.org/advisories/ocert-2014-004.html",
+ "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
+ },
},
-
{
- ID: "CVE-2014-4967",
- Path: "2014/4xxx/CVE-2014-4967.json",
- BlobHash: "3db0b89320c00238e9ac985a46145a8735160af3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-4967",
+ Path: "2014/4xxx/CVE-2014-4967.json",
+ BlobHash: "3db0b89320c00238e9ac985a46145a8735160af3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.ocert.org/advisories/ocert-2014-004.html",
+ "https://github.com/ansible/ansible/commit/62a1295a3e08cb6c3e9f1b2a1e6e5dcaeab32527",
+ },
},
-
{
- ID: "CVE-2014-8178",
- Path: "2014/8xxx/CVE-2014-8178.json",
- BlobHash: "c402c99f5ad15d2bb92c0cc2a1d200c61e8b3f5c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-8178",
+ Path: "2014/8xxx/CVE-2014-8178.json",
+ BlobHash: "c402c99f5ad15d2bb92c0cc2a1d200c61e8b3f5c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html",
+ "https://groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ",
+ "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12",
+ "https://www.docker.com/legal/docker-cve-database",
+ },
},
-
{
- ID: "CVE-2014-8179",
- Path: "2014/8xxx/CVE-2014-8179.json",
- BlobHash: "e4d44d6ea12f93279a9dd5ff4f305b87d7ede7cb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-8179",
+ Path: "2014/8xxx/CVE-2014-8179.json",
+ BlobHash: "e4d44d6ea12f93279a9dd5ff4f305b87d7ede7cb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://lists.opensuse.org/opensuse-updates/2015-10/msg00036.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00014.html",
+ "https://groups.google.com/forum/#!msg/docker-dev/bWVVtLNbFy8/UaefOqMOCAAJ",
+ "https://github.com/docker/docker/blob/master/CHANGELOG.md#183-2015-10-12",
+ "https://blog.docker.com/2015/10/security-release-docker-1-8-3-1-6-2-cs7/",
+ "https://www.docker.com/legal/docker-cve-database",
+ },
},
-
{
- ID: "CVE-2014-8682",
- Path: "2014/8xxx/CVE-2014-8682.json",
- BlobHash: "0f015f20fd4dd01c859293025b0380a7d64c38e1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-8682",
+ Path: "2014/8xxx/CVE-2014-8682.json",
+ BlobHash: "0f015f20fd4dd01c859293025b0380a7d64c38e1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.exploit-db.com/exploits/35238",
+ "https://exchange.xforce.ibmcloud.com/vulnerabilities/98694",
+ "http://packetstormsecurity.com/files/129117/Gogs-Repository-Search-SQL-Injection.html",
+ "http://seclists.org/fulldisclosure/2014/Nov/33",
+ "http://gogs.io/docs/intro/change_log.html",
+ "http://www.securityfocus.com/archive/1/533995/100/0/threaded",
+ "http://www.securityfocus.com/bid/71187",
+ "https://github.com/gogits/gogs/commit/0c5ba4573aecc9eaed669e9431a70a5d9f184b8d",
+ },
},
-
{
- ID: "CVE-2014-9938",
- Path: "2014/9xxx/CVE-2014-9938.json",
- BlobHash: "9f74ca256c99ca814200cb62f3d5db211af77219",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2014-9938",
+ Path: "2014/9xxx/CVE-2014-9938.json",
+ BlobHash: "9f74ca256c99ca814200cb62f3d5db211af77219",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/njhartwell/pw3nage",
+ "https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f",
+ "https://access.redhat.com/errata/RHSA-2017:2004",
+ },
},
-
{
- ID: "CVE-2015-5237",
- Path: "2015/5xxx/CVE-2015-5237.json",
- BlobHash: "12f3e517111a864cdaf06708bca08b1beefd91a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-5237",
+ Path: "2015/5xxx/CVE-2015-5237.json",
+ BlobHash: "12f3e517111a864cdaf06708bca08b1beefd91a9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/google/protobuf/issues/760",
+ "http://www.openwall.com/lists/oss-security/2015/08/27/2",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1256426",
+ "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E",
+ "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E",
+ "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E",
+ "https://lists.apache.org/thread.html/ra28fed69eef3a71e5fe5daea001d0456b05b102044237330ec5c7c82@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r17dc6f394429f6bffb5e4c66555d93c2e9923cbbdc5a93db9a56c1c7@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r42e47994734cd1980ef3e204a40555336e10cc80096927aca2f37d90@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/re6d04a214424a97ea59c62190d79316edf311a0a6346524dfef3b940@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r1263fa5b51e4ec3cb8f09ff40e4747428c71198e9bee93349ec96a3c@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r42ef6acfb0d86a2df0c2390702ecbe97d2104a331560f2790d17ca69@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/rb71dac1d9dd4e8a8ae3dbc033aeae514eda9be1263c1df3b42a530a2@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r320dc858da88846ba00bb077bcca2cdf75b7dde0f6eb3a3d60dba6a1@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r85c9a764b573c786224688cc906c27e28343e18f5b33387f94cae90f@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cdev.flink.apache.org%3E",
+ "https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d462b26f4078d21eeb@%3Cuser.flink.apache.org%3E",
+ "https://lists.apache.org/thread.html/r5e52caf41dc49df55b4ee80758356fe1ff2a88179ff24c685de7c28d@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/rf7539287c90be979bac94af9aaba34118fbf968864944b4871af48dd@%3Ccommits.pulsar.apache.org%3E",
+ "https://lists.apache.org/thread.html/r1d274d647b3c2060df9be21eade4ce56d3a59998cf19ac72662dd994@%3Ccommits.pulsar.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2015-5250",
- Path: "2015/5xxx/CVE-2015-5250.json",
- BlobHash: "a35f3719a75df2faff6d9702be23fd2a0f9c727f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-5250",
+ Path: "2015/5xxx/CVE-2015-5250.json",
+ BlobHash: "a35f3719a75df2faff6d9702be23fd2a0f9c727f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin/issues/4374",
+ "https://access.redhat.com/errata/RHSA-2015:1736",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1259867",
+ },
},
-
{
- ID: "CVE-2015-6240",
- Path: "2015/6xxx/CVE-2015-6240.json",
- BlobHash: "6e0f9763e63ce17393bedf56ba538cde7e73d35f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-6240",
+ Path: "2015/6xxx/CVE-2015-6240.json",
+ BlobHash: "6e0f9763e63ce17393bedf56ba538cde7e73d35f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/commit/ca2f2c4ebd7b5e097eab0a710f79c1f63badf95b",
+ "http://www.openwall.com/lists/oss-security/2015/08/17/10",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1243468",
+ "https://github.com/ansible/ansible/commit/952166f48eb0f5797b75b160fd156bbe1e8fc647",
+ "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
+ },
},
-
{
- ID: "CVE-2015-7082",
- Path: "2015/7xxx/CVE-2015-7082.json",
- BlobHash: "60475bed239cbaef4156695da083708a53b39c3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-7082",
+ Path: "2015/7xxx/CVE-2015-7082.json",
+ BlobHash: "60475bed239cbaef4156695da083708a53b39c3c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://support.apple.com/HT205642",
+ "http://lists.apple.com/archives/security-announce/2015/Dec/msg00004.html",
+ "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
+ "http://www.securitytracker.com/id/1034340",
+ },
},
-
{
- ID: "CVE-2015-7528",
- Path: "2015/7xxx/CVE-2015-7528.json",
- BlobHash: "41b1d383e7e18cf2d4c312efccb9f3ebd99dd891",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-7528",
+ Path: "2015/7xxx/CVE-2015-7528.json",
+ BlobHash: "41b1d383e7e18cf2d4c312efccb9f3ebd99dd891",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin/pull/6113",
+ "https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5",
+ "http://rhn.redhat.com/errata/RHSA-2015-2615.html",
+ "https://access.redhat.com/errata/RHSA-2015:2544",
+ "https://github.com/kubernetes/kubernetes/pull/17886",
+ },
},
-
{
- ID: "CVE-2015-7545",
- Path: "2015/7xxx/CVE-2015-7545.json",
- BlobHash: "f3e7d53c4da88c237f053e914c122c4b392d6450",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-7545",
+ Path: "2015/7xxx/CVE-2015-7545.json",
+ BlobHash: "f3e7d53c4da88c237f053e914c122c4b392d6450",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://rhn.redhat.com/errata/RHSA-2015-2515.html",
+ "http://lists.opensuse.org/opensuse-updates/2015-11/msg00066.html",
+ "https://security.gentoo.org/glsa/201605-01",
+ "http://www.openwall.com/lists/oss-security/2015/12/08/5",
+ "https://lkml.org/lkml/2015/10/5/683",
+ "https://github.com/git/git/blob/master/Documentation/RelNotes/2.6.1.txt",
+ "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
+ "http://www.securitytracker.com/id/1034501",
+ "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
+ "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1269794",
+ "https://github.com/git/git/blob/master/Documentation/RelNotes/2.3.10.txt",
+ "http://www.ubuntu.com/usn/USN-2835-1",
+ "https://kernel.googlesource.com/pub/scm/git/git/+/33cfccbbf35a56e190b79bdec5c85457c952a021",
+ "https://github.com/git/git/blob/master/Documentation/RelNotes/2.5.4.txt",
+ "http://www.openwall.com/lists/oss-security/2015/12/11/7",
+ "http://www.securityfocus.com/bid/78711",
+ "http://www.openwall.com/lists/oss-security/2015/12/09/8",
+ "https://github.com/git/git/blob/master/Documentation/RelNotes/2.4.10.txt",
+ "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.533255",
+ "http://www.debian.org/security/2016/dsa-3435",
+ },
},
-
{
- ID: "CVE-2015-7561",
- Path: "2015/7xxx/CVE-2015-7561.json",
- BlobHash: "43b0e2034d6c4eb6d2701ef83d8fd26625e9f7fc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-7561",
+ Path: "2015/7xxx/CVE-2015-7561.json",
+ BlobHash: "43b0e2034d6c4eb6d2701ef83d8fd26625e9f7fc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/pull/18909",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1291963",
+ },
},
-
{
- ID: "CVE-2015-8222",
- Path: "2015/8xxx/CVE-2015-8222.json",
- BlobHash: "ae2fc7029a0c22b3dca5c4e94ee99991c5a561b6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-8222",
+ Path: "2015/8xxx/CVE-2015-8222.json",
+ BlobHash: "ae2fc7029a0c22b3dca5c4e94ee99991c5a561b6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1515689",
+ "http://www.ubuntu.com/usn/USN-2809-1",
+ "https://github.com/lxc/lxd/issues/1307",
+ },
},
-
{
- ID: "CVE-2015-8945",
- Path: "2015/8xxx/CVE-2015-8945.json",
- BlobHash: "cfbcfd20b67906928751c09053531cd9f79a6000",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-8945",
+ Path: "2015/8xxx/CVE-2015-8945.json",
+ BlobHash: "cfbcfd20b67906928751c09053531cd9f79a6000",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.openwall.com/lists/oss-security/2016/07/13/9",
+ "http://www.securityfocus.com/bid/91776",
+ "http://www.openwall.com/lists/oss-security/2016/07/13/10",
+ "https://github.com/openshift/origin/issues/3951",
+ },
},
-
{
- ID: "CVE-2015-9258",
- Path: "2015/9xxx/CVE-2015-9258.json",
- BlobHash: "3cb299ef650530e5b4fa3b8015b92ab1e97acc49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-9258",
+ Path: "2015/9xxx/CVE-2015-9258.json",
+ BlobHash: "3cb299ef650530e5b4fa3b8015b92ab1e97acc49",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://docs.docker.com/notary/changelog/",
+ "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf",
+ },
},
-
{
- ID: "CVE-2015-9259",
- Path: "2015/9xxx/CVE-2015-9259.json",
- BlobHash: "107d41dfd5a02a2db4210d326eef52762e6614eb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-9259",
+ Path: "2015/9xxx/CVE-2015-9259.json",
+ BlobHash: "107d41dfd5a02a2db4210d326eef52762e6614eb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://docs.docker.com/notary/changelog/",
+ "https://github.com/theupdateframework/notary/blob/master/docs/resources/ncc_docker_notary_audit_2015_07_31.pdf",
+ },
},
-
{
- ID: "CVE-2015-9282",
- Path: "2015/9xxx/CVE-2015-9282.json",
- BlobHash: "583dfbf04222a32d8a542ff502b858a73e00c199",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2015-9282",
+ Path: "2015/9xxx/CVE-2015-9282.json",
+ BlobHash: "583dfbf04222a32d8a542ff502b858a73e00c199",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/piechart-panel/pull/163",
+ "https://github.com/grafana/grafana/issues/4117",
+ "https://github.com/grafana/piechart-panel/issues/3",
+ "https://padlock.argh.in/2019/02/05/exploiting-xss-grafana.html",
+ },
},
-
{
- ID: "CVE-2016-0216",
- Path: "2016/0xxx/CVE-2016-0216.json",
- BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-0216",
+ Path: "2016/0xxx/CVE-2016-0216.json",
+ BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.ibm.com/support/docview.wss?uid=swg21975358",
+ "http://www.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_in_ibm_tivoli_storage_manager_fastback_cve_2016_0212_cve_2016_0213_cve_2016_0216",
+ },
},
-
{
- ID: "CVE-2016-1133",
- Path: "2016/1xxx/CVE-2016-1133.json",
- BlobHash: "e8c8db08c23519674cff28190d7799f409074600",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-1133",
+ Path: "2016/1xxx/CVE-2016-1133.json",
+ BlobHash: "e8c8db08c23519674cff28190d7799f409074600",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/682",
+ "https://github.com/h2o/h2o/issues/684",
+ "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000003",
+ "http://jvn.jp/en/jp/JVN45928828/index.html",
+ "https://h2o.examp1e.net/vulnerabilities.html#CVE-2016-1133",
+ },
},
-
{
- ID: "CVE-2016-1544",
- Path: "2016/1xxx/CVE-2016-1544.json",
- BlobHash: "d441f5bd9f88bee233d06b76ebd092ac8ccccc7b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-1544",
+ Path: "2016/1xxx/CVE-2016-1544.json",
+ BlobHash: "d441f5bd9f88bee233d06b76ebd092ac8ccccc7b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1308461",
+ "https://github.com/nghttp2/nghttp2/releases/tag/v1.7.1",
+ "https://github.com/nghttp2/nghttp2/compare/v1.7.0...v1.7.1",
+ "https://security.gentoo.org/glsa/201612-13",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177666.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177308.html",
+ },
},
-
{
- ID: "CVE-2016-1587",
- Path: "2016/1xxx/CVE-2016-1587.json",
- BlobHash: "d9e8ff0aad59fd3f73ea4387b62d42ba264e9f81",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-1587",
+ Path: "2016/1xxx/CVE-2016-1587.json",
+ BlobHash: "d9e8ff0aad59fd3f73ea4387b62d42ba264e9f81",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/snapcore/snapweb/commit/3f4cf9403f7687fbc8e27c0e01b2cf6aa5e7e0d5",
+ },
},
-
{
- ID: "CVE-2016-1905",
- Path: "2016/1xxx/CVE-2016-1905.json",
- BlobHash: "75a910c29b4ebf972c647ddc13c6f49d849be835",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-1905",
+ Path: "2016/1xxx/CVE-2016-1905.json",
+ BlobHash: "75a910c29b4ebf972c647ddc13c6f49d849be835",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/19479",
+ "https://access.redhat.com/errata/RHSA-2016:0070",
+ },
},
-
{
- ID: "CVE-2016-1906",
- Path: "2016/1xxx/CVE-2016-1906.json",
- BlobHash: "9241866e7adb1f68453b4c01c53f5f723d86365d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-1906",
+ Path: "2016/1xxx/CVE-2016-1906.json",
+ BlobHash: "9241866e7adb1f68453b4c01c53f5f723d86365d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin/issues/6556",
+ "https://github.com/openshift/origin/pull/6576",
+ "https://access.redhat.com/errata/RHSA-2016:0070",
+ "https://access.redhat.com/errata/RHSA-2016:0351",
+ },
},
-
{
- ID: "CVE-2016-2160",
- Path: "2016/2xxx/CVE-2016-2160.json",
- BlobHash: "0c47ebe1754218401ccca83d9fc098ab2888c24a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-2160",
+ Path: "2016/2xxx/CVE-2016-2160.json",
+ BlobHash: "0c47ebe1754218401ccca83d9fc098ab2888c24a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin/pull/7864",
+ "https://access.redhat.com/errata/RHSA-2016:1064",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1316127",
+ },
},
-
{
- ID: "CVE-2016-2183",
- Path: "2016/2xxx/CVE-2016-2183.json",
- BlobHash: "a0a8a4df4906c4afe4e07f9cca42696252858f12",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-2183",
+ Path: "2016/2xxx/CVE-2016-2183.json",
+ BlobHash: "a0a8a4df4906c4afe4e07f9cca42696252858f12",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2017:3113",
+ "http://rhn.redhat.com/errata/RHSA-2017-0338.html",
+ "https://security.gentoo.org/glsa/201612-16",
+ "https://access.redhat.com/errata/RHSA-2017:3240",
+ "https://access.redhat.com/errata/RHSA-2017:2709",
+ "http://www.securityfocus.com/bid/92630",
+ "https://access.redhat.com/errata/RHSA-2017:3239",
+ "https://security.gentoo.org/glsa/201701-65",
+ "http://www.securitytracker.com/id/1036696",
+ "https://security.gentoo.org/glsa/201707-01",
+ "http://www.securityfocus.com/bid/95568",
+ "https://access.redhat.com/errata/RHSA-2017:3114",
+ "https://access.redhat.com/errata/RHSA-2017:1216",
+ "https://access.redhat.com/errata/RHSA-2017:2710",
+ "https://www.ietf.org/mail-archive/web/tls/current/msg04560.html",
+ "https://access.redhat.com/errata/RHSA-2018:2123",
+ "http://rhn.redhat.com/errata/RHSA-2017-0337.html",
+ "https://access.redhat.com/errata/RHSA-2017:2708",
+ "http://rhn.redhat.com/errata/RHSA-2017-0336.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html",
+ "http://rhn.redhat.com/errata/RHSA-2017-0462.html",
+ "https://access.redhat.com/errata/RHSA-2019:1245",
+ "https://access.redhat.com/errata/RHSA-2019:2859",
+ "https://access.redhat.com/errata/RHSA-2020:0451",
+ "https://www.oracle.com/security-alerts/cpuapr2020.html",
+ "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
+ "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
+ "https://www.oracle.com/security-alerts/cpujul2020.html",
+ "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
+ "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
+ "https://www.oracle.com/security-alerts/cpujan2020.html",
+ "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
+ "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759",
+ "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
+ "https://www.tenable.com/security/tns-2016-20",
+ "https://sweet32.info/",
+ "http://www.splunk.com/view/SP-CAAAPUE",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1369383",
+ "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03765en_us",
+ "https://blog.cryptographyengineering.com/2016/08/24/attack-of-week-64-bit-ciphers-in-tls/",
+ "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369403",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
+ "https://access.redhat.com/articles/2548661",
+ "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40312",
+ "https://www.teskalabs.com/blog/teskalabs-bulletin-160826-seacat-sweet32-issue",
+ "http://www.splunk.com/view/SP-CAAAPSV",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05369415",
+ "http://www-01.ibm.com/support/docview.wss?uid=swg21995039",
+ "https://github.com/ssllabs/ssllabs-scan/issues/387#issuecomment-242514633",
+ "https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/",
+ "https://www.tenable.com/security/tns-2016-16",
+ "https://www.sigsac.org/ccs/CCS2016/accepted-papers/",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05349499",
+ "https://www.tenable.com/security/tns-2016-21",
+ "https://kc.mcafee.com/corporate/index?page=content&id=SB10171",
+ "http://www-01.ibm.com/support/docview.wss?uid=swg21991482",
+ "https://www.openssl.org/blog/blog/2016/08/24/sweet32/",
+ "https://access.redhat.com/security/cve/cve-2016-2183",
+ "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/august/new-practical-attacks-on-64-bit-block-ciphers-3des-blowfish/",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
+ "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
+ "https://security.netapp.com/advisory/ntap-20160915-0001/",
+ "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
+ "https://bto.bluecoat.com/security-advisory/sa133",
+ "https://www.tenable.com/security/tns-2017-09",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390849",
+ "http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05323116",
+ "https://security.netapp.com/advisory/ntap-20170119-0001/",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05309984",
+ "https://nakedsecurity.sophos.com/2016/08/25/anatomy-of-a-cryptographic-collision-the-sweet32-attack/",
+ "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-17-0008",
+ "http://www-01.ibm.com/support/docview.wss?uid=nas8N1021697",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
+ "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05302448",
+ "https://kc.mcafee.com/corporate/index?page=content&id=SB10310",
+ "https://www.oracle.com/security-alerts/cpuoct2020.html",
+ },
},
-
{
- ID: "CVE-2016-2315",
- Path: "2016/2xxx/CVE-2016-2315.json",
- BlobHash: "baa983753eeb8f4f588796fc6bb2a6da00b24638",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-2315",
+ Path: "2016/2xxx/CVE-2016-2315.json",
+ BlobHash: "baa983753eeb8f4f588796fc6bb2a6da00b24638",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html",
+ "http://www.debian.org/security/2016/dsa-3521",
+ "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
+ "https://security.gentoo.org/glsa/201605-01",
+ "http://www.securitytracker.com/id/1035290",
+ "http://www.securityfocus.com/bid/84355",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html",
+ "http://pastebin.com/UX2P2jjg",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html",
+ "http://www.openwall.com/lists/oss-security/2016/03/15/5",
+ "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html",
+ "http://rhn.redhat.com/errata/RHSA-2016-0496.html",
+ "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
+ "https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305",
+ "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
+ "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html",
+ "http://www.ubuntu.com/usn/USN-2938-1",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html",
+ },
},
-
{
- ID: "CVE-2016-2324",
- Path: "2016/2xxx/CVE-2016-2324.json",
- BlobHash: "9e5d38706848fe52155db5714fce80caef9ce6f2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-2324",
+ Path: "2016/2xxx/CVE-2016-2324.json",
+ BlobHash: "9e5d38706848fe52155db5714fce80caef9ce6f2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00074.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183147.html",
+ "http://www.debian.org/security/2016/dsa-3521",
+ "http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html",
+ "https://security.gentoo.org/glsa/201605-01",
+ "http://www.securitytracker.com/id/1035290",
+ "http://www.securityfocus.com/bid/84355",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00062.html",
+ "http://pastebin.com/UX2P2jjg",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180763.html",
+ "http://www.openwall.com/lists/oss-security/2016/03/15/5",
+ "http://lists.opensuse.org/opensuse-updates/2016-04/msg00011.html",
+ "http://rhn.redhat.com/errata/RHSA-2016-0496.html",
+ "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
+ "https://github.com/git/git/commit/de1e67d0703894cb6ea782e36abb63976ab07e60",
+ "https://raw.githubusercontent.com/git/git/master/Documentation/RelNotes/2.7.4.txt",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00061.html",
+ "http://www.ubuntu.com/usn/USN-2938-1",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00071.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00077.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179121.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00076.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00059.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00060.html",
+ },
},
-
{
- ID: "CVE-2016-3096",
- Path: "2016/3xxx/CVE-2016-3096.json",
- BlobHash: "281e6714266b6074e0d92811e7af8d9c3d959282",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-3096",
+ Path: "2016/3xxx/CVE-2016-3096.json",
+ BlobHash: "281e6714266b6074e0d92811e7af8d9c3d959282",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1322925",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183274.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183252.html",
+ "https://github.com/ansible/ansible-modules-extras/pull/1941/commits/8c6fe646ee79f5e55361b885b7efed5bec72d4a4",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184175.html",
+ "https://github.com/ansible/ansible/blob/v2.0.2.0-1/CHANGELOG.md#202-over-the-hills-and-far-away",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183132.html",
+ "http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183103.html",
+ "https://groups.google.com/forum/#!topic/ansible-announce/tqiZbcWxYig",
+ "https://security.gentoo.org/glsa/201607-14",
+ "https://groups.google.com/forum/#!topic/ansible-announce/E80HLZilTU0",
+ "https://github.com/ansible/ansible-modules-extras/pull/1941",
+ "https://github.com/ansible/ansible/blob/v1.9.6-1/CHANGELOG.md#196-dancing-in-the-street---tbd",
+ },
},
-
{
- ID: "CVE-2016-3711",
- Path: "2016/3xxx/CVE-2016-3711.json",
- BlobHash: "8115e08eb0b2daa8c0fc3a4f25d7ec056218bb0e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-3711",
+ Path: "2016/3xxx/CVE-2016-3711.json",
+ BlobHash: "8115e08eb0b2daa8c0fc3a4f25d7ec056218bb0e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2016:1064",
+ "https://github.com/openshift/origin/pull/8334",
+ },
},
-
{
- ID: "CVE-2016-4817",
- Path: "2016/4xxx/CVE-2016-4817.json",
- BlobHash: "43ee499860a7df5230da7220fdc287ed0a73ee96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-4817",
+ Path: "2016/4xxx/CVE-2016-4817.json",
+ BlobHash: "43ee499860a7df5230da7220fdc287ed0a73ee96",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/commit/1c0808d580da09fdec5a9a74ff09e103ea058dd4",
+ "http://jvn.jp/en/jp/JVN87859762/index.html",
+ "https://github.com/h2o/h2o/pull/920",
+ "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000091",
+ },
},
-
{
- ID: "CVE-2016-4864",
- Path: "2016/4xxx/CVE-2016-4864.json",
- BlobHash: "db81b848bc530e5a932de1f97ee588da3ceed6e3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-4864",
+ Path: "2016/4xxx/CVE-2016-4864.json",
+ BlobHash: "db81b848bc530e5a932de1f97ee588da3ceed6e3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/1077",
+ "https://jvn.jp/en/jp/JVN94779084/index.html",
+ },
},
-
{
- ID: "CVE-2016-6349",
- Path: "2016/6xxx/CVE-2016-6349.json",
- BlobHash: "026a929cc732d3e16f3707b0e77927431839df10",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-6349",
+ Path: "2016/6xxx/CVE-2016-6349.json",
+ BlobHash: "026a929cc732d3e16f3707b0e77927431839df10",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.openwall.com/lists/oss-security/2016/07/26/9",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1360634",
+ "http://www.openwall.com/lists/oss-security/2016/10/13/7",
+ "https://github.com/projectatomic/oci-register-machine/pull/22",
+ "http://www.securityfocus.com/bid/92143",
+ },
},
-
{
- ID: "CVE-2016-6494",
- Path: "2016/6xxx/CVE-2016-6494.json",
- BlobHash: "58fb6d3b0cfbca0fc47b3d74bee4093d056e06bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-6494",
+ Path: "2016/6xxx/CVE-2016-6494.json",
+ BlobHash: "58fb6d3b0cfbca0fc47b3d74bee4093d056e06bc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1362553",
+ "http://www.openwall.com/lists/oss-security/2016/07/29/8",
+ "https://github.com/mongodb/mongo/commit/035cf2afc04988b22cb67f4ebfd77e9b344cb6e0",
+ "http://www.securityfocus.com/bid/92204",
+ "https://jira.mongodb.org/browse/SERVER-25335",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5MCE2ZLFBNOK3TTWSTXZJQGZVP4EEJDL/",
+ "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832908",
+ "http://www.openwall.com/lists/oss-security/2016/07/29/4",
+ },
},
-
{
- ID: "CVE-2016-7063",
- Path: "2016/7xxx/CVE-2016-7063.json",
- BlobHash: "0e23338923c32c85922d4e928bb484a8d85dd32d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-7063",
+ Path: "2016/7xxx/CVE-2016-7063.json",
+ BlobHash: "0e23338923c32c85922d4e928bb484a8d85dd32d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6,",
+ "https://lf.lc/CVE-2016-7063.txt",
+ "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
+ },
},
-
{
- ID: "CVE-2016-7064",
- Path: "2016/7xxx/CVE-2016-7064.json",
- BlobHash: "3d76d334ba98d7f5a2217446c7fc9ea78a9fed49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-7064",
+ Path: "2016/7xxx/CVE-2016-7064.json",
+ BlobHash: "3d76d334ba98d7f5a2217446c7fc9ea78a9fed49",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://lf.lc/CVE-2016-7064.txt",
+ "https://github.com/pritunl/pritunl-client-electron/releases/tag/1.0.1116.6",
+ },
},
-
{
- ID: "CVE-2016-7075",
- Path: "2016/7xxx/CVE-2016-7075.json",
- BlobHash: "f6822fb04347ec41f06e43ae10cc6c9e14752055",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-7075",
+ Path: "2016/7xxx/CVE-2016-7075.json",
+ BlobHash: "f6822fb04347ec41f06e43ae10cc6c9e14752055",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/34517",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7075",
+ "https://access.redhat.com/errata/RHSA-2016:2064",
+ },
},
-
{
- ID: "CVE-2016-7569",
- Path: "2016/7xxx/CVE-2016-7569.json",
- BlobHash: "a8f50811c4301d4f693d341f998650d54a710e4c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-7569",
+ Path: "2016/7xxx/CVE-2016-7569.json",
+ BlobHash: "a8f50811c4301d4f693d341f998650d54a710e4c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/appc/docker2aci/issues/201",
+ "https://github.com/appc/docker2aci/releases/tag/v0.13.0",
+ "http://www.openwall.com/lists/oss-security/2016/09/28/2",
+ "http://www.openwall.com/lists/oss-security/2016/09/28/4",
+ "http://www.securityfocus.com/bid/93194",
+ },
},
-
{
- ID: "CVE-2016-7835",
- Path: "2016/7xxx/CVE-2016-7835.json",
- BlobHash: "7bd0c8f8398f8e219cfc5875e710825f9847ae0a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-7835",
+ Path: "2016/7xxx/CVE-2016-7835.json",
+ BlobHash: "7bd0c8f8398f8e219cfc5875e710825f9847ae0a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/95061",
+ "https://github.com/h2o/h2o/issues/1144",
+ "https://jvn.jp/en/jp/JVN44566208/index.html",
+ },
},
-
{
- ID: "CVE-2016-8579",
- Path: "2016/8xxx/CVE-2016-8579.json",
- BlobHash: "5a1e6220d014e3f9377352389fa43c63accb6625",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-8579",
+ Path: "2016/8xxx/CVE-2016-8579.json",
+ BlobHash: "5a1e6220d014e3f9377352389fa43c63accb6625",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/appc/docker2aci/issues/203",
+ "http://www.securityfocus.com/bid/93560",
+ },
},
-
{
- ID: "CVE-2016-9274",
- Path: "2016/9xxx/CVE-2016-9274.json",
- BlobHash: "96470ffc56da89ea8fc11f458e71ef111ec5df1b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-9274",
+ Path: "2016/9xxx/CVE-2016-9274.json",
+ BlobHash: "96470ffc56da89ea8fc11f458e71ef111ec5df1b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/94289",
+ "https://github.com/git-for-windows/git/issues/944",
+ "https://www.youtube.com/watch?v=S7jOLv0sul0",
+ },
},
-
{
- ID: "CVE-2016-9962",
- Path: "2016/9xxx/CVE-2016-9962.json",
- BlobHash: "c0f980f342321bb14cac1d5de7c6cf207e5c64b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-9962",
+ Path: "2016/9xxx/CVE-2016-9962.json",
+ BlobHash: "c0f980f342321bb14cac1d5de7c6cf207e5c64b9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/95361",
+ "https://github.com/docker/docker/releases/tag/v1.12.6",
+ "http://rhn.redhat.com/errata/RHSA-2017-0116.html",
+ "http://seclists.org/fulldisclosure/2017/Jan/29",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WUQ3MQNEL5IBZZLMLR72Q4YDCL2SCKRK/",
+ "https://bugzilla.suse.com/show_bug.cgi?id=1012568#c6",
+ "https://security.gentoo.org/glsa/201701-34",
+ "http://rhn.redhat.com/errata/RHSA-2017-0123.html",
+ "https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5",
+ "http://rhn.redhat.com/errata/RHSA-2017-0127.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FINGBFMIXBG6B6ZWYH3TMRP5V3PDBNXR/",
+ "https://access.redhat.com/security/vulnerabilities/cve-2016-9962",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQAXJMMLRU7DD2IMG47SR2K4BOFFG7FZ/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UVM7FCOQMPKOFLDTUYSS4ES76DDM56VP/",
+ "http://www.securityfocus.com/archive/1/540001/100/0/threaded",
+ "http://seclists.org/fulldisclosure/2017/Jan/21",
+ },
},
-
{
- ID: "CVE-2017-1000056",
- Path: "2017/1000xxx/CVE-2017-1000056.json",
- BlobHash: "186cdca5f767cbd623a39f1b68889db80497e830",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000056",
+ Path: "2017/1000xxx/CVE-2017-1000056.json",
+ BlobHash: "186cdca5f767cbd623a39f1b68889db80497e830",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/43459",
+ },
},
-
{
- ID: "CVE-2017-1000069",
- Path: "2017/1000xxx/CVE-2017-1000069.json",
- BlobHash: "942314c0d69828503afd2d44f4db106c1d9a30b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000069",
+ Path: "2017/1000xxx/CVE-2017-1000069.json",
+ BlobHash: "942314c0d69828503afd2d44f4db106c1d9a30b3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/bitly/oauth2_proxy/pull/360",
+ },
},
-
{
- ID: "CVE-2017-1000070",
- Path: "2017/1000xxx/CVE-2017-1000070.json",
- BlobHash: "0e401cf5656d411d45e09c34c597b0f081a97387",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000070",
+ Path: "2017/1000xxx/CVE-2017-1000070.json",
+ BlobHash: "0e401cf5656d411d45e09c34c597b0f081a97387",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/bitly/oauth2_proxy/pull/359",
+ "https://tools.ietf.org/html/rfc6819#section-5.2.3.5",
+ },
},
-
{
- ID: "CVE-2017-1000420",
- Path: "2017/1000xxx/CVE-2017-1000420.json",
- BlobHash: "ec203dd2d562b299c55bc03e6b0faac0017424d1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000420",
+ Path: "2017/1000xxx/CVE-2017-1000420.json",
+ BlobHash: "ec203dd2d562b299c55bc03e6b0faac0017424d1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/syncthing/syncthing/issues/4286",
+ },
},
-
{
- ID: "CVE-2017-1000459",
- Path: "2017/1000xxx/CVE-2017-1000459.json",
- BlobHash: "e95287afe54b0c5f194f27d41bae9cd4c76cd6b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000459",
+ Path: "2017/1000xxx/CVE-2017-1000459.json",
+ BlobHash: "e95287afe54b0c5f194f27d41bae9cd4c76cd6b3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/leanote/leanote/issues/676",
+ },
},
-
{
- ID: "CVE-2017-1000492",
- Path: "2017/1000xxx/CVE-2017-1000492.json",
- BlobHash: "2d9e9e6b632c0519380b320d1fb3329d948014a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1000492",
+ Path: "2017/1000xxx/CVE-2017-1000492.json",
+ BlobHash: "2d9e9e6b632c0519380b320d1fb3329d948014a7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/leanote/leanote/issues/695",
+ "https://github.com/leanote/desktop-app/commit/a2ed226637f8e66c9b089784b5e58eccf2e2fb30",
+ },
},
-
{
- ID: "CVE-2017-1002100",
- Path: "2017/1002xxx/CVE-2017-1002100.json",
- BlobHash: "fca5a4aa6327f1653b40a0a3c9b6ced4e696afac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1002100",
+ Path: "2017/1002xxx/CVE-2017-1002100.json",
+ BlobHash: "fca5a4aa6327f1653b40a0a3c9b6ced4e696afac",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/d/msg/kubernetes-security-announce/n3VBg_WJZic/-ddIqKXqAAAJ",
+ "https://github.com/kubernetes/kubernetes/issues/47611",
+ },
},
-
{
- ID: "CVE-2017-1002101",
- Path: "2017/1002xxx/CVE-2017-1002101.json",
- BlobHash: "a8c2bdc2f9c60764e9f1881ec7b2d23aec704e94",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1002101",
+ Path: "2017/1002xxx/CVE-2017-1002101.json",
+ BlobHash: "a8c2bdc2f9c60764e9f1881ec7b2d23aec704e94",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2018:0475",
+ "https://github.com/kubernetes/kubernetes/issues/60813",
+ "https://github.com/bgeesaman/subpath-exploit/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html",
+ },
},
-
{
- ID: "CVE-2017-1002102",
- Path: "2017/1002xxx/CVE-2017-1002102.json",
- BlobHash: "0cc34b8d285c1bcca9e23488088138fa92dd35d7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-1002102",
+ Path: "2017/1002xxx/CVE-2017-1002102.json",
+ BlobHash: "0cc34b8d285c1bcca9e23488088138fa92dd35d7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2018:0475",
+ "https://github.com/kubernetes/kubernetes/issues/60814",
+ },
},
-
{
- ID: "CVE-2017-10868",
- Path: "2017/10xxx/CVE-2017-10868.json",
- BlobHash: "40c59280c218983748803e23264c99c42dad0bcf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-10868",
+ Path: "2017/10xxx/CVE-2017-10868.json",
+ BlobHash: "40c59280c218983748803e23264c99c42dad0bcf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/1459",
+ "https://jvn.jp/en/jp/JVN84182676/index.html",
+ },
},
-
{
- ID: "CVE-2017-10869",
- Path: "2017/10xxx/CVE-2017-10869.json",
- BlobHash: "0009cbdc8d02be0391670e6bb017f95f533f59b6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-10869",
+ Path: "2017/10xxx/CVE-2017-10869.json",
+ BlobHash: "0009cbdc8d02be0391670e6bb017f95f533f59b6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/1460",
+ "https://jvn.jp/en/jp/JVN84182676/index.html",
+ },
},
-
{
- ID: "CVE-2017-10872",
- Path: "2017/10xxx/CVE-2017-10872.json",
- BlobHash: "6d844466776fc894414a92d578ce5c84790e2b8b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-10872",
+ Path: "2017/10xxx/CVE-2017-10872.json",
+ BlobHash: "6d844466776fc894414a92d578ce5c84790e2b8b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/1543",
+ "https://jvn.jp/en/jp/JVN84182676/index.html",
+ },
},
-
{
- ID: "CVE-2017-10908",
- Path: "2017/10xxx/CVE-2017-10908.json",
- BlobHash: "21924f0076822602a678bcbf7cd22669d4fd1a9e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-10908",
+ Path: "2017/10xxx/CVE-2017-10908.json",
+ BlobHash: "21924f0076822602a678bcbf7cd22669d4fd1a9e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/h2o/h2o/issues/1544",
+ "https://jvn.jp/en/jp/JVN84182676/index.html",
+ },
},
-
{
- ID: "CVE-2017-14178",
- Path: "2017/14xxx/CVE-2017-14178.json",
- BlobHash: "9b2bf5cbcc763d491a503ac41067282c665e9abc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-14178",
+ Path: "2017/14xxx/CVE-2017-14178.json",
+ BlobHash: "9b2bf5cbcc763d491a503ac41067282c665e9abc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-14178.html",
+ "https://launchpad.net/bugs/1730255",
+ "https://github.com/snapcore/snapd/pull/4194",
+ },
},
-
{
- ID: "CVE-2017-14623",
- Path: "2017/14xxx/CVE-2017-14623.json",
- BlobHash: "f524aeead96962abc23351d740022553e73757ad",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-14623",
+ Path: "2017/14xxx/CVE-2017-14623.json",
+ BlobHash: "f524aeead96962abc23351d740022553e73757ad",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-ldap/ldap/pull/126",
+ "https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66",
+ },
},
-
{
- ID: "CVE-2017-14992",
- Path: "2017/14xxx/CVE-2017-14992.json",
- BlobHash: "366ff53d9a34d20004a471ca091b29cec6683a1c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-14992",
+ Path: "2017/14xxx/CVE-2017-14992.json",
+ BlobHash: "366ff53d9a34d20004a471ca091b29cec6683a1c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://blog.cloudpassage.com/2017/10/13/discovering-docker-cve-2017-14992/",
+ "https://github.com/moby/moby/issues/35075",
+ },
},
-
{
- ID: "CVE-2017-15104",
- Path: "2017/15xxx/CVE-2017-15104.json",
- BlobHash: "a7df93ede38ff481692b22f5712a90ee83b711cf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-15104",
+ Path: "2017/15xxx/CVE-2017-15104.json",
+ BlobHash: "a7df93ede38ff481692b22f5712a90ee83b711cf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2017:3481",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1510149",
+ "https://access.redhat.com/security/cve/CVE-2017-15104",
+ "https://github.com/heketi/heketi/releases/tag/v5.0.1",
+ },
},
-
{
- ID: "CVE-2017-16539",
- Path: "2017/16xxx/CVE-2017-16539.json",
- BlobHash: "342b31363374a3a6d961be5d73aaeeb7744dbdd4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-16539",
+ Path: "2017/16xxx/CVE-2017-16539.json",
+ BlobHash: "342b31363374a3a6d961be5d73aaeeb7744dbdd4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://marc.info/?l=linux-scsi&m=150985455801444&w=2",
+ "https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1",
+ "https://marc.info/?l=linux-scsi&m=150985062200941&w=2",
+ "https://github.com/moby/moby/pull/35399",
+ "https://twitter.com/ewindisch/status/926443521820774401",
+ },
},
-
{
- ID: "CVE-2017-17697",
- Path: "2017/17xxx/CVE-2017-17697.json",
- BlobHash: "274e9aad2132a7c49c11a1d9265628c3f447edc7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-17697",
+ Path: "2017/17xxx/CVE-2017-17697.json",
+ BlobHash: "274e9aad2132a7c49c11a1d9265628c3f447edc7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/vmware/harbor/issues/3755",
+ },
},
-
{
- ID: "CVE-2017-2428",
- Path: "2017/2xxx/CVE-2017-2428.json",
- BlobHash: "2d3da11d967f8a98955fa00d3b879bf3bf93d9ff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-2428",
+ Path: "2017/2xxx/CVE-2017-2428.json",
+ BlobHash: "2d3da11d967f8a98955fa00d3b879bf3bf93d9ff",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/97146",
+ "https://support.apple.com/HT207601",
+ "https://support.apple.com/HT207615",
+ "http://www.securitytracker.com/id/1038138",
+ "https://github.com/nghttp2/nghttp2/releases/tag/v1.17.0",
+ "https://support.apple.com/HT207602",
+ "https://support.apple.com/HT207617",
+ },
},
-
{
- ID: "CVE-2017-7297",
- Path: "2017/7xxx/CVE-2017-7297.json",
- BlobHash: "80de817b1932c2418c6fc3627767d44227b54e48",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-7297",
+ Path: "2017/7xxx/CVE-2017-7297.json",
+ BlobHash: "80de817b1932c2418c6fc3627767d44227b54e48",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/97180",
+ "https://github.com/rancher/rancher/issues/8296",
+ },
},
-
{
- ID: "CVE-2017-7481",
- Path: "2017/7xxx/CVE-2017-7481.json",
- BlobHash: "e2b8ae7ce6b93ece51f2ed17bb5113b55e8bbb6e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-7481",
+ Path: "2017/7xxx/CVE-2017-7481.json",
+ BlobHash: "e2b8ae7ce6b93ece51f2ed17bb5113b55e8bbb6e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2017:1599",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7481",
+ "https://access.redhat.com/errata/RHSA-2017:1334",
+ "http://www.securityfocus.com/bid/98492",
+ "https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2",
+ "https://access.redhat.com/errata/RHSA-2017:1244",
+ "https://access.redhat.com/errata/RHSA-2017:1499",
+ "https://access.redhat.com/errata/RHSA-2017:2524",
+ "https://access.redhat.com/errata/RHSA-2017:1476",
+ "https://usn.ubuntu.com/4072-1/",
+ "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
+ },
},
-
{
- ID: "CVE-2017-7550",
- Path: "2017/7xxx/CVE-2017-7550.json",
- BlobHash: "ad7744ea58016c1de5573869da0544f1d8e0b16c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-7550",
+ Path: "2017/7xxx/CVE-2017-7550.json",
+ BlobHash: "ad7744ea58016c1de5573869da0544f1d8e0b16c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1473645",
+ "https://github.com/ansible/ansible/issues/30874",
+ "https://access.redhat.com/errata/RHSA-2017:2966",
+ },
},
-
{
- ID: "CVE-2017-7860",
- Path: "2017/7xxx/CVE-2017-7860.json",
- BlobHash: "13a2228e63f0f46795b242bd8cb4ad797cb9cbe2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-7860",
+ Path: "2017/7xxx/CVE-2017-7860.json",
+ BlobHash: "13a2228e63f0f46795b242bd8cb4ad797cb9cbe2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=661",
+ "http://www.securityfocus.com/bid/97695",
+ "https://github.com/grpc/grpc/pull/9833",
+ },
},
-
{
- ID: "CVE-2017-7861",
- Path: "2017/7xxx/CVE-2017-7861.json",
- BlobHash: "453130af5b5b8010111e42cc388fbc5f43aa889e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-7861",
+ Path: "2017/7xxx/CVE-2017-7861.json",
+ BlobHash: "453130af5b5b8010111e42cc388fbc5f43aa889e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/97694",
+ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=655",
+ "https://github.com/grpc/grpc/pull/9833",
+ },
},
-
{
- ID: "CVE-2017-8359",
- Path: "2017/8xxx/CVE-2017-8359.json",
- BlobHash: "5e8f0f8ef3da14ba375263bc03884a3410ac6fcb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-8359",
+ Path: "2017/8xxx/CVE-2017-8359.json",
+ BlobHash: "5e8f0f8ef3da14ba375263bc03884a3410ac6fcb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=726",
+ "http://www.securityfocus.com/bid/98280",
+ "https://github.com/grpc/grpc/pull/10353",
+ },
},
-
{
- ID: "CVE-2017-9431",
- Path: "2017/9xxx/CVE-2017-9431.json",
- BlobHash: "2d6834e7c3d19ddb7baffd0160fd61e30779fdf5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2017-9431",
+ Path: "2017/9xxx/CVE-2017-9431.json",
+ BlobHash: "2d6834e7c3d19ddb7baffd0160fd61e30779fdf5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grpc/grpc/pull/10492",
+ "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=1018",
+ },
},
-
{
- ID: "CVE-2018-0608",
- Path: "2018/0xxx/CVE-2018-0608.json",
- BlobHash: "045fec41d17861f86b541869d397c5e280854bb6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-0608",
+ Path: "2018/0xxx/CVE-2018-0608.json",
+ BlobHash: "045fec41d17861f86b541869d397c5e280854bb6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://jvn.jp/en/jp/JVN93226941/index.html",
+ "https://github.com/h2o/h2o/issues/1775",
+ },
},
-
{
- ID: "CVE-2018-1000400",
- Path: "2018/1000xxx/CVE-2018-1000400.json",
- BlobHash: "055327cc1b43bc98c8260ca9ca9e7f89c7ae1b78",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1000400",
+ Path: "2018/1000xxx/CVE-2018-1000400.json",
+ BlobHash: "055327cc1b43bc98c8260ca9ca9e7f89c7ae1b78",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes-incubator/cri-o/pull/1558/files",
+ "http://www.securityfocus.com/bid/104262",
+ },
},
-
{
- ID: "CVE-2018-1000538",
- Path: "2018/1000xxx/CVE-2018-1000538.json",
- BlobHash: "4693085bc7714393c2fd0e1980970276c9b71687",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1000538",
+ Path: "2018/1000xxx/CVE-2018-1000538.json",
+ BlobHash: "4693085bc7714393c2fd0e1980970276c9b71687",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/minio/minio/commit/9c8b7306f55f2c8c0a5c7cea9a8db9d34be8faa7#diff-e8c3bc9bc83b5516d0cc806cd461d08bL220",
+ "https://github.com/minio/minio/pull/5957",
+ },
},
-
{
- ID: "CVE-2018-1000803",
- Path: "2018/1000xxx/CVE-2018-1000803.json",
- BlobHash: "bbc1d2ebc7f13f350461116c8aecfb6a0c37f33b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1000803",
+ Path: "2018/1000xxx/CVE-2018-1000803.json",
+ BlobHash: "bbc1d2ebc7f13f350461116c8aecfb6a0c37f33b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57",
+ "https://github.com/go-gitea/gitea/pull/4664",
+ },
},
-
{
- ID: "CVE-2018-1000816",
- Path: "2018/1000xxx/CVE-2018-1000816.json",
- BlobHash: "196777c6a21062d6742ad28759a97637e00fae1b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1000816",
+ Path: "2018/1000xxx/CVE-2018-1000816.json",
+ BlobHash: "196777c6a21062d6742ad28759a97637e00fae1b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/issues/13667",
+ },
},
-
{
- ID: "CVE-2018-1002100",
- Path: "2018/1002xxx/CVE-2018-1002100.json",
- BlobHash: "273200b8208ce84c1b7d42550668a98582c7b8ef",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002100",
+ Path: "2018/1002xxx/CVE-2018-1002100.json",
+ BlobHash: "273200b8208ce84c1b7d42550668a98582c7b8ef",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/61297",
+ "https://hansmi.ch/articles/2018-04-openshift-s2i-security",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1564305",
+ },
},
-
{
- ID: "CVE-2018-1002101",
- Path: "2018/1002xxx/CVE-2018-1002101.json",
- BlobHash: "c2cd4cfd92f5f066c2bf9308363a395b2a8449fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002101",
+ Path: "2018/1002xxx/CVE-2018-1002101.json",
+ BlobHash: "c2cd4cfd92f5f066c2bf9308363a395b2a8449fd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/65750",
+ "http://www.securityfocus.com/bid/106238",
+ "https://security.netapp.com/advisory/ntap-20190416-0008/",
+ },
},
-
{
- ID: "CVE-2018-1002102",
- Path: "2018/1002xxx/CVE-2018-1002102.json",
- BlobHash: "96adf20e2429475ae67e72233f65159e2aad09a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002102",
+ Path: "2018/1002xxx/CVE-2018-1002102.json",
+ BlobHash: "96adf20e2429475ae67e72233f65159e2aad09a7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/85867",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q56CULSH7F7BC4NPS67ZS23ZCLL5TIVK/",
+ },
},
-
{
- ID: "CVE-2018-1002103",
- Path: "2018/1002xxx/CVE-2018-1002103.json",
- BlobHash: "d1edbbcfd99863eb063b5d1f04ade5374143ac11",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002103",
+ Path: "2018/1002xxx/CVE-2018-1002103.json",
+ BlobHash: "d1edbbcfd99863eb063b5d1f04ade5374143ac11",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/minikube/issues/3208",
+ },
},
-
{
- ID: "CVE-2018-1002104",
- Path: "2018/1002xxx/CVE-2018-1002104.json",
- BlobHash: "1c10a1a861a08030cabafb1f0972a657871acf6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002104",
+ Path: "2018/1002xxx/CVE-2018-1002104.json",
+ BlobHash: "1c10a1a861a08030cabafb1f0972a657871acf6c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/ingress-nginx/pull/3125",
+ },
},
-
{
- ID: "CVE-2018-1002105",
- Path: "2018/1002xxx/CVE-2018-1002105.json",
- BlobHash: "153ef110d19435a06c78b5f7499c1b6c9a991723",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002105",
+ Path: "2018/1002xxx/CVE-2018-1002105.json",
+ BlobHash: "153ef110d19435a06c78b5f7499c1b6c9a991723",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88",
+ "https://www.exploit-db.com/exploits/46053/",
+ "https://access.redhat.com/errata/RHSA-2018:3549",
+ "https://access.redhat.com/errata/RHSA-2018:3752",
+ "https://www.exploit-db.com/exploits/46052/",
+ "https://access.redhat.com/errata/RHSA-2018:3624",
+ "https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do",
+ "https://github.com/kubernetes/kubernetes/issues/71411",
+ "https://access.redhat.com/errata/RHSA-2018:3742",
+ "https://access.redhat.com/errata/RHSA-2018:3754",
+ "https://access.redhat.com/errata/RHSA-2018:3537",
+ "https://github.com/evict/poc_CVE-2018-1002105",
+ "https://access.redhat.com/errata/RHSA-2018:3598",
+ "https://access.redhat.com/errata/RHSA-2018:3551",
+ "http://www.securityfocus.com/bid/106068",
+ "https://security.netapp.com/advisory/ntap-20190416-0001/",
+ "http://www.openwall.com/lists/oss-security/2019/06/28/2",
+ "http://www.openwall.com/lists/oss-security/2019/07/06/3",
+ "http://www.openwall.com/lists/oss-security/2019/07/06/4",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html",
+ },
},
-
{
- ID: "CVE-2018-1002207",
- Path: "2018/1002xxx/CVE-2018-1002207.json",
- BlobHash: "7a69b2918e654203b3d9cee5e6e57d3eda432b42",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1002207",
+ Path: "2018/1002xxx/CVE-2018-1002207.json",
+ BlobHash: "7a69b2918e654203b3d9cee5e6e57d3eda432b42",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/research/zip-slip-vulnerability",
+ "https://github.com/snyk/zip-slip-vulnerability",
+ "https://github.com/mholt/archiver/pull/65",
+ "https://github.com/mholt/archiver/commit/e4ef56d48eb029648b0e895bb0b6a393ef0829c3",
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARCHIVER-50071",
+ },
},
-
{
- ID: "CVE-2018-10055",
- Path: "2018/10xxx/CVE-2018-10055.json",
- BlobHash: "bfd0b709d180b3fac635c4311cf647adedf2e831",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-10055",
+ Path: "2018/10xxx/CVE-2018-10055.json",
+ BlobHash: "bfd0b709d180b3fac635c4311cf647adedf2e831",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-006.md",
+ },
},
-
{
- ID: "CVE-2018-10856",
- Path: "2018/10xxx/CVE-2018-10856.json",
- BlobHash: "fe414baee5a3a73b4ecc1a07731b0a58ef32e40f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-10856",
+ Path: "2018/10xxx/CVE-2018-10856.json",
+ BlobHash: "fe414baee5a3a73b4ecc1a07731b0a58ef32e40f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10856",
+ "https://github.com/projectatomic/libpod/commit/bae80a0b663925ec751ad2784ca32989403cdc24",
+ "https://access.redhat.com/errata/RHSA-2018:2037",
+ },
},
-
{
- ID: "CVE-2018-10892",
- Path: "2018/10xxx/CVE-2018-10892.json",
- BlobHash: "9a297de39e022e08c46b9f04c88f3327867b27aa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-10892",
+ Path: "2018/10xxx/CVE-2018-10892.json",
+ BlobHash: "9a297de39e022e08c46b9f04c88f3327867b27aa",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/moby/pull/37404",
+ "https://access.redhat.com/errata/RHSA-2018:2729",
+ "https://access.redhat.com/errata/RHSA-2018:2482",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10892",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
+ "https://access.redhat.com/errata/RHBA-2018:2796",
+ },
},
-
{
- ID: "CVE-2018-10937",
- Path: "2018/10xxx/CVE-2018-10937.json",
- BlobHash: "261e46299b2721df16561fae93500096b92c25a6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-10937",
+ Path: "2018/10xxx/CVE-2018-10937.json",
+ BlobHash: "261e46299b2721df16561fae93500096b92c25a6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10937",
+ "http://www.securityfocus.com/bid/105190",
+ "https://github.com/openshift/console/pull/461",
+ "https://github.com/openshift/console/commit/d56666852da6e7309a2e63a49f49a72ff66d309c",
+ },
},
-
{
- ID: "CVE-2018-1098",
- Path: "2018/1xxx/CVE-2018-1098.json",
- BlobHash: "01249fce90e1e575fce9c7ab134de1591496b169",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1098",
+ Path: "2018/1xxx/CVE-2018-1098.json",
+ BlobHash: "01249fce90e1e575fce9c7ab134de1591496b169",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1552714",
+ "https://github.com/coreos/etcd/issues/9353",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/",
+ },
},
-
{
- ID: "CVE-2018-1099",
- Path: "2018/1xxx/CVE-2018-1099.json",
- BlobHash: "1a69ba6fc3592810102632fdd4a8e7aed9f6b1cb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-1099",
+ Path: "2018/1xxx/CVE-2018-1099.json",
+ BlobHash: "1a69ba6fc3592810102632fdd4a8e7aed9f6b1cb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1552717",
+ "https://github.com/coreos/etcd/issues/9353",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UPGYHMSKDPW5GAMI7BEP3XQRVRLLBJKS/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JX7QTIT465BQGRGNCE74RATRQLKT2QE4/",
+ },
},
-
{
- ID: "CVE-2018-12099",
- Path: "2018/12xxx/CVE-2018-12099.json",
- BlobHash: "6b867dd20b28bc782c927bdcb6c8164529d1e0bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-12099",
+ Path: "2018/12xxx/CVE-2018-12099.json",
+ BlobHash: "6b867dd20b28bc782c927bdcb6c8164529d1e0bf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/pull/11813",
+ "https://github.com/grafana/grafana/releases/tag/v5.2.0-beta1",
+ "https://security.netapp.com/advisory/ntap-20190416-0004/",
+ },
},
-
{
- ID: "CVE-2018-12608",
- Path: "2018/12xxx/CVE-2018-12608.json",
- BlobHash: "04e2d2cfa0ade3aa12257cb6f58974336446df17",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-12608",
+ Path: "2018/12xxx/CVE-2018-12608.json",
+ BlobHash: "04e2d2cfa0ade3aa12257cb6f58974336446df17",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/moby/pull/33182",
+ },
},
-
{
- ID: "CVE-2018-12678",
- Path: "2018/12xxx/CVE-2018-12678.json",
- BlobHash: "fdc164ad2138c176976779e1ffaaf333eed7a191",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-12678",
+ Path: "2018/12xxx/CVE-2018-12678.json",
+ BlobHash: "fdc164ad2138c176976779e1ffaaf333eed7a191",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/portainer/portainer/pull/1979",
+ "https://github.com/portainer/portainer/releases/tag/1.18.0",
+ },
},
-
{
- ID: "CVE-2018-12976",
- Path: "2018/12xxx/CVE-2018-12976.json",
- BlobHash: "6a92a4c19239879e39ebc5154d61f738960426c9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-12976",
+ Path: "2018/12xxx/CVE-2018-12976.json",
+ BlobHash: "6a92a4c19239879e39ebc5154d61f738960426c9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!msg/golang-announce/4rpTbfzYB1k/no6MEwlQAwAJ",
+ "https://github.com/golang/gddo/commit/daffe1f90ec57f8ed69464f9094753fc6452e983",
+ },
},
-
{
- ID: "CVE-2018-14474",
- Path: "2018/14xxx/CVE-2018-14474.json",
- BlobHash: "d1a361cbe7eb0eb35921ab6cd10e2a51faffd079",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-14474",
+ Path: "2018/14xxx/CVE-2018-14474.json",
+ BlobHash: "d1a361cbe7eb0eb35921ab6cd10e2a51faffd079",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/s-gv/orangeforum/commit/1f6313cb3a1e755880fc1354f3e1efc4dd2dd4aa",
+ },
},
-
{
- ID: "CVE-2018-15178",
- Path: "2018/15xxx/CVE-2018-15178.json",
- BlobHash: "a57c17640dc4de6fa83a45e5ef93f9431abf4c92",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15178",
+ Path: "2018/15xxx/CVE-2018-15178.json",
+ BlobHash: "a57c17640dc4de6fa83a45e5ef93f9431abf4c92",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5364",
+ "https://github.com/gogs/gogs/pull/5365",
+ },
},
-
{
- ID: "CVE-2018-15192",
- Path: "2018/15xxx/CVE-2018-15192.json",
- BlobHash: "e94118c0b7ae432eba835137ddaca3f65be53a52",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15192",
+ Path: "2018/15xxx/CVE-2018-15192.json",
+ BlobHash: "e94118c0b7ae432eba835137ddaca3f65be53a52",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5366",
+ "https://github.com/go-gitea/gitea/issues/4624",
+ },
},
-
{
- ID: "CVE-2018-15193",
- Path: "2018/15xxx/CVE-2018-15193.json",
- BlobHash: "0da82c7f418abe22cf2aee3964211d3d3966cfd5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15193",
+ Path: "2018/15xxx/CVE-2018-15193.json",
+ BlobHash: "0da82c7f418abe22cf2aee3964211d3d3966cfd5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5367",
+ },
},
-
{
- ID: "CVE-2018-15598",
- Path: "2018/15xxx/CVE-2018-15598.json",
- BlobHash: "edb153e30e0b8b71c8fc3857fcd7ab3b989802da",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15598",
+ Path: "2018/15xxx/CVE-2018-15598.json",
+ BlobHash: "edb153e30e0b8b71c8fc3857fcd7ab3b989802da",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containous/traefik/pull/3790",
+ "https://github.com/containous/traefik/pull/3790/commits/368bd170913078732bde58160f92f202f370278b",
+ "https://github.com/containous/traefik/releases/tag/v1.6.6",
+ "https://github.com/containous/traefik/pull/3790/commits/113250ce5735d554c502ca16fb03bb9119ca79f1",
+ },
},
-
{
- ID: "CVE-2018-15664",
- Path: "2018/15xxx/CVE-2018-15664.json",
- BlobHash: "cd288bf64f1c706476bbdda4277d751f029d2e06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15664",
+ Path: "2018/15xxx/CVE-2018-15664.json",
+ BlobHash: "cd288bf64f1c706476bbdda4277d751f029d2e06",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.suse.com/show_bug.cgi?id=1096726",
+ "https://github.com/moby/moby/pull/39252",
+ "http://www.openwall.com/lists/oss-security/2019/05/28/1",
+ "http://www.securityfocus.com/bid/108507",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00066.html",
+ "https://usn.ubuntu.com/4048-1/",
+ "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-15664",
+ "https://access.redhat.com/errata/RHSA-2019:1910",
+ "http://www.openwall.com/lists/oss-security/2019/08/21/1",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html",
+ },
},
-
{
- ID: "CVE-2018-15747",
- Path: "2018/15xxx/CVE-2018-15747.json",
- BlobHash: "abb866308a8fdcfcf8d915e56024d8bdb9bf9521",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15747",
+ Path: "2018/15xxx/CVE-2018-15747.json",
+ BlobHash: "abb866308a8fdcfcf8d915e56024d8bdb9bf9521",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/prasmussen/glot-code-runner/issues/15",
+ },
},
-
{
- ID: "CVE-2018-15869",
- Path: "2018/15xxx/CVE-2018-15869.json",
- BlobHash: "bddc4e3d6a904e86f183f314f744743ea14ad283",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-15869",
+ Path: "2018/15xxx/CVE-2018-15869.json",
+ BlobHash: "bddc4e3d6a904e86f183f314f744743ea14ad283",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/105172",
+ "https://github.com/hashicorp/packer/issues/6584",
+ },
},
-
{
- ID: "CVE-2018-16316",
- Path: "2018/16xxx/CVE-2018-16316.json",
- BlobHash: "53d8827f84704705acf59957d84f0979be815f38",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16316",
+ Path: "2018/16xxx/CVE-2018-16316.json",
+ BlobHash: "53d8827f84704705acf59957d84f0979be815f38",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/portainer/portainer/commit/1ad150c99460a35224d6adfe48ddda9ee056b7d2",
+ },
},
-
{
- ID: "CVE-2018-16359",
- Path: "2018/16xxx/CVE-2018-16359.json",
- BlobHash: "c42eb49fc474c15d577dbc3ccc64de8164e152bd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16359",
+ Path: "2018/16xxx/CVE-2018-16359.json",
+ BlobHash: "c42eb49fc474c15d577dbc3ccc64de8164e152bd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.chromium.org/p/project-zero/issues/detail?id=1632",
+ "https://github.com/google/gvisor/commit/001a4c2493b13a43d62c7511fb509a959ae4abc2",
+ },
},
-
{
- ID: "CVE-2018-16398",
- Path: "2018/16xxx/CVE-2018-16398.json",
- BlobHash: "232319722bf894c43c9d7d8affffff8161b0dd2a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16398",
+ Path: "2018/16xxx/CVE-2018-16398.json",
+ BlobHash: "232319722bf894c43c9d7d8affffff8161b0dd2a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/twistlock/authz/issues/50",
+ "https://github.com/twistlock/authz/issues/51",
+ },
},
-
{
- ID: "CVE-2018-16409",
- Path: "2018/16xxx/CVE-2018-16409.json",
- BlobHash: "39f379ecda7f8971a7ca7e02925776cd65515f98",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16409",
+ Path: "2018/16xxx/CVE-2018-16409.json",
+ BlobHash: "39f379ecda7f8971a7ca7e02925776cd65515f98",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5372",
+ },
},
-
{
- ID: "CVE-2018-16733",
- Path: "2018/16xxx/CVE-2018-16733.json",
- BlobHash: "2c31ccc6fc823bcdc7ad873e55ab4cfa8bfc226a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16733",
+ Path: "2018/16xxx/CVE-2018-16733.json",
+ BlobHash: "2c31ccc6fc823bcdc7ad873e55ab4cfa8bfc226a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ethereum/go-ethereum/commit/106d196ec4a6451efedc60ab15957f231fa85639",
+ },
},
-
{
- ID: "CVE-2018-16859",
- Path: "2018/16xxx/CVE-2018-16859.json",
- BlobHash: "678f6a27e55ee773abf1427413a47e878fbe8ae8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16859",
+ Path: "2018/16xxx/CVE-2018-16859.json",
+ BlobHash: "678f6a27e55ee773abf1427413a47e878fbe8ae8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/pull/49142",
+ "https://access.redhat.com/errata/RHSA-2018:3770",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16859",
+ "https://access.redhat.com/errata/RHSA-2018:3771",
+ "http://www.securityfocus.com/bid/106004",
+ "https://access.redhat.com/errata/RHSA-2018:3773",
+ "https://access.redhat.com/errata/RHSA-2018:3772",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
+ },
},
-
{
- ID: "CVE-2018-16876",
- Path: "2018/16xxx/CVE-2018-16876.json",
- BlobHash: "5380288314b1345acd95ec6a54e23d564badb9ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-16876",
+ Path: "2018/16xxx/CVE-2018-16876.json",
+ BlobHash: "5380288314b1345acd95ec6a54e23d564badb9ac",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2018:3838",
+ "https://access.redhat.com/errata/RHSA-2019:0564",
+ "http://www.securityfocus.com/bid/106225",
+ "https://access.redhat.com/errata/RHSA-2018:3836",
+ "https://access.redhat.com/errata/RHSA-2018:3835",
+ "https://github.com/ansible/ansible/pull/49569",
+ "https://access.redhat.com/errata/RHSA-2018:3837",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16876",
+ "https://www.debian.org/security/2019/dsa-4396",
+ "https://access.redhat.com/errata/RHSA-2019:0590",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
+ "https://usn.ubuntu.com/4072-1/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
+ },
},
-
{
- ID: "CVE-2018-17031",
- Path: "2018/17xxx/CVE-2018-17031.json",
- BlobHash: "7bab8a1dc52969e53cac17f0637c761926dc26a8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-17031",
+ Path: "2018/17xxx/CVE-2018-17031.json",
+ BlobHash: "7bab8a1dc52969e53cac17f0637c761926dc26a8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5397",
+ },
},
-
{
- ID: "CVE-2018-17456",
- Path: "2018/17xxx/CVE-2018-17456.json",
- BlobHash: "5335a4699d4dcd8179960df573f4745a593613d4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-17456",
+ Path: "2018/17xxx/CVE-2018-17456.json",
+ BlobHash: "5335a4699d4dcd8179960df573f4745a593613d4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.exploit-db.com/exploits/45631/",
+ "http://www.securityfocus.com/bid/105523",
+ "http://www.securitytracker.com/id/1041811",
+ "https://www.debian.org/security/2018/dsa-4311",
+ "https://access.redhat.com/errata/RHSA-2018:3505",
+ "https://github.com/git/git/commit/1a7fd1fb2998002da6e9ff2ee46e1bdd25ee8404",
+ "https://www.exploit-db.com/exploits/45548/",
+ "https://access.redhat.com/errata/RHSA-2018:3541",
+ "https://github.com/git/git/commit/a124133e1e6ab5c7a9fef6d0e6bcb084e3455b46",
+ "https://access.redhat.com/errata/RHSA-2018:3408",
+ "https://marc.info/?l=git&m=153875888916397&w=2",
+ "https://www.openwall.com/lists/oss-security/2018/10/06/3",
+ "https://usn.ubuntu.com/3791-1/",
+ "https://seclists.org/bugtraq/2019/Mar/30",
+ "http://www.securityfocus.com/bid/107511",
+ "http://packetstormsecurity.com/files/152173/Sourcetree-Git-Arbitrary-Code-Execution-URL-Handling.html",
+ "https://access.redhat.com/errata/RHSA-2020:0316",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
+ },
},
-
{
- ID: "CVE-2018-17572",
- Path: "2018/17xxx/CVE-2018-17572.json",
- BlobHash: "e91cbd3483163459057b92a35e691421d94c1118",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-17572",
+ Path: "2018/17xxx/CVE-2018-17572.json",
+ BlobHash: "e91cbd3483163459057b92a35e691421d94c1118",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://gist.github.com/Raghavrao29/1cb84f1f2d8ce993fd7b2d1366d35f48",
+ "https://github.com/influxdata/influxdb/releases/tag/v0.9.6",
+ },
},
-
{
- ID: "CVE-2018-18264",
- Path: "2018/18xxx/CVE-2018-18264.json",
- BlobHash: "9d1fca97635951f2ed39a0f726787f404f1a339b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18264",
+ Path: "2018/18xxx/CVE-2018-18264.json",
+ BlobHash: "9d1fca97635951f2ed39a0f726787f404f1a339b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://sysdig.com/blog/privilege-escalation-kubernetes-dashboard/",
+ "http://www.securityfocus.com/bid/106493",
+ "https://groups.google.com/forum/#!topic/kubernetes-announce/yBrFf5nmvfI",
+ "https://github.com/kubernetes/dashboard/releases/tag/v1.10.1",
+ "https://github.com/kubernetes/dashboard/pull/3400",
+ "https://github.com/kubernetes/dashboard/pull/3289",
+ },
},
-
{
- ID: "CVE-2018-18553",
- Path: "2018/18xxx/CVE-2018-18553.json",
- BlobHash: "f0cced225e5b727eee78018a67090affecf7c7ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18553",
+ Path: "2018/18xxx/CVE-2018-18553.json",
+ BlobHash: "f0cced225e5b727eee78018a67090affecf7c7ae",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/leanote/leanote/issues/822",
+ },
},
-
{
- ID: "CVE-2018-18623",
- Path: "2018/18xxx/CVE-2018-18623.json",
- BlobHash: "59f314eb5b689b83359e92d05d8df451707f8eca",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18623",
+ Path: "2018/18xxx/CVE-2018-18623.json",
+ BlobHash: "59f314eb5b689b83359e92d05d8df451707f8eca",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/pull/11813",
+ "https://security.netapp.com/advisory/ntap-20200608-0008/",
+ },
},
-
{
- ID: "CVE-2018-18624",
- Path: "2018/18xxx/CVE-2018-18624.json",
- BlobHash: "774fe9ebe536fc3fc5e5f20b188595ac44c80084",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18624",
+ Path: "2018/18xxx/CVE-2018-18624.json",
+ BlobHash: "774fe9ebe536fc3fc5e5f20b188595ac44c80084",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/pull/11813",
+ "https://security.netapp.com/advisory/ntap-20200608-0008/",
+ },
},
-
{
- ID: "CVE-2018-18625",
- Path: "2018/18xxx/CVE-2018-18625.json",
- BlobHash: "e427129bbe49ac34bfec64e93c5235be9cb906b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18625",
+ Path: "2018/18xxx/CVE-2018-18625.json",
+ BlobHash: "e427129bbe49ac34bfec64e93c5235be9cb906b3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/pull/11813",
+ "https://security.netapp.com/advisory/ntap-20200608-0008/",
+ },
},
-
{
- ID: "CVE-2018-18925",
- Path: "2018/18xxx/CVE-2018-18925.json",
- BlobHash: "094fea40676b8ff3b0f8f28ce482c38bfa9c0dc8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18925",
+ Path: "2018/18xxx/CVE-2018-18925.json",
+ BlobHash: "094fea40676b8ff3b0f8f28ce482c38bfa9c0dc8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5469",
+ },
},
-
{
- ID: "CVE-2018-18926",
- Path: "2018/18xxx/CVE-2018-18926.json",
- BlobHash: "9f8984abcd9be9d1192ec0eb53771cedeb0ccb7e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-18926",
+ Path: "2018/18xxx/CVE-2018-18926.json",
+ BlobHash: "9f8984abcd9be9d1192ec0eb53771cedeb0ccb7e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/issues/5140",
+ },
},
-
{
- ID: "CVE-2018-19114",
- Path: "2018/19xxx/CVE-2018-19114.json",
- BlobHash: "76e9d3b69b0961db9efaf478f1666d2518cdce18",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19114",
+ Path: "2018/19xxx/CVE-2018-19114.json",
+ BlobHash: "76e9d3b69b0961db9efaf478f1666d2518cdce18",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/lifei6671/mindoc/issues/384",
+ },
},
-
{
- ID: "CVE-2018-19148",
- Path: "2018/19xxx/CVE-2018-19148.json",
- BlobHash: "5230ee0573997298a29e85e471f230e9ee5ee320",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19148",
+ Path: "2018/19xxx/CVE-2018-19148.json",
+ BlobHash: "5230ee0573997298a29e85e471f230e9ee5ee320",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/mholt/caddy/pull/2015",
+ "https://github.com/mholt/caddy/issues/1303",
+ "https://github.com/mholt/caddy/issues/2334",
+ },
},
-
{
- ID: "CVE-2018-19184",
- Path: "2018/19xxx/CVE-2018-19184.json",
- BlobHash: "ae25d83c06c8683e86c63fbed23c14fad844bca6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19184",
+ Path: "2018/19xxx/CVE-2018-19184.json",
+ BlobHash: "ae25d83c06c8683e86c63fbed23c14fad844bca6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ethereum/go-ethereum/issues/18069",
+ },
},
-
{
- ID: "CVE-2018-19295",
- Path: "2018/19xxx/CVE-2018-19295.json",
- BlobHash: "17864661bfc1bde9f3b20836ec844f88c0c00d2a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19295",
+ Path: "2018/19xxx/CVE-2018-19295.json",
+ BlobHash: "17864661bfc1bde9f3b20836ec844f88c0c00d2a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/sylabs/singularity/releases/tag/2.6.1",
+ },
},
-
{
- ID: "CVE-2018-19333",
- Path: "2018/19xxx/CVE-2018-19333.json",
- BlobHash: "c234aa4daf9af3a2c9119b1da9ea3f33b467067d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19333",
+ Path: "2018/19xxx/CVE-2018-19333.json",
+ BlobHash: "c234aa4daf9af3a2c9119b1da9ea3f33b467067d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://justi.cz/security/2018/11/14/gvisor-lpe.html",
+ "https://github.com/google/gvisor/commit/0e277a39c8b6f905e289b75e8ad0594e6b3562ca",
+ },
},
-
{
- ID: "CVE-2018-19367",
- Path: "2018/19xxx/CVE-2018-19367.json",
- BlobHash: "a3340712dbc79533ebb2e6332efd6314c6325cc8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19367",
+ Path: "2018/19xxx/CVE-2018-19367.json",
+ BlobHash: "a3340712dbc79533ebb2e6332efd6314c6325cc8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/lichti/shodan-portainer/",
+ "https://github.com/portainer/portainer/issues/2475",
+ },
},
-
{
- ID: "CVE-2018-19466",
- Path: "2018/19xxx/CVE-2018-19466.json",
- BlobHash: "06c52909067b881c6cef8398f6f7eb99d81a99e0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19466",
+ Path: "2018/19xxx/CVE-2018-19466.json",
+ BlobHash: "06c52909067b881c6cef8398f6f7eb99d81a99e0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/portainer/portainer/pull/2488",
+ "https://github.com/portainer/portainer/releases",
+ "https://github.com/MauroEldritch/lempo",
+ },
},
-
{
- ID: "CVE-2018-19653",
- Path: "2018/19xxx/CVE-2018-19653.json",
- BlobHash: "7c7de73314eb58e4e50ff65a3f93c8e97e0001e6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19653",
+ Path: "2018/19xxx/CVE-2018-19653.json",
+ BlobHash: "7c7de73314eb58e4e50ff65a3f93c8e97e0001e6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!topic/consul-tool/7TCw06oio0I",
+ "https://github.com/hashicorp/consul/pull/5069",
+ },
},
-
{
- ID: "CVE-2018-19786",
- Path: "2018/19xxx/CVE-2018-19786.json",
- BlobHash: "44fc7dda05c3e2fddb648168a0287f4345aeeadb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19786",
+ Path: "2018/19xxx/CVE-2018-19786.json",
+ BlobHash: "44fc7dda05c3e2fddb648168a0287f4345aeeadb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#100-december-3rd-2018",
+ },
},
-
{
- ID: "CVE-2018-19793",
- Path: "2018/19xxx/CVE-2018-19793.json",
- BlobHash: "52f5a3da668af5c966cdaba22f3c98998a424994",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-19793",
+ Path: "2018/19xxx/CVE-2018-19793.json",
+ BlobHash: "52f5a3da668af5c966cdaba22f3c98998a424994",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/iwannay/jiacrontab/issues/28",
+ },
},
-
{
- ID: "CVE-2018-20303",
- Path: "2018/20xxx/CVE-2018-20303.json",
- BlobHash: "2779443b720a0c9de37b3f3f9e3e11d9a551758d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-20303",
+ Path: "2018/20xxx/CVE-2018-20303.json",
+ BlobHash: "2779443b720a0c9de37b3f3f9e3e11d9a551758d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce",
+ "https://pentesterlab.com/exercises/cve-2018-18925/",
+ "https://github.com/gogs/gogs/issues/5558",
+ },
},
-
{
- ID: "CVE-2018-20421",
- Path: "2018/20xxx/CVE-2018-20421.json",
- BlobHash: "44708b3178d64441e737723c276c09be2a68458c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-20421",
+ Path: "2018/20xxx/CVE-2018-20421.json",
+ BlobHash: "44708b3178d64441e737723c276c09be2a68458c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ethereum/go-ethereum/issues/18289",
+ },
},
-
{
- ID: "CVE-2018-20699",
- Path: "2018/20xxx/CVE-2018-20699.json",
- BlobHash: "dacf7cf3d7d29ae5e23e75ba7131ec150742a6aa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-20699",
+ Path: "2018/20xxx/CVE-2018-20699.json",
+ BlobHash: "dacf7cf3d7d29ae5e23e75ba7131ec150742a6aa",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/docker/engine/pull/70",
+ "https://github.com/moby/moby/pull/37967",
+ "https://access.redhat.com/errata/RHSA-2019:0487",
+ },
},
-
{
- ID: "CVE-2018-20744",
- Path: "2018/20xxx/CVE-2018-20744.json",
- BlobHash: "1cefda4afbed2d638e20c35d2c933d0b5f040517",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-20744",
+ Path: "2018/20xxx/CVE-2018-20744.json",
+ BlobHash: "1cefda4afbed2d638e20c35d2c933d0b5f040517",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/106834",
+ "https://github.com/rs/cors/issues/55",
+ "https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-chen.pdf",
+ },
},
-
{
- ID: "CVE-2018-21034",
- Path: "2018/21xxx/CVE-2018-21034.json",
- BlobHash: "56d67bbf8f84d7891fe18cb9e5e4ccf57d2c950f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-21034",
+ Path: "2018/21xxx/CVE-2018-21034.json",
+ BlobHash: "56d67bbf8f84d7891fe18cb9e5e4ccf57d2c950f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo-cd/blob/a1afe44066fcd0a0ab90a02a23177164bbad42cf/util/diff/diff.go#L399",
+ "https://github.com/argoproj/argo-cd/issues/470",
+ "https://github.com/argoproj/argo-cd/pull/3088",
+ "https://www.soluble.ai/blog/argo-cves-2020",
+ },
},
-
{
- ID: "CVE-2018-21233",
- Path: "2018/21xxx/CVE-2018-21233.json",
- BlobHash: "9937c0c3e6b76e59e2ca443213aff777788924a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-21233",
+ Path: "2018/21xxx/CVE-2018-21233.json",
+ BlobHash: "9937c0c3e6b76e59e2ca443213aff777788924a4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-001.md",
+ "https://github.com/tensorflow/tensorflow/commit/49f73c55d56edffebde4bca4a407ad69c1cae433",
+ },
},
-
{
- ID: "CVE-2018-7575",
- Path: "2018/7xxx/CVE-2018-7575.json",
- BlobHash: "9343295dfee30eb28e116826e8850d64aabf441a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-7575",
+ Path: "2018/7xxx/CVE-2018-7575.json",
+ BlobHash: "9343295dfee30eb28e116826e8850d64aabf441a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-004.md",
+ },
},
-
{
- ID: "CVE-2018-7576",
- Path: "2018/7xxx/CVE-2018-7576.json",
- BlobHash: "2453c5b8afea3b098674f54d18903bead7dd5f7a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-7576",
+ Path: "2018/7xxx/CVE-2018-7576.json",
+ BlobHash: "2453c5b8afea3b098674f54d18903bead7dd5f7a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-002.md",
+ },
},
-
{
- ID: "CVE-2018-7577",
- Path: "2018/7xxx/CVE-2018-7577.json",
- BlobHash: "8157d1ce7a37342f460099bf7dbf3a5a99b1f91b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-7577",
+ Path: "2018/7xxx/CVE-2018-7577.json",
+ BlobHash: "8157d1ce7a37342f460099bf7dbf3a5a99b1f91b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md",
+ },
},
-
{
- ID: "CVE-2018-8825",
- Path: "2018/8xxx/CVE-2018-8825.json",
- BlobHash: "17abad64af8aa7178a1f18c852d2ead398d566ca",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-8825",
+ Path: "2018/8xxx/CVE-2018-8825.json",
+ BlobHash: "17abad64af8aa7178a1f18c852d2ead398d566ca",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-003.md",
+ },
},
-
{
- ID: "CVE-2018-9057",
- Path: "2018/9xxx/CVE-2018-9057.json",
- BlobHash: "b752bd349b89c035a8dfe9beb1e00500b3eabe64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2018-9057",
+ Path: "2018/9xxx/CVE-2018-9057.json",
+ BlobHash: "b752bd349b89c035a8dfe9beb1e00500b3eabe64",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/terraform-providers/terraform-provider-aws/pull/3934",
+ },
},
-
{
- ID: "CVE-2019-1000002",
- Path: "2019/1000xxx/CVE-2019-1000002.json",
- BlobHash: "025ede9d25a3d3f4675742a15bf6613c65329185",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1000002",
+ Path: "2019/1000xxx/CVE-2019-1000002.json",
+ BlobHash: "025ede9d25a3d3f4675742a15bf6613c65329185",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/5631",
+ },
},
-
{
- ID: "CVE-2019-1002100",
- Path: "2019/1002xxx/CVE-2019-1002100.json",
- BlobHash: "e0b89cbfecc6bda0ddc9328c14c464d0f530d569",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1002100",
+ Path: "2019/1002xxx/CVE-2019-1002100.json",
+ BlobHash: "e0b89cbfecc6bda0ddc9328c14c464d0f530d569",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.securityfocus.com/bid/107290",
+ "https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g",
+ "https://github.com/kubernetes/kubernetes/issues/74534",
+ "https://security.netapp.com/advisory/ntap-20190416-0002/",
+ "https://access.redhat.com/errata/RHSA-2019:1851",
+ "https://access.redhat.com/errata/RHSA-2019:3239",
+ },
},
-
{
- ID: "CVE-2019-1002101",
- Path: "2019/1002xxx/CVE-2019-1002101.json",
- BlobHash: "fc334f7e1f3d69f0a0aa7f96aeb508e914eb608e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1002101",
+ Path: "2019/1002xxx/CVE-2019-1002101.json",
+ BlobHash: "fc334f7e1f3d69f0a0aa7f96aeb508e914eb608e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/pull/75037",
+ "http://www.securityfocus.com/bid/107652",
+ "https://access.redhat.com/errata/RHBA-2019:0620",
+ "https://access.redhat.com/errata/RHBA-2019:0619",
+ "https://access.redhat.com/errata/RHBA-2019:0636",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPV2RE5RMOGUVP5WJMXKQJZUBBLAFZPZ/",
+ "http://www.openwall.com/lists/oss-security/2019/06/21/1",
+ "http://www.openwall.com/lists/oss-security/2019/08/05/5",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QZB7E3DOZ5WDG46XAIU6K32CXHXPXB2F/",
+ "https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/",
+ },
},
-
{
- ID: "CVE-2019-1010003",
- Path: "2019/1010xxx/CVE-2019-1010003.json",
- BlobHash: "42d5629bcde21ead9f2a00a657cac5e87d417353",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1010003",
+ Path: "2019/1010xxx/CVE-2019-1010003.json",
+ BlobHash: "42d5629bcde21ead9f2a00a657cac5e87d417353",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/leanote/leanote/issues/719",
+ },
},
-
{
- ID: "CVE-2019-1010261",
- Path: "2019/1010xxx/CVE-2019-1010261.json",
- BlobHash: "f3831638d12b38f33ea883beef62a45010809b5c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1010261",
+ Path: "2019/1010xxx/CVE-2019-1010261.json",
+ BlobHash: "f3831638d12b38f33ea883beef62a45010809b5c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/5905",
+ },
},
-
{
- ID: "CVE-2019-1010275",
- Path: "2019/1010xxx/CVE-2019-1010275.json",
- BlobHash: "fe4e49a7a24105b11d76a66df4c7b4d0b29326bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1010275",
+ Path: "2019/1010xxx/CVE-2019-1010275.json",
+ BlobHash: "fe4e49a7a24105b11d76a66df4c7b4d0b29326bf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/releases/tag/v2.7.2",
+ "https://github.com/helm/helm/pull/3152",
+ "https://github.com/helm/helm/pull/3152/files/1096813bf9a425e2aa4ac755b6c991b626dfab50",
+ },
},
-
{
- ID: "CVE-2019-1010314",
- Path: "2019/1010xxx/CVE-2019-1010314.json",
- BlobHash: "ee33fb655d9cdb556729967d0e5795044a74797e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1010314",
+ Path: "2019/1010xxx/CVE-2019-1010314.json",
+ BlobHash: "ee33fb655d9cdb556729967d0e5795044a74797e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/releases",
+ },
},
-
{
- ID: "CVE-2019-10152",
- Path: "2019/10xxx/CVE-2019-10152.json",
- BlobHash: "8caa697ce18f612e3f89e82105107920bc18512b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10152",
+ Path: "2019/10xxx/CVE-2019-10152.json",
+ BlobHash: "8caa697ce18f612e3f89e82105107920bc18512b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10152",
+ "https://github.com/containers/libpod/issues/3211",
+ "https://github.com/containers/libpod/pull/3214",
+ "https://github.com/containers/libpod/blob/master/RELEASE_NOTES.md#140",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00001.html",
+ },
},
-
{
- ID: "CVE-2019-10156",
- Path: "2019/10xxx/CVE-2019-10156.json",
- BlobHash: "9bca6bd659046577d701e51ccbb3e127e06ff77d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10156",
+ Path: "2019/10xxx/CVE-2019-10156.json",
+ BlobHash: "9bca6bd659046577d701e51ccbb3e127e06ff77d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10156",
+ "https://github.com/ansible/ansible/pull/57188",
+ "https://lists.debian.org/debian-lts-announce/2019/09/msg00016.html",
+ "https://access.redhat.com/errata/RHSA-2019:3744",
+ "https://access.redhat.com/errata/RHSA-2019:3789",
+ "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
+ },
},
-
{
- ID: "CVE-2019-10165",
- Path: "2019/10xxx/CVE-2019-10165.json",
- BlobHash: "ebeba6c38254ff460ab6b1a5da153d9c47c9407a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10165",
+ Path: "2019/10xxx/CVE-2019-10165.json",
+ BlobHash: "ebeba6c38254ff460ab6b1a5da153d9c47c9407a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10165",
+ "https://github.com/openshift/cluster-kube-apiserver-operator/pull/499/",
+ "https://github.com/openshift/cluster-openshift-apiserver-operator/pull/205",
+ },
},
-
{
- ID: "CVE-2019-10200",
- Path: "2019/10xxx/CVE-2019-10200.json",
- BlobHash: "dbc0d981d4cc09a63bde8bfd9c87f6a6b23f287d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10200",
+ Path: "2019/10xxx/CVE-2019-10200.json",
+ BlobHash: "dbc0d981d4cc09a63bde8bfd9c87f6a6b23f287d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1730161",
+ "https://github.com/openshift/cluster-kube-apiserver-operator/pull/524",
+ },
},
-
{
- ID: "CVE-2019-1020009",
- Path: "2019/1020xxx/CVE-2019-1020009.json",
- BlobHash: "1ae26a4c91f2bc53ee44fadd4374e20e2c72832a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1020009",
+ Path: "2019/1020xxx/CVE-2019-1020009.json",
+ BlobHash: "1ae26a4c91f2bc53ee44fadd4374e20e2c72832a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8",
+ },
},
-
{
- ID: "CVE-2019-1020014",
- Path: "2019/1020xxx/CVE-2019-1020014.json",
- BlobHash: "8ea048b124de215f7cae83a713d807802ad5ce13",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1020014",
+ Path: "2019/1020xxx/CVE-2019-1020014.json",
+ BlobHash: "8ea048b124de215f7cae83a713d807802ad5ce13",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/docker/docker-credential-helpers/commit/1c9f7ede70a5ab9851f4c9cb37d317fd89cd318a",
+ "https://github.com/docker/docker-credential-helpers/releases/tag/v0.6.3",
+ "https://usn.ubuntu.com/4103-1/",
+ "https://usn.ubuntu.com/4103-2/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VVFB6UWUK2GQQN7DVUU6GRRAL637A73/",
+ },
},
-
{
- ID: "CVE-2019-1020015",
- Path: "2019/1020xxx/CVE-2019-1020015.json",
- BlobHash: "83816b3b659ad58e520ed2e8a6927f856602c108",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-1020015",
+ Path: "2019/1020xxx/CVE-2019-1020015.json",
+ BlobHash: "83816b3b659ad58e520ed2e8a6927f856602c108",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hasura/graphql-engine/commit/f2f14e727b051e3003ba44b9b63eab8186b291ac",
+ },
},
-
{
- ID: "CVE-2019-10217",
- Path: "2019/10xxx/CVE-2019-10217.json",
- BlobHash: "7fbf95dcee87cd58c34f9947cc3d51ebbc4c1e64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10217",
+ Path: "2019/10xxx/CVE-2019-10217.json",
+ BlobHash: "7fbf95dcee87cd58c34f9947cc3d51ebbc4c1e64",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10217",
+ "https://github.com/ansible/ansible/issues/56269",
+ "https://github.com/ansible/ansible/pull/59427",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
+ },
},
-
{
- ID: "CVE-2019-10223",
- Path: "2019/10xxx/CVE-2019-10223.json",
- BlobHash: "f06bcfd6195f7257a34b188fd665a3b9cdfe61c6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10223",
+ Path: "2019/10xxx/CVE-2019-10223.json",
+ BlobHash: "f06bcfd6195f7257a34b188fd665a3b9cdfe61c6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.openwall.com/lists/oss-security/2019/08/15/8",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10223",
+ "https://github.com/kubernetes/kube-state-metrics/releases/tag/v1.7.2",
+ "https://www.openwall.com/lists/oss-security/2019/08/09/1",
+ },
},
-
{
- ID: "CVE-2019-10743",
- Path: "2019/10xxx/CVE-2019-10743.json",
- BlobHash: "78dfc1f5c94cf1480c02ac5ef1f8c3bcaaedfa0b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-10743",
+ Path: "2019/10xxx/CVE-2019-10743.json",
+ BlobHash: "78dfc1f5c94cf1480c02ac5ef1f8c3bcaaedfa0b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/research/zip-slip-vulnerability",
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMHOLTARCHIVERCMDARC-174728,",
+ "https://github.com/mholt/archiver/pull/169",
+ },
},
-
{
- ID: "CVE-2019-11043",
- Path: "2019/11xxx/CVE-2019-11043.json",
- BlobHash: "efbcf584e1363faeb3eb773648d2ce43da0e9335",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11043",
+ Path: "2019/11xxx/CVE-2019-11043.json",
+ BlobHash: "efbcf584e1363faeb3eb773648d2ce43da0e9335",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/neex/phuip-fpizdam",
+ "https://bugs.php.net/bug.php?id=78599",
+ "https://usn.ubuntu.com/4166-1/",
+ "https://www.debian.org/security/2019/dsa-4552",
+ "https://www.debian.org/security/2019/dsa-4553",
+ "https://usn.ubuntu.com/4166-2/",
+ "https://support.f5.com/csp/article/K75408500?utm_source=f5support&utm_medium=RSS",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T62LF4ZWVV7OMMIZFO6IFO5QLZKK7YRD/",
+ "https://security.netapp.com/advisory/ntap-20191031-0003/",
+ "https://access.redhat.com/errata/RHSA-2019:3286",
+ "https://access.redhat.com/errata/RHSA-2019:3287",
+ "https://access.redhat.com/errata/RHSA-2019:3299",
+ "https://access.redhat.com/errata/RHSA-2019:3300",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W23TP6X4H7LB645FYZLUPNIRD5W3EPU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FSNBUSPKMLUHHOADROKNG5GDWDCRHT5M/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00011.html",
+ "https://access.redhat.com/errata/RHSA-2019:3724",
+ "https://access.redhat.com/errata/RHSA-2019:3735",
+ "https://access.redhat.com/errata/RHSA-2019:3736",
+ "https://www.synology.com/security/advisory/Synology_SA_19_36",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00014.html",
+ "https://support.apple.com/kb/HT210919",
+ "https://seclists.org/bugtraq/2020/Jan/44",
+ "http://seclists.org/fulldisclosure/2020/Jan/40",
+ "https://access.redhat.com/errata/RHSA-2020:0322",
+ "http://packetstormsecurity.com/files/156642/PHP-FPM-7.x-Remote-Code-Execution.html",
+ },
},
-
{
- ID: "CVE-2019-11228",
- Path: "2019/11xxx/CVE-2019-11228.json",
- BlobHash: "91ad8aad6f9734cd90b3f06f6e2613b7154004e9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11228",
+ Path: "2019/11xxx/CVE-2019-11228.json",
+ BlobHash: "91ad8aad6f9734cd90b3f06f6e2613b7154004e9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3",
+ "https://github.com/go-gitea/gitea/releases/tag/v1.7.6",
+ },
},
-
{
- ID: "CVE-2019-11229",
- Path: "2019/11xxx/CVE-2019-11229.json",
- BlobHash: "7dc2899d18260f82d6cfa35ae699107ac55affc6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11229",
+ Path: "2019/11xxx/CVE-2019-11229.json",
+ BlobHash: "7dc2899d18260f82d6cfa35ae699107ac55affc6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3",
+ "https://github.com/go-gitea/gitea/releases/tag/v1.7.6",
+ "http://packetstormsecurity.com/files/160833/Gitea-1.7.5-Remote-Code-Execution.html",
+ },
},
-
{
- ID: "CVE-2019-11243",
- Path: "2019/11xxx/CVE-2019-11243.json",
- BlobHash: "240224e18d72e19314d8e206100446f0a275b49e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11243",
+ Path: "2019/11xxx/CVE-2019-11243.json",
+ BlobHash: "240224e18d72e19314d8e206100446f0a275b49e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/76797",
+ "http://www.securityfocus.com/bid/108053",
+ "https://security.netapp.com/advisory/ntap-20190509-0002/",
+ },
},
-
{
- ID: "CVE-2019-11244",
- Path: "2019/11xxx/CVE-2019-11244.json",
- BlobHash: "ee426f62fc258992ee5c5add5afa24866183049f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11244",
+ Path: "2019/11xxx/CVE-2019-11244.json",
+ BlobHash: "ee426f62fc258992ee5c5add5afa24866183049f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/76676",
+ "http://www.securityfocus.com/bid/108064",
+ "https://security.netapp.com/advisory/ntap-20190509-0002/",
+ "https://access.redhat.com/errata/RHSA-2019:3942",
+ "https://access.redhat.com/errata/RHSA-2020:0020",
+ "https://access.redhat.com/errata/RHSA-2020:0074",
+ },
},
-
{
- ID: "CVE-2019-11245",
- Path: "2019/11xxx/CVE-2019-11245.json",
- BlobHash: "ada2d8773e54a20b336e667f6090b889da32e60e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11245",
+ Path: "2019/11xxx/CVE-2019-11245.json",
+ BlobHash: "ada2d8773e54a20b336e667f6090b889da32e60e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/78308",
+ "https://security.netapp.com/advisory/ntap-20190919-0003/",
+ },
},
-
{
- ID: "CVE-2019-11246",
- Path: "2019/11xxx/CVE-2019-11246.json",
- BlobHash: "d77d041f1845f282f19721f1b2c7eb293aa8f7c3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11246",
+ Path: "2019/11xxx/CVE-2019-11246.json",
+ BlobHash: "d77d041f1845f282f19721f1b2c7eb293aa8f7c3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/pull/76788",
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/NLs2TGbfPdo",
+ "https://security.netapp.com/advisory/ntap-20190919-0003/",
+ },
},
-
{
- ID: "CVE-2019-11247",
- Path: "2019/11xxx/CVE-2019-11247.json",
- BlobHash: "026587a117d05ad182dd6e2d9e96f2d0865cb2b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11247",
+ Path: "2019/11xxx/CVE-2019-11247.json",
+ BlobHash: "026587a117d05ad182dd6e2d9e96f2d0865cb2b9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/80983",
+ "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ",
+ "https://access.redhat.com/errata/RHSA-2019:2690",
+ "https://security.netapp.com/advisory/ntap-20190919-0003/",
+ "https://access.redhat.com/errata/RHBA-2019:2816",
+ "https://access.redhat.com/errata/RHBA-2019:2824",
+ "https://access.redhat.com/errata/RHSA-2019:2769",
+ },
},
-
{
- ID: "CVE-2019-11248",
- Path: "2019/11xxx/CVE-2019-11248.json",
- BlobHash: "00d4505f9edf499002ad21d1106879358cd7299a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11248",
+ Path: "2019/11xxx/CVE-2019-11248.json",
+ BlobHash: "00d4505f9edf499002ad21d1106879358cd7299a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/81023",
+ "https://groups.google.com/d/msg/kubernetes-security-announce/pKELclHIov8/BEDtRELACQAJ",
+ "https://security.netapp.com/advisory/ntap-20190919-0003/",
+ },
},
-
{
- ID: "CVE-2019-11249",
- Path: "2019/11xxx/CVE-2019-11249.json",
- BlobHash: "47f2be6cfd55d6f91c805f77435fea5eda2c972c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11249",
+ Path: "2019/11xxx/CVE-2019-11249.json",
+ BlobHash: "47f2be6cfd55d6f91c805f77435fea5eda2c972c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/d/msg/kubernetes-security-announce/vUtEcSEY6SM/v2ZZxsmtFQAJ",
+ "https://github.com/kubernetes/kubernetes/issues/80984",
+ "https://security.netapp.com/advisory/ntap-20190919-0003/",
+ "https://access.redhat.com/errata/RHBA-2019:2816",
+ "https://access.redhat.com/errata/RHBA-2019:2794",
+ "https://access.redhat.com/errata/RHBA-2019:2824",
+ "https://access.redhat.com/errata/RHSA-2019:3239",
+ "https://access.redhat.com/errata/RHSA-2019:3811",
+ },
},
-
{
- ID: "CVE-2019-11251",
- Path: "2019/11xxx/CVE-2019-11251.json",
- BlobHash: "4c8f81bc45c5b6ae61871ed463956147eb35057b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11251",
+ Path: "2019/11xxx/CVE-2019-11251.json",
+ BlobHash: "4c8f81bc45c5b6ae61871ed463956147eb35057b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/87773",
+ "https://groups.google.com/d/msg/kubernetes-announce/YYtEFdFimZ4/nZnOezZuBgAJ",
+ },
},
-
{
- ID: "CVE-2019-11252",
- Path: "2019/11xxx/CVE-2019-11252.json",
- BlobHash: "92b566eb58a6bfab63e2bc67c35d85e6342ab81d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11252",
+ Path: "2019/11xxx/CVE-2019-11252.json",
+ BlobHash: "92b566eb58a6bfab63e2bc67c35d85e6342ab81d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/pull/88684",
+ },
},
-
{
- ID: "CVE-2019-11255",
- Path: "2019/11xxx/CVE-2019-11255.json",
- BlobHash: "a1bac48c650c8fc51190ab12dca53f9dad7dc2fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11255",
+ Path: "2019/11xxx/CVE-2019-11255.json",
+ BlobHash: "a1bac48c650c8fc51190ab12dca53f9dad7dc2fb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/85233",
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/aXiYN0q4uIw",
+ "https://access.redhat.com/errata/RHSA-2019:4099",
+ "https://access.redhat.com/errata/RHSA-2019:4096",
+ "https://access.redhat.com/errata/RHSA-2019:4054",
+ "https://access.redhat.com/errata/RHSA-2019:4225",
+ "https://security.netapp.com/advisory/ntap-20200810-0003/",
+ },
},
-
{
- ID: "CVE-2019-11328",
- Path: "2019/11xxx/CVE-2019-11328.json",
- BlobHash: "e84895b0fa29fcacb03922f45e8a8917dba0d2a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11328",
+ Path: "2019/11xxx/CVE-2019-11328.json",
+ BlobHash: "e84895b0fa29fcacb03922f45e8a8917dba0d2a9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/sylabs/singularity/releases/tag/v3.2.0",
+ "http://www.openwall.com/lists/oss-security/2019/05/16/1",
+ "http://www.securityfocus.com/bid/108360",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNU5BUHFOTYUZVHFUSX2VG4S3RCPUEMA/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5O3TPL5OOTIZEI4H6IQBCCISBARJ6WL3/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIHV7DSEVTB5SUPEZ2UXGS3Q6WMEQSO2/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00028.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
+ },
},
-
{
- ID: "CVE-2019-11405",
- Path: "2019/11xxx/CVE-2019-11405.json",
- BlobHash: "b428a95b1dec6aeb4a742a930834a5af2ae4e696",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11405",
+ Path: "2019/11xxx/CVE-2019-11405.json",
+ BlobHash: "b428a95b1dec6aeb4a742a930834a5af2ae4e696",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/OpenAPITools/openapi-generator/issues/2253",
+ "https://github.com/OpenAPITools/openapi-generator/pull/2248",
+ "https://github.com/OpenAPITools/openapi-generator/pull/2697",
+ },
},
-
{
- ID: "CVE-2019-11471",
- Path: "2019/11xxx/CVE-2019-11471.json",
- BlobHash: "2efee46b4fef111a80fbca929f440c6d1e99d951",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11471",
+ Path: "2019/11xxx/CVE-2019-11471.json",
+ BlobHash: "2efee46b4fef111a80fbca929f440c6d1e99d951",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/strukturag/libheif/issues/123",
+ "https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014",
+ },
},
-
{
- ID: "CVE-2019-11502",
- Path: "2019/11xxx/CVE-2019-11502.json",
- BlobHash: "f2a4e1adde7ef761a7ce10889105fb109b82b80c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11502",
+ Path: "2019/11xxx/CVE-2019-11502.json",
+ BlobHash: "f2a4e1adde7ef761a7ce10889105fb109b82b80c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.openwall.com/lists/oss-security/2019/04/18/4",
+ "https://github.com/snapcore/snapd/commit/bdbfeebef03245176ae0dc323392bb0522a339b1",
+ "http://www.openwall.com/lists/oss-security/2019/04/25/7",
+ },
},
-
{
- ID: "CVE-2019-11503",
- Path: "2019/11xxx/CVE-2019-11503.json",
- BlobHash: "59e3c0411f4ccd201662e0650f62acd0f328bdd6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11503",
+ Path: "2019/11xxx/CVE-2019-11503.json",
+ BlobHash: "59e3c0411f4ccd201662e0650f62acd0f328bdd6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.openwall.com/lists/oss-security/2019/04/18/4",
+ "https://github.com/snapcore/snapd/pull/6642",
+ "http://www.openwall.com/lists/oss-security/2019/04/25/7",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VACEKVQ7UAZ32WO4ZKCFW6YOBSYJ76L/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VPU6APEZHAA7N2AI57OT4J2P7NKHFOLM/",
+ },
},
-
{
- ID: "CVE-2019-11576",
- Path: "2019/11xxx/CVE-2019-11576.json",
- BlobHash: "3b90488fb237206082010ff8265beab7ec0dcb8a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11576",
+ Path: "2019/11xxx/CVE-2019-11576.json",
+ BlobHash: "3b90488fb237206082010ff8265beab7ec0dcb8a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://blog.gitea.io/2019/04/gitea-1.8.0-is-released/",
+ "https://github.com/go-gitea/gitea/pull/6674",
+ },
},
-
{
- ID: "CVE-2019-11641",
- Path: "2019/11xxx/CVE-2019-11641.json",
- BlobHash: "d91faee964c8eee67eb31bbdfb95e258ecba0dbe",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11641",
+ Path: "2019/11xxx/CVE-2019-11641.json",
+ BlobHash: "d91faee964c8eee67eb31bbdfb95e258ecba0dbe",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/threatstream/agave/issues/1",
+ },
},
-
{
- ID: "CVE-2019-11881",
- Path: "2019/11xxx/CVE-2019-11881.json",
- BlobHash: "ec2bf57ca5fd5f3c95d06c8fe5f052a9b2b5958a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11881",
+ Path: "2019/11xxx/CVE-2019-11881.json",
+ BlobHash: "ec2bf57ca5fd5f3c95d06c8fe5f052a9b2b5958a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/MauroEldritch/VanCleef",
+ "https://github.com/rancher/rancher/issues/20216",
+ },
},
-
{
- ID: "CVE-2019-11938",
- Path: "2019/11xxx/CVE-2019-11938.json",
- BlobHash: "0398da0e1431d14677d55020500d17943ef4fb93",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-11938",
+ Path: "2019/11xxx/CVE-2019-11938.json",
+ BlobHash: "0398da0e1431d14677d55020500d17943ef4fb93",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/08c2d412adb214c40bb03be7587057b25d053030",
+ "https://github.com/facebook/fbthrift/commit/71c97ffdcb61cccf1f8267774e873e21ebd3ebd3",
+ "https://www.facebook.com/security/advisories/cve-2019-11938",
+ },
},
-
{
- ID: "CVE-2019-12291",
- Path: "2019/12xxx/CVE-2019-12291.json",
- BlobHash: "ff4c4bccd23c52a9d1034ef7218d31bafba28423",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12291",
+ Path: "2019/12xxx/CVE-2019-12291.json",
+ BlobHash: "ff4c4bccd23c52a9d1034ef7218d31bafba28423",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/issues/5888",
+ },
},
-
{
- ID: "CVE-2019-12452",
- Path: "2019/12xxx/CVE-2019-12452.json",
- BlobHash: "3bfedf7f9b1c3dd830d1ab48ef930747ece63146",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12452",
+ Path: "2019/12xxx/CVE-2019-12452.json",
+ BlobHash: "3bfedf7f9b1c3dd830d1ab48ef930747ece63146",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containous/traefik/issues/4917",
+ "https://github.com/containous/traefik/pull/4918",
+ "https://docs.traefik.io/configuration/api/#security",
+ },
},
-
{
- ID: "CVE-2019-12494",
- Path: "2019/12xxx/CVE-2019-12494.json",
- BlobHash: "258fadf0b886fa7a254e061157499782629f282f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12494",
+ Path: "2019/12xxx/CVE-2019-12494.json",
+ BlobHash: "258fadf0b886fa7a254e061157499782629f282f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gardener/vpn/issues/40",
+ "https://github.com/gardener/gardener/pull/874",
+ "https://groups.google.com/forum/#!topic/gardener/pH6dNIEhv-A",
+ },
},
-
{
- ID: "CVE-2019-12618",
- Path: "2019/12xxx/CVE-2019-12618.json",
- BlobHash: "383b97a16200129465fb17e8585798806cdbe0ad",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12618",
+ Path: "2019/12xxx/CVE-2019-12618.json",
+ BlobHash: "383b97a16200129465fb17e8585798806cdbe0ad",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/nomad",
+ "https://github.com/hashicorp/nomad/issues/5783",
+ "https://www.hashicorp.com/blog/hashicorp-nomad-0-9-2",
+ },
},
-
{
- ID: "CVE-2019-12995",
- Path: "2019/12xxx/CVE-2019-12995.json",
- BlobHash: "c026aab113dc55ebe03006aef81b4cc16296ebc7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12995",
+ Path: "2019/12xxx/CVE-2019-12995.json",
+ BlobHash: "c026aab113dc55ebe03006aef81b4cc16296ebc7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://istio.io/about/notes/",
+ "https://github.com/istio/istio/issues/15084",
+ "https://github.com/istio/istio.io/pull/4555",
+ },
},
-
{
- ID: "CVE-2019-12999",
- Path: "2019/12xxx/CVE-2019-12999.json",
- BlobHash: "e76cd1687069c4af03dba8a65ba9c448776f8467",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-12999",
+ Path: "2019/12xxx/CVE-2019-12999.json",
+ BlobHash: "e76cd1687069c4af03dba8a65ba9c448776f8467",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/lightningnetwork/lnd/commits/master",
+ "https://github.com/lightningnetwork/lnd/releases/tag/v0.7.0-beta",
+ "https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html",
+ },
},
-
{
- ID: "CVE-2019-13068",
- Path: "2019/13xxx/CVE-2019-13068.json",
- BlobHash: "0a67265314aad32b9195fc1ecc63ecdbefff63a0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-13068",
+ Path: "2019/13xxx/CVE-2019-13068.json",
+ BlobHash: "0a67265314aad32b9195fc1ecc63ecdbefff63a0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/issues/17718",
+ "https://github.com/grafana/grafana/releases/tag/v6.2.5",
+ "https://security.netapp.com/advisory/ntap-20190710-0001/",
+ },
},
-
{
- ID: "CVE-2019-13126",
- Path: "2019/13xxx/CVE-2019-13126.json",
- BlobHash: "55b267640f33a4f3a1b70bfebd68b670a156af55",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-13126",
+ Path: "2019/13xxx/CVE-2019-13126.json",
+ BlobHash: "55b267640f33a4f3a1b70bfebd68b670a156af55",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.twistlock.com/labs-blog/finding-dos-vulnerability-nats-go-fuzz-cve-2019-13126/",
+ "https://github.com/nats-io/nats-server/pull/1053",
+ },
},
-
{
- ID: "CVE-2019-13139",
- Path: "2019/13xxx/CVE-2019-13139.json",
- BlobHash: "affbd0b23c6d4cf05cf0493a761621959e397d5d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-13139",
+ Path: "2019/13xxx/CVE-2019-13139.json",
+ BlobHash: "affbd0b23c6d4cf05cf0493a761621959e397d5d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/moby/pull/38944",
+ "https://docs.docker.com/engine/release-notes/#18094",
+ "https://staaldraad.github.io/post/2019-07-16-cve-2019-13139-docker-build/",
+ "https://www.debian.org/security/2019/dsa-4521",
+ "https://security.netapp.com/advisory/ntap-20190910-0001/",
+ "https://seclists.org/bugtraq/2019/Sep/21",
+ "https://access.redhat.com/errata/RHBA-2019:3092",
+ },
},
-
{
- ID: "CVE-2019-13915",
- Path: "2019/13xxx/CVE-2019-13915.json",
- BlobHash: "c28c5b8ac1b46a51ff649b09511457f9a062f05d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-13915",
+ Path: "2019/13xxx/CVE-2019-13915.json",
+ BlobHash: "c28c5b8ac1b46a51ff649b09511457f9a062f05d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/b3log/wide/issues/355",
+ },
},
-
{
- ID: "CVE-2019-14243",
- Path: "2019/14xxx/CVE-2019-14243.json",
- BlobHash: "3d6ca6baefdec4c629814fd8742cb6c70c524b05",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14243",
+ Path: "2019/14xxx/CVE-2019-14243.json",
+ BlobHash: "3d6ca6baefdec4c629814fd8742cb6c70c524b05",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://caddy.community/t/dos-in-http-proxyprotocol-plugin/6014",
+ "https://github.com/mastercactapus/proxyprotocol/issues/1",
+ "https://github.com/mastercactapus/caddy-proxyprotocol/issues/8",
+ "https://github.com/mastercactapus/proxyprotocol/compare/ef496d7...5c4a101",
+ "https://github.com/mastercactapus/proxyprotocol/commit/5c4a101121fc3e868026189c7a73f7f19eef90ac",
+ "https://github.com/mastercactapus/proxyprotocol/releases/tag/v0.0.2",
+ },
},
-
{
- ID: "CVE-2019-14255",
- Path: "2019/14xxx/CVE-2019-14255.json",
- BlobHash: "080feaf39dde048b5eb8714ce9ceffe57771af2c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14255",
+ Path: "2019/14xxx/CVE-2019-14255.json",
+ BlobHash: "080feaf39dde048b5eb8714ce9ceffe57771af2c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cactus/go-camo/security/advisories/GHSA-xrmp-4542-q746",
+ },
},
-
{
- ID: "CVE-2019-14271",
- Path: "2019/14xxx/CVE-2019-14271.json",
- BlobHash: "525144ea9bf237401b83dde566e97ee338088a56",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14271",
+ Path: "2019/14xxx/CVE-2019-14271.json",
+ BlobHash: "525144ea9bf237401b83dde566e97ee338088a56",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/moby/issues/39449",
+ "https://docs.docker.com/engine/release-notes/",
+ "https://security.netapp.com/advisory/ntap-20190828-0003/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
+ "https://www.debian.org/security/2019/dsa-4521",
+ "https://seclists.org/bugtraq/2019/Sep/21",
+ },
},
-
{
- ID: "CVE-2019-14544",
- Path: "2019/14xxx/CVE-2019-14544.json",
- BlobHash: "d44e03d3e369947b16ff48b95f754d0097b04422",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14544",
+ Path: "2019/14xxx/CVE-2019-14544.json",
+ BlobHash: "d44e03d3e369947b16ff48b95f754d0097b04422",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5764",
+ },
},
-
{
- ID: "CVE-2019-14846",
- Path: "2019/14xxx/CVE-2019-14846.json",
- BlobHash: "e4504fea8a94bc8abf1a26c600394ecb42552d4f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14846",
+ Path: "2019/14xxx/CVE-2019-14846.json",
+ BlobHash: "e4504fea8a94bc8abf1a26c600394ecb42552d4f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14846",
+ "https://github.com/ansible/ansible/pull/63366",
+ "https://access.redhat.com/errata/RHSA-2019:3203",
+ "https://access.redhat.com/errata/RHSA-2019:3202",
+ "https://access.redhat.com/errata/RHSA-2019:3207",
+ "https://access.redhat.com/errata/RHSA-2019:3201",
+ "https://access.redhat.com/errata/RHSA-2020:0756",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
+ "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
+ },
},
-
{
- ID: "CVE-2019-14864",
- Path: "2019/14xxx/CVE-2019-14864.json",
- BlobHash: "05c5029f208e31be80468e1b08210407c44a0b76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14864",
+ Path: "2019/14xxx/CVE-2019-14864.json",
+ BlobHash: "05c5029f208e31be80468e1b08210407c44a0b76",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14864",
+ "https://github.com/ansible/ansible/issues/63522",
+ "https://github.com/ansible/ansible/pull/63527",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00026.html",
+ },
},
-
{
- ID: "CVE-2019-14904",
- Path: "2019/14xxx/CVE-2019-14904.json",
- BlobHash: "79f65d4b41ccb1e253ab9a62354e27963949b935",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14904",
+ Path: "2019/14xxx/CVE-2019-14904.json",
+ BlobHash: "79f65d4b41ccb1e253ab9a62354e27963949b935",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1776944",
+ "https://github.com/ansible/ansible/pull/65686",
+ "https://lists.debian.org/debian-lts-announce/2021/01/msg00023.html",
+ },
},
-
{
- ID: "CVE-2019-14940",
- Path: "2019/14xxx/CVE-2019-14940.json",
- BlobHash: "795b8ab72afb7caeb2b9fcc94851e0881bfb2e7d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14940",
+ Path: "2019/14xxx/CVE-2019-14940.json",
+ BlobHash: "795b8ab72afb7caeb2b9fcc94851e0881bfb2e7d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/spdk/spdk/releases/tag/v19.07",
+ },
},
-
{
- ID: "CVE-2019-14993",
- Path: "2019/14xxx/CVE-2019-14993.json",
- BlobHash: "dcb624b1dd02901374a40c981cbf752d066361d0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-14993",
+ Path: "2019/14xxx/CVE-2019-14993.json",
+ BlobHash: "dcb624b1dd02901374a40c981cbf752d066361d0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://discuss.istio.io/t/upcoming-security-updates-in-istio-1-2-4-and-1-1-13/3383",
+ "https://github.com/envoyproxy/envoy/issues/7728",
+ "https://istio.io/blog/2019/istio-security-003-004/",
+ "https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86164",
+ },
},
-
{
- ID: "CVE-2019-15043",
- Path: "2019/15xxx/CVE-2019-15043.json",
- BlobHash: "5d64b3160b773e51ecf38ba83cfffa33b3a0988c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15043",
+ Path: "2019/15xxx/CVE-2019-15043.json",
+ BlobHash: "5d64b3160b773e51ecf38ba83cfffa33b3a0988c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://community.grafana.com/t/release-notes-v6-3-x/19202",
+ "https://github.com/grafana/grafana/releases",
+ "https://community.grafana.com/t/grafana-5-4-5-and-6-3-4-security-update/20569",
+ "https://grafana.com/blog/2019/08/29/grafana-5.4.5-and-6.3.4-released-with-important-security-fix/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RF5ARGYX3WYB7H2FDR7VAWTEQ27UX3FU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UO4NBL7PKW4OSFRVZENGC42EWEJV2YAH/",
+ "https://security.netapp.com/advisory/ntap-20191004-0004/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html",
+ },
},
-
{
- ID: "CVE-2019-15119",
- Path: "2019/15xxx/CVE-2019-15119.json",
- BlobHash: "0afdb67cace7095df25df975e881acd7b2512bb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15119",
+ Path: "2019/15xxx/CVE-2019-15119.json",
+ BlobHash: "0afdb67cace7095df25df975e881acd7b2512bb3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cnlh/nps/issues/176",
+ "https://github.com/cnlh/nps/commit/7178b3380720e910d283036a8d39879a94105515",
+ },
},
-
{
- ID: "CVE-2019-15225",
- Path: "2019/15xxx/CVE-2019-15225.json",
- BlobHash: "e4acf6d62c653e50bebe75585582a4c5ee8ab2a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15225",
+ Path: "2019/15xxx/CVE-2019-15225.json",
+ BlobHash: "e4acf6d62c653e50bebe75585582a4c5ee8ab2a4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/issues/7728",
+ },
},
-
{
- ID: "CVE-2019-15226",
- Path: "2019/15xxx/CVE-2019-15226.json",
- BlobHash: "d728ca5f8ba329e8d0d40bb6af1f115dfd186e04",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15226",
+ Path: "2019/15xxx/CVE-2019-15226.json",
+ BlobHash: "d728ca5f8ba329e8d0d40bb6af1f115dfd186e04",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/commits/master",
+ "https://github.com/envoyproxy/envoy/commit/afc39bea36fd436e54262f150c009e8d72db5014",
+ "https://github.com/envoyproxy/envoy/issues/8520",
+ },
},
-
{
- ID: "CVE-2019-15562",
- Path: "2019/15xxx/CVE-2019-15562.json",
- BlobHash: "163789d5a1fd4f7430975ced3ca5b6ce4519089c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15562",
+ Path: "2019/15xxx/CVE-2019-15562.json",
+ BlobHash: "163789d5a1fd4f7430975ced3ca5b6ce4519089c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/jinzhu/gorm/releases/tag/v1.9.10",
+ "https://github.com/go-gorm/gorm/pull/2519",
+ "https://github.com/go-gorm/gorm/pull/2674",
+ "https://github.com/go-gorm/gorm/issues/2517#issuecomment-638145427",
+ },
},
-
{
- ID: "CVE-2019-15716",
- Path: "2019/15xxx/CVE-2019-15716.json",
- BlobHash: "7469952f2a930ae410f6a261b4551adc302a1b76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-15716",
+ Path: "2019/15xxx/CVE-2019-15716.json",
+ BlobHash: "7469952f2a930ae410f6a261b4551adc302a1b76",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/wtfutil/wtf/compare/v0.18.0...v0.19.0",
+ "https://github.com/wtfutil/wtf/issues/517",
+ "https://github.com/wtfutil/wtf/blob/67658e172c9470e93e4122d6e2c90d01db12b0ac/cfg/config_files.go#L71-L72",
+ },
},
-
{
- ID: "CVE-2019-16060",
- Path: "2019/16xxx/CVE-2019-16060.json",
- BlobHash: "9c378b379f482d7725baafb194a1acade28a4bbd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16060",
+ Path: "2019/16xxx/CVE-2019-16060.json",
+ BlobHash: "9c378b379f482d7725baafb194a1acade28a4bbd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/airbrake/airbrake-ruby/issues/468",
+ },
},
-
{
- ID: "CVE-2019-16097",
- Path: "2019/16xxx/CVE-2019-16097.json",
- BlobHash: "4facc31796c17f1bb3e241cab3accb974b68c73f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16097",
+ Path: "2019/16xxx/CVE-2019-16097.json",
+ BlobHash: "4facc31796c17f1bb3e241cab3accb974b68c73f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/commit/b6db8a8a106259ec9a2c48be8a380cb3b37cf517",
+ "https://github.com/goharbor/harbor/compare/v1.8.2...v1.9.0-rc1",
+ "https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/",
+ "https://github.com/goharbor/harbor/releases/tag/v1.8.3",
+ "https://github.com/goharbor/harbor/releases/tag/v1.7.6",
+ "http://www.vmware.com/security/advisories/VMSA-2019-0015.html",
+ },
},
-
{
- ID: "CVE-2019-16146",
- Path: "2019/16xxx/CVE-2019-16146.json",
- BlobHash: "f7415bce429210272f7f522d58dc0a5aa197a9d2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16146",
+ Path: "2019/16xxx/CVE-2019-16146.json",
+ BlobHash: "f7415bce429210272f7f522d58dc0a5aa197a9d2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gophish/gophish/pull/1547",
+ },
},
-
{
- ID: "CVE-2019-16214",
- Path: "2019/16xxx/CVE-2019-16214.json",
- BlobHash: "3c00f5013f369e52474a4b47c61c47dad3433c57",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16214",
+ Path: "2019/16xxx/CVE-2019-16214.json",
+ BlobHash: "3c00f5013f369e52474a4b47c61c47dad3433c57",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://blog.openzeppelin.com/libra-vulnerability-summary/",
+ "https://blog.openzeppelin.com/libra-vulnerability-release/",
+ "https://github.com/libra/libra/commit/7efb0221989f17fdf7f8486730898ed947a1e19e",
+ },
},
-
{
- ID: "CVE-2019-16355",
- Path: "2019/16xxx/CVE-2019-16355.json",
- BlobHash: "6c3717f918447251a41e2bf059f6aed70ef9e5bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16355",
+ Path: "2019/16xxx/CVE-2019-16355.json",
+ BlobHash: "6c3717f918447251a41e2bf059f6aed70ef9e5bf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/astaxie/beego/issues/3763",
+ },
},
-
{
- ID: "CVE-2019-16778",
- Path: "2019/16xxx/CVE-2019-16778.json",
- BlobHash: "79c8ece60183840c81f4be3dd5b3f0c34073cdd6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16778",
+ Path: "2019/16xxx/CVE-2019-16778.json",
+ BlobHash: "79c8ece60183840c81f4be3dd5b3f0c34073cdd6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-844w-j86r-4x2j",
+ "https://github.com/tensorflow/tensorflow/commit/db4f9717c41bccc3ce10099ab61996b246099892",
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-002.md",
+ },
},
-
{
- ID: "CVE-2019-16919",
- Path: "2019/16xxx/CVE-2019-16919.json",
- BlobHash: "c83a62ca2397e93022bc1737ae1bb03add793d6f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-16919",
+ Path: "2019/16xxx/CVE-2019-16919.json",
+ BlobHash: "c83a62ca2397e93022bc1737ae1bb03add793d6f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://landscape.cncf.io/selected=harbor",
+ "http://www.vmware.com/security/advisories/VMSA-2019-0016.html",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-x2r2-w9c7-h624",
+ },
},
-
{
- ID: "CVE-2019-18466",
- Path: "2019/18xxx/CVE-2019-18466.json",
- BlobHash: "e153cc928f291572de44893ea69a82169e3fd99a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18466",
+ Path: "2019/18xxx/CVE-2019-18466.json",
+ BlobHash: "e153cc928f291572de44893ea69a82169e3fd99a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1744588",
+ "https://github.com/containers/libpod/issues/3829",
+ "https://github.com/containers/libpod/commit/5c09c4d2947a759724f9d5aef6bac04317e03f7e",
+ "https://github.com/containers/libpod/compare/v1.5.1...v1.6.0",
+ "https://access.redhat.com/errata/RHSA-2019:4269",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00040.html",
+ },
},
-
{
- ID: "CVE-2019-18657",
- Path: "2019/18xxx/CVE-2019-18657.json",
- BlobHash: "9dd98b50e92943e0863c8d1703dad082c14de3bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18657",
+ Path: "2019/18xxx/CVE-2019-18657.json",
+ BlobHash: "9dd98b50e92943e0863c8d1703dad082c14de3bc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ClickHouse/ClickHouse/pull/6466",
+ "https://github.com/ClickHouse/ClickHouse/blob/master/CHANGELOG.md",
+ "https://github.com/ClickHouse/ClickHouse/pull/7526/files",
+ },
},
-
{
- ID: "CVE-2019-18801",
- Path: "2019/18xxx/CVE-2019-18801.json",
- BlobHash: "f32ec181fdf01f62dafabf2952f91bdde06b559c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18801",
+ Path: "2019/18xxx/CVE-2019-18801.json",
+ BlobHash: "f32ec181fdf01f62dafabf2952f91bdde06b559c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/commits/master",
+ "https://groups.google.com/forum/#!forum/envoy-users",
+ "https://blog.envoyproxy.io",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gxvv-x4p2-rppp",
+ "https://access.redhat.com/errata/RHSA-2019:4222",
+ },
},
-
{
- ID: "CVE-2019-18802",
- Path: "2019/18xxx/CVE-2019-18802.json",
- BlobHash: "69c5764c6435584d082e1ebe62c8d77dafe9e038",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18802",
+ Path: "2019/18xxx/CVE-2019-18802.json",
+ BlobHash: "69c5764c6435584d082e1ebe62c8d77dafe9e038",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/commits/master",
+ "https://groups.google.com/forum/#!forum/envoy-users",
+ "https://blog.envoyproxy.io",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-356m-vhw2-wcm4",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00034.html",
+ },
},
-
{
- ID: "CVE-2019-18817",
- Path: "2019/18xxx/CVE-2019-18817.json",
- BlobHash: "7e1cfb65da95dc7c8a0915cb6f3791112fe33299",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18817",
+ Path: "2019/18xxx/CVE-2019-18817.json",
+ BlobHash: "7e1cfb65da95dc7c8a0915cb6f3791112fe33299",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://istio.io/news/2019/announcing-1.3.5/",
+ "https://github.com/istio/istio/issues/18229",
+ },
},
-
{
- ID: "CVE-2019-18836",
- Path: "2019/18xxx/CVE-2019-18836.json",
- BlobHash: "7b94362aea5c82e2d167c886763553dabb569120",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18836",
+ Path: "2019/18xxx/CVE-2019-18836.json",
+ BlobHash: "7b94362aea5c82e2d167c886763553dabb569120",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!forum/envoy-users",
+ "https://blog.envoyproxy.io",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3xvf-4396-cj46",
+ "https://github.com/istio/istio/issues/18229",
+ },
},
-
{
- ID: "CVE-2019-18838",
- Path: "2019/18xxx/CVE-2019-18838.json",
- BlobHash: "45f3cb1518e31e5c0311ff0c8a07edea3650fba7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18838",
+ Path: "2019/18xxx/CVE-2019-18838.json",
+ BlobHash: "45f3cb1518e31e5c0311ff0c8a07edea3650fba7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/commits/master",
+ "https://groups.google.com/forum/#!forum/envoy-users",
+ "https://blog.envoyproxy.io",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-f2rv-4w6x-rwhc",
+ },
},
-
{
- ID: "CVE-2019-18923",
- Path: "2019/18xxx/CVE-2019-18923.json",
- BlobHash: "5ab89fec75b1e5e9fc68200be2ecf3d081ad3b3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-18923",
+ Path: "2019/18xxx/CVE-2019-18923.json",
+ BlobHash: "5ab89fec75b1e5e9fc68200be2ecf3d081ad3b3c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cactus/go-camo/blob/505862f7bf14c8b6ff945734d5f3fdcd929e45dd/pkg/camo/proxy.go#L453-L460",
+ "https://github.com/cactus/go-camo/security/advisories/GHSA-jg2r-qf99-4wvr",
+ },
},
-
{
- ID: "CVE-2019-19023",
- Path: "2019/19xxx/CVE-2019-19023.json",
- BlobHash: "c65ec8265c7c221b10038390e54f83fb8fb57380",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19023",
+ Path: "2019/19xxx/CVE-2019-19023.json",
+ BlobHash: "c65ec8265c7c221b10038390e54f83fb8fb57380",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/security/advisories",
+ "https://tanzu.vmware.com/security/cve-2019-19023",
+ },
},
-
{
- ID: "CVE-2019-19025",
- Path: "2019/19xxx/CVE-2019-19025.json",
- BlobHash: "319b42d2220549d97aa1b196a71bf1af6443dedb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19025",
+ Path: "2019/19xxx/CVE-2019-19025.json",
+ BlobHash: "319b42d2220549d97aa1b196a71bf1af6443dedb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/security/advisories",
+ "https://tanzu.vmware.com/security/cve-2019-19025",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-gcqm-v682-ccw6",
+ },
},
-
{
- ID: "CVE-2019-19026",
- Path: "2019/19xxx/CVE-2019-19026.json",
- BlobHash: "2e2be398442b195e408aa00ef0c50504e1aafb4d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19026",
+ Path: "2019/19xxx/CVE-2019-19026.json",
+ BlobHash: "2e2be398442b195e408aa00ef0c50504e1aafb4d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/security/advisories",
+ "https://tanzu.vmware.com/security/cve-2019-19026",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-rh89-vvrg-fg64",
+ },
},
-
{
- ID: "CVE-2019-19029",
- Path: "2019/19xxx/CVE-2019-19029.json",
- BlobHash: "9388b463ac82baa9b6b4c6248f707695b541ce02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19029",
+ Path: "2019/19xxx/CVE-2019-19029.json",
+ BlobHash: "9388b463ac82baa9b6b4c6248f707695b541ce02",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/security/advisories",
+ "https://tanzu.vmware.com/security/cve-2019-19029",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-qcfv-8v29-469w",
+ },
},
-
{
- ID: "CVE-2019-19316",
- Path: "2019/19xxx/CVE-2019-19316.json",
- BlobHash: "99e80ea26c6c3f1a43ef4c11e5f52939348b3c5f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19316",
+ Path: "2019/19xxx/CVE-2019-19316.json",
+ BlobHash: "99e80ea26c6c3f1a43ef4c11e5f52939348b3c5f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/terraform/security/advisories/GHSA-4rvg-555h-r626",
+ },
},
-
{
- ID: "CVE-2019-19335",
- Path: "2019/19xxx/CVE-2019-19335.json",
- BlobHash: "e24b07367bb61f813bd8ad8e608a13068089b290",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19335",
+ Path: "2019/19xxx/CVE-2019-19335.json",
+ BlobHash: "e24b07367bb61f813bd8ad8e608a13068089b290",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-19335",
+ },
},
-
{
- ID: "CVE-2019-19349",
- Path: "2019/19xxx/CVE-2019-19349.json",
- BlobHash: "81759decb9c3b14e63d99ec2c01550a77f193dd3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19349",
+ Path: "2019/19xxx/CVE-2019-19349.json",
+ BlobHash: "81759decb9c3b14e63d99ec2c01550a77f193dd3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1793284",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
+ },
},
-
{
- ID: "CVE-2019-19350",
- Path: "2019/19xxx/CVE-2019-19350.json",
- BlobHash: "be7fda55b07cb415a2c5f586189a00586cca7082",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19350",
+ Path: "2019/19xxx/CVE-2019-19350.json",
+ BlobHash: "be7fda55b07cb415a2c5f586189a00586cca7082",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1791534",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1793283",
+ },
},
-
{
- ID: "CVE-2019-19724",
- Path: "2019/19xxx/CVE-2019-19724.json",
- BlobHash: "159f7d803636dd2ef6313aa2471fa8dff9eb7f9d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19724",
+ Path: "2019/19xxx/CVE-2019-19724.json",
+ BlobHash: "159f7d803636dd2ef6313aa2471fa8dff9eb7f9d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/sylabs/singularity/releases/tag/v3.5.2",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html",
+ },
},
-
{
- ID: "CVE-2019-19922",
- Path: "2019/19xxx/CVE-2019-19922.json",
- BlobHash: "6daf82d954d5ad555580ded4e6b34216e5ab1fb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-19922",
+ Path: "2019/19xxx/CVE-2019-19922.json",
+ BlobHash: "6daf82d954d5ad555580ded4e6b34216e5ab1fb2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.9",
+ "https://github.com/torvalds/linux/commit/de53fd7aedb100f03e5d2231cfce0e4993282425",
+ "https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=de53fd7aedb100f03e5d2231cfce0e4993282425",
+ "https://relistan.com/the-kernel-may-be-slowing-down-your-app",
+ "https://github.com/kubernetes/kubernetes/issues/67577",
+ "https://usn.ubuntu.com/4226-1/",
+ "https://lists.debian.org/debian-lts-announce/2020/01/msg00013.html",
+ "https://security.netapp.com/advisory/ntap-20200204-0002/",
+ },
},
-
{
- ID: "CVE-2019-20329",
- Path: "2019/20xxx/CVE-2019-20329.json",
- BlobHash: "ad4ce06fbbd574a6742e8d43184caf2e721de2de",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-20329",
+ Path: "2019/20xxx/CVE-2019-20329.json",
+ BlobHash: "ad4ce06fbbd574a6742e8d43184caf2e721de2de",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/open-lambda/open-lambda/issues/92",
+ "https://github.com/open-lambda/open-lambda/blob/9f7f935195ca74700c60ebc1ecfdaefad40d144b/src/common/config.go#L135",
+ "https://github.com/open-lambda/open-lambda/blob/9f7f935195ca74700c60ebc1ecfdaefad40d144b/src/server/lambdaServer.go#L92-L97",
+ },
},
-
{
- ID: "CVE-2019-20372",
- Path: "2019/20xxx/CVE-2019-20372.json",
- BlobHash: "cb8234e84e0802f06ee40be40c766b10d17b0974",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-20372",
+ Path: "2019/20xxx/CVE-2019-20372.json",
+ BlobHash: "cb8234e84e0802f06ee40be40c766b10d17b0974",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bertjwregeer.keybase.pub/2019-12-10%20-%20error_page%20request%20smuggling.pdf",
+ "http://nginx.org/en/CHANGES",
+ "https://duo.com/docs/dng-notes#version-1.5.4-january-2020",
+ "https://github.com/kubernetes/ingress-nginx/pull/4859",
+ "https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e",
+ "https://usn.ubuntu.com/4235-1/",
+ "https://usn.ubuntu.com/4235-2/",
+ "https://security.netapp.com/advisory/ntap-20200127-0003/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00013.html",
+ },
},
-
{
- ID: "CVE-2019-20377",
- Path: "2019/20xxx/CVE-2019-20377.json",
- BlobHash: "5ce3ea7ffb45e199b7fb3a9c26fa416c35433fa9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-20377",
+ Path: "2019/20xxx/CVE-2019-20377.json",
+ BlobHash: "5ce3ea7ffb45e199b7fb3a9c26fa416c35433fa9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tophubs/TopList/issues/32",
+ },
},
-
{
- ID: "CVE-2019-20894",
- Path: "2019/20xxx/CVE-2019-20894.json",
- BlobHash: "e2b7f6503920679af3592d2acaa6c3ef5b83baf7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-20894",
+ Path: "2019/20xxx/CVE-2019-20894.json",
+ BlobHash: "e2b7f6503920679af3592d2acaa6c3ef5b83baf7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containous/traefik/issues/5312",
+ },
},
-
{
- ID: "CVE-2019-20933",
- Path: "2019/20xxx/CVE-2019-20933.json",
- BlobHash: "53d3419759649147083c4e39c29cb795407d6823",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-20933",
+ Path: "2019/20xxx/CVE-2019-20933.json",
+ BlobHash: "53d3419759649147083c4e39c29cb795407d6823",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/influxdata/influxdb/issues/12927",
+ "https://github.com/influxdata/influxdb/compare/v1.7.5...v1.7.6",
+ "https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0",
+ "https://lists.debian.org/debian-lts-announce/2020/12/msg00030.html",
+ "https://www.debian.org/security/2021/dsa-4823",
+ },
},
-
{
- ID: "CVE-2019-25014",
- Path: "2019/25xxx/CVE-2019-25014.json",
- BlobHash: "d4cc6a06989f1abc359b4c47bf3c807cc898a458",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-25014",
+ Path: "2019/25xxx/CVE-2019-25014.json",
+ BlobHash: "d4cc6a06989f1abc359b4c47bf3c807cc898a458",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/istio/istio/compare/1.4.2...1.5.0-alpha.0",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1919066",
+ },
},
-
{
- ID: "CVE-2019-3552",
- Path: "2019/3xxx/CVE-2019-3552.json",
- BlobHash: "c40a70560ec0e411812acff3a1bada2ecb3ce47c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3552",
+ Path: "2019/3xxx/CVE-2019-3552.json",
+ BlobHash: "c40a70560ec0e411812acff3a1bada2ecb3ce47c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
+ "http://www.securityfocus.com/bid/108279",
+ "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2019-3553",
- Path: "2019/3xxx/CVE-2019-3553.json",
- BlobHash: "0d36004a8d58b25beb7a744d44fbcfb4c293deaf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3553",
+ Path: "2019/3xxx/CVE-2019-3553.json",
+ BlobHash: "0d36004a8d58b25beb7a744d44fbcfb4c293deaf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/c9a903e5902834e95bbd4ab0e9fa53ba0189f351",
+ "https://github.com/facebook/fbthrift/commit/3f156207e8a6583d88999487e954320dc18955e6",
+ "https://www.facebook.com/security/advisories/cve-2019-3553",
+ },
},
-
{
- ID: "CVE-2019-3558",
- Path: "2019/3xxx/CVE-2019-3558.json",
- BlobHash: "0a56ef93e603a8315c031e2e2ae979339406e18c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3558",
+ Path: "2019/3xxx/CVE-2019-3558.json",
+ BlobHash: "0a56ef93e603a8315c031e2e2ae979339406e18c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/c5d6e07588cd03061bc54d451a7fa6e84883d62b",
+ "https://www.facebook.com/security/advisories/cve-2019-3558",
+ "http://www.securityfocus.com/bid/108274",
+ "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2019-3559",
- Path: "2019/3xxx/CVE-2019-3559.json",
- BlobHash: "044998de6792e20e43bdc95fe51c581edef9fdc5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3559",
+ Path: "2019/3xxx/CVE-2019-3559.json",
+ BlobHash: "044998de6792e20e43bdc95fe51c581edef9fdc5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/a56346ceacad28bf470017a6bda1d5518d0bd943",
+ "https://www.facebook.com/security/advisories/cve-2019-3559",
+ "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2019-3565",
- Path: "2019/3xxx/CVE-2019-3565.json",
- BlobHash: "52d4975f9164deaf7c50b81b00f369d7def6e55f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3565",
+ Path: "2019/3xxx/CVE-2019-3565.json",
+ BlobHash: "52d4975f9164deaf7c50b81b00f369d7def6e55f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/facebook/fbthrift/commit/01686e15ec77ccb4d49a77d5bce3a01601e54d64",
+ "https://www.facebook.com/security/advisories/cve-2019-3565",
+ "http://www.securityfocus.com/bid/108280",
+ "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2019-3826",
- Path: "2019/3xxx/CVE-2019-3826.json",
- BlobHash: "7c4bf71bc274679b9929c35618ac44685eeb066d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3826",
+ Path: "2019/3xxx/CVE-2019-3826.json",
+ BlobHash: "7c4bf71bc274679b9929c35618ac44685eeb066d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826",
+ "https://github.com/prometheus/prometheus/pull/5163",
+ "https://github.com/prometheus/prometheus/commit/62e591f9",
+ "https://access.redhat.com/errata/RHBA-2019:0327",
+ "https://lists.apache.org/thread.html/rdf2a0d94c3b5b523aeff7741ae71347415276062811b687f30ea6573@%3Ccommits.zookeeper.apache.org%3E",
+ "https://lists.apache.org/thread.html/r8e3f7da12bf5750b0a02e69a78a61073a2ac950eed7451ce70a65177@%3Ccommits.zookeeper.apache.org%3E",
+ "https://lists.apache.org/thread.html/r48d5019bd42e0770f7e5351e420a63a41ff1f16924942442c6aff6a8@%3Ccommits.zookeeper.apache.org%3E",
+ "https://advisory.checkmarx.net/advisory/CX-2019-4297",
+ },
},
-
{
- ID: "CVE-2019-3828",
- Path: "2019/3xxx/CVE-2019-3828.json",
- BlobHash: "ecf1efff5e523cf410bd7dad7d181a88090d7377",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3828",
+ Path: "2019/3xxx/CVE-2019-3828.json",
+ BlobHash: "ecf1efff5e523cf410bd7dad7d181a88090d7377",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/pull/52133",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3828",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00021.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00077.html",
+ "https://usn.ubuntu.com/4072-1/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00020.html",
+ "https://access.redhat.com/errata/RHSA-2019:3744",
+ "https://access.redhat.com/errata/RHSA-2019:3789",
+ },
},
-
{
- ID: "CVE-2019-3841",
- Path: "2019/3xxx/CVE-2019-3841.json",
- BlobHash: "fb2cd94717b5e0267890e50fa3f05139cadba555",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3841",
+ Path: "2019/3xxx/CVE-2019-3841.json",
+ BlobHash: "fb2cd94717b5e0267890e50fa3f05139cadba555",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubevirt/containerized-data-importer/issues/678",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3841",
+ },
},
-
{
- ID: "CVE-2019-3990",
- Path: "2019/3xxx/CVE-2019-3990.json",
- BlobHash: "b28380c71c2d5e8c495a466ffd1693fd702ff1a9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-3990",
+ Path: "2019/3xxx/CVE-2019-3990.json",
+ BlobHash: "b28380c71c2d5e8c495a466ffd1693fd702ff1a9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.tenable.com/security/research/tra-2019-50",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-6qj9-33j4-rvhg",
+ },
},
-
{
- ID: "CVE-2019-5736",
- Path: "2019/5xxx/CVE-2019-5736.json",
- BlobHash: "a70763471650d8005dfa3efbc0d8ccbe6540d2f7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-5736",
+ Path: "2019/5xxx/CVE-2019-5736.json",
+ BlobHash: "a70763471650d8005dfa3efbc0d8ccbe6540d2f7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/opencontainers/runc/commit/6635b4f0c6af3810594d2770f662f34ddc15b40d",
+ "https://access.redhat.com/errata/RHSA-2019:0408",
+ "https://github.com/rancher/runc-cve",
+ "https://access.redhat.com/errata/RHSA-2019:0401",
+ "https://github.com/docker/docker-ce/releases/tag/v18.09.2",
+ "https://www.synology.com/security/advisory/Synology_SA_19_06",
+ "https://security.netapp.com/advisory/ntap-20190307-0008/",
+ "https://access.redhat.com/errata/RHSA-2019:0303",
+ "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
+ "https://github.com/q3k/cve-2019-5736-poc",
+ "https://www.exploit-db.com/exploits/46359/",
+ "https://github.com/opencontainers/runc/commit/0a8e4117e7f715d5fbeef398405813ce8e88558b",
+ "https://aws.amazon.com/security/security-bulletins/AWS-2019-002/",
+ "https://www.openwall.com/lists/oss-security/2019/02/11/2",
+ "https://kubernetes.io/blog/2019/02/11/runc-and-cve-2019-5736/",
+ "https://access.redhat.com/security/cve/cve-2019-5736",
+ "https://www.exploit-db.com/exploits/46369/",
+ "https://access.redhat.com/errata/RHSA-2019:0304",
+ "https://github.com/Frichetten/CVE-2019-5736-PoC",
+ "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03913en_us",
+ "https://brauner.github.io/2019/02/12/privileged-containers.html",
+ "https://www.twistlock.com/2019/02/11/how-to-mitigate-cve-2019-5736-in-runc-and-docker/",
+ "https://cloud.google.com/kubernetes-engine/docs/security-bulletins#february-11-2019-runc",
+ "http://www.securityfocus.com/bid/106976",
+ "https://access.redhat.com/security/vulnerabilities/runcescape",
+ "https://blog.dragonsector.pl/2019/02/cve-2019-5736-escape-from-docker-and.html",
+ "https://bugzilla.suse.com/show_bug.cgi?id=1121967",
+ "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc",
+ "https://lists.apache.org/thread.html/b162dd624dc088cd634292f0402282a1d1d0ce853baeae8205bc033c@%3Cdev.mesos.apache.org%3E",
+ "https://lists.apache.org/thread.html/a258757af84c5074dc7bf932622020fd4f60cef65a84290380386706@%3Cuser.mesos.apache.org%3E",
+ "http://www.openwall.com/lists/oss-security/2019/03/23/1",
+ "https://support.mesosphere.com/s/article/Known-Issue-Container-Runtime-Vulnerability-MSPH-2019-0003",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00044.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00074.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00091.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6A4OSFM5GGOWW4ECELV5OHX2XRAUSPH/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWFJGIPYAAAMVSWWI3QWYXGA3ZBU2H4W/",
+ "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03410944",
+ "https://access.redhat.com/errata/RHSA-2019:0975",
+ "https://azure.microsoft.com/en-us/updates/cve-2019-5736-and-runc-vulnerability/",
+ "https://azure.microsoft.com/en-us/updates/iot-edge-fix-cve-2019-5736/",
+ "https://lists.apache.org/thread.html/acacf018c12636e41667e94ac0a1e9244e887eef2debdd474640aa6e@%3Cdev.dlab.apache.org%3E",
+ "https://lists.apache.org/thread.html/a585f64d14c31ab393b90c5f17e41d9765a1a17eec63856ce750af46@%3Cdev.dlab.apache.org%3E",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00060.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00073.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00011.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00015.html",
+ "http://www.openwall.com/lists/oss-security/2019/06/28/2",
+ "http://www.openwall.com/lists/oss-security/2019/07/06/3",
+ "http://www.openwall.com/lists/oss-security/2019/07/06/4",
+ "https://usn.ubuntu.com/4048-1/",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00084.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EGZKRCKI3Y7FMADO2MENMT4TU24QGHFR/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLC52IOJN6IQJWJ6CUI6AIUP6GVVG2QP/",
+ "https://lists.apache.org/thread.html/24e54e3c6b2259e3903b6b8fe26896ac649c481ea99c5739468c92a3@%3Cdev.dlab.apache.org%3E",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00007.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00029.html",
+ "http://www.openwall.com/lists/oss-security/2019/10/24/1",
+ "http://www.openwall.com/lists/oss-security/2019/10/29/3",
+ "https://security.gentoo.org/glsa/202003-21",
+ "https://lists.apache.org/thread.html/rc494623986d76593873ce5a40dd69cb3629400d10750d5d7e96b8587@%3Cdev.dlab.apache.org%3E",
+ "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2019-6035",
- Path: "2019/6xxx/CVE-2019-6035.json",
- BlobHash: "3c8c32ae22bd6815d0449ad9712f7f9174466a99",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-6035",
+ Path: "2019/6xxx/CVE-2019-6035.json",
+ BlobHash: "3c8c32ae22bd6815d0449ad9712f7f9174466a99",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/yahoo/athenz",
+ "https://github.com/yahoo/athenz/pull/700",
+ "http://jvn.jp/en/jp/JVN57070811/index.html",
+ },
},
-
{
- ID: "CVE-2019-8336",
- Path: "2019/8xxx/CVE-2019-8336.json",
- BlobHash: "abe831f5016cc79fd871b617a7af877ee0b0a4a0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-8336",
+ Path: "2019/8xxx/CVE-2019-8336.json",
+ BlobHash: "abe831f5016cc79fd871b617a7af877ee0b0a4a0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/issues/5423",
+ },
},
-
{
- ID: "CVE-2019-8400",
- Path: "2019/8xxx/CVE-2019-8400.json",
- BlobHash: "4b34b7a6ba89e99f7d3c8e07983001c666379f0d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-8400",
+ Path: "2019/8xxx/CVE-2019-8400.json",
+ BlobHash: "4b34b7a6ba89e99f7d3c8e07983001c666379f0d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://drive.google.com/file/d/1-25expUYVfK6vsiCmEabUCuelOP7aUDj/view?usp=drivesdk",
+ "https://www.youtube.com/watch?v=RIyZLeKEC8E",
+ "https://github.com/ory/hydra/blob/master/CHANGELOG.md#v100-rc3oryos9-2018-12-06",
+ "https://hackerone.com/reports/456333",
+ "https://github.com/ory/hydra/commit/9b5bbd48a72096930af08402c5e07fce7dd770f3",
+ },
},
-
{
- ID: "CVE-2019-9547",
- Path: "2019/9xxx/CVE-2019-9547.json",
- BlobHash: "a944bea3ea8cd2b38f441dd27151e01f83403424",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9547",
+ Path: "2019/9xxx/CVE-2019-9547.json",
+ BlobHash: "a944bea3ea8cd2b38f441dd27151e01f83403424",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/spdk/spdk/releases/tag/v19.01",
+ "https://github.com/spdk/spdk/commit/eca42c66092b9031711afe215fbc1891ee55f143",
+ },
},
-
{
- ID: "CVE-2019-9635",
- Path: "2019/9xxx/CVE-2019-9635.json",
- BlobHash: "9d58ae865204551751290c66abbff27e40f4ecd4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9635",
+ Path: "2019/9xxx/CVE-2019-9635.json",
+ BlobHash: "9d58ae865204551751290c66abbff27e40f4ecd4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2019-001.md",
+ },
},
-
{
- ID: "CVE-2019-9764",
- Path: "2019/9xxx/CVE-2019-9764.json",
- BlobHash: "d7793034dbd0ce5a1900da4dee3aea04c8082989",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9764",
+ Path: "2019/9xxx/CVE-2019-9764.json",
+ BlobHash: "d7793034dbd0ce5a1900da4dee3aea04c8082989",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/issues/5519",
+ },
},
-
{
- ID: "CVE-2019-9900",
- Path: "2019/9xxx/CVE-2019-9900.json",
- BlobHash: "236cb5b5fc6add61e91d73d6cb274f965889b736",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9900",
+ Path: "2019/9xxx/CVE-2019-9900.json",
+ BlobHash: "236cb5b5fc6add61e91d73d6cb274f965889b736",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://access.redhat.com/errata/RHSA-2019:0741",
+ "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/issues/6434",
+ "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x74r-f4mw-c32h",
+ },
},
-
{
- ID: "CVE-2019-9901",
- Path: "2019/9xxx/CVE-2019-9901.json",
- BlobHash: "df957110c5812905fe08c8808751fddc18b66f32",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9901",
+ Path: "2019/9xxx/CVE-2019-9901.json",
+ BlobHash: "df957110c5812905fe08c8808751fddc18b66f32",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.9.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/issues/6435",
+ "https://groups.google.com/forum/#!topic/envoy-announce/VoHfnDqZiAM",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcx5-93pw-jw2w",
+ },
},
-
{
- ID: "CVE-2019-9946",
- Path: "2019/9xxx/CVE-2019-9946.json",
- BlobHash: "0fdd06a121187709d8e863358fbc539a51bfcbba",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2019-9946",
+ Path: "2019/9xxx/CVE-2019-9946.json",
+ BlobHash: "0fdd06a121187709d8e863358fbc539a51bfcbba",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272",
+ "https://security.netapp.com/advisory/ntap-20190416-0002/",
+ "https://access.redhat.com/errata/RHBA-2019:0862",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FCN66VYB3XS76SYH567SO7N3I254JOCT/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGOOWAELGH3F7OXRBPH3HCNZELNLXYTW/",
+ },
},
-
{
- ID: "CVE-2020-10660",
- Path: "2020/10xxx/CVE-2020-10660.json",
- BlobHash: "afe60fafe6b51c1e333bc6bf414cf05ab10d0d48",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10660",
+ Path: "2020/10xxx/CVE-2020-10660.json",
+ BlobHash: "afe60fafe6b51c1e333bc6bf414cf05ab10d0d48",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
+ },
},
-
{
- ID: "CVE-2020-10661",
- Path: "2020/10xxx/CVE-2020-10661.json",
- BlobHash: "18b1302eca7464a23928bd9215e655cb1dc02056",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10661",
+ Path: "2020/10xxx/CVE-2020-10661.json",
+ BlobHash: "18b1302eca7464a23928bd9215e655cb1dc02056",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#134-march-19th-2020",
+ },
},
-
{
- ID: "CVE-2020-10685",
- Path: "2020/10xxx/CVE-2020-10685.json",
- BlobHash: "bed787e624fb760bf7e3974a111b0aa030a5f20d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10685",
+ Path: "2020/10xxx/CVE-2020-10685.json",
+ BlobHash: "bed787e624fb760bf7e3974a111b0aa030a5f20d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10685",
+ "https://github.com/ansible/ansible/pull/68433",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-10691",
- Path: "2020/10xxx/CVE-2020-10691.json",
- BlobHash: "6c5d50dd00f6d10db0ec80c974927572cbb61de6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10691",
+ Path: "2020/10xxx/CVE-2020-10691.json",
+ BlobHash: "6c5d50dd00f6d10db0ec80c974927572cbb61de6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10691",
+ "https://github.com/ansible/ansible/pull/68596",
+ },
},
-
{
- ID: "CVE-2020-10696",
- Path: "2020/10xxx/CVE-2020-10696.json",
- BlobHash: "461bbeb746dd1ff55af64811a3893be09affe1df",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10696",
+ Path: "2020/10xxx/CVE-2020-10696.json",
+ BlobHash: "461bbeb746dd1ff55af64811a3893be09affe1df",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10696",
+ "https://github.com/containers/buildah/pull/2245",
+ "https://access.redhat.com/security/cve/cve-2020-10696",
+ },
},
-
{
- ID: "CVE-2020-10706",
- Path: "2020/10xxx/CVE-2020-10706.json",
- BlobHash: "997d4d69ee84e69e79ed69d294d6948ec6400695",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10706",
+ Path: "2020/10xxx/CVE-2020-10706.json",
+ BlobHash: "997d4d69ee84e69e79ed69d294d6948ec6400695",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10706",
+ },
},
-
{
- ID: "CVE-2020-10712",
- Path: "2020/10xxx/CVE-2020-10712.json",
- BlobHash: "8ac05635085e0b20cddadaa67975ff3963764488",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10712",
+ Path: "2020/10xxx/CVE-2020-10712.json",
+ BlobHash: "8ac05635085e0b20cddadaa67975ff3963764488",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10712",
+ },
},
-
{
- ID: "CVE-2020-10715",
- Path: "2020/10xxx/CVE-2020-10715.json",
- BlobHash: "b63d43881d1fba101f9b921b1f02e82baae4e90f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10715",
+ Path: "2020/10xxx/CVE-2020-10715.json",
+ BlobHash: "b63d43881d1fba101f9b921b1f02e82baae4e90f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin-web-console/pull/3173",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1767665",
+ },
},
-
{
- ID: "CVE-2020-10749",
- Path: "2020/10xxx/CVE-2020-10749.json",
- BlobHash: "8822dd27a56bcc2137fcdecb52aa167910a3fe59",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10749",
+ Path: "2020/10xxx/CVE-2020-10749.json",
+ BlobHash: "8822dd27a56bcc2137fcdecb52aa167910a3fe59",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10749",
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00063.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00065.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DV3HCDZYUTPPVDUMTZXDKK6IUO3JMGJC/",
+ },
},
-
{
- ID: "CVE-2020-10750",
- Path: "2020/10xxx/CVE-2020-10750.json",
- BlobHash: "dfa783a0f815bd8b222cd3dcd2ecbafdd018dbfc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10750",
+ Path: "2020/10xxx/CVE-2020-10750.json",
+ BlobHash: "dfa783a0f815bd8b222cd3dcd2ecbafdd018dbfc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10750",
+ "https://github.com/jaegertracing/jaeger/releases/tag/v1.18.1",
+ },
},
-
{
- ID: "CVE-2020-10752",
- Path: "2020/10xxx/CVE-2020-10752.json",
- BlobHash: "19ebc5ac73d637204c098c0830ec8b4e4a5157bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10752",
+ Path: "2020/10xxx/CVE-2020-10752.json",
+ BlobHash: "19ebc5ac73d637204c098c0830ec8b4e4a5157bc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openshift/origin/blob/master/vendor/k8s.io/kubernetes/staging/src/k8s.io/apiserver/pkg/server/filters/wrap.go#L39",
+ "https://github.com/openshift/enhancements/pull/323",
+ },
},
-
{
- ID: "CVE-2020-10763",
- Path: "2020/10xxx/CVE-2020-10763.json",
- BlobHash: "f11aba3a3166d14eb4f5d0aa25f1e14c6dc1a4f5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10763",
+ Path: "2020/10xxx/CVE-2020-10763.json",
+ BlobHash: "f11aba3a3166d14eb4f5d0aa25f1e14c6dc1a4f5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1845387",
+ "https://github.com/heketi/heketi/releases/tag/v10.1.0",
+ },
},
-
{
- ID: "CVE-2020-10944",
- Path: "2020/10xxx/CVE-2020-10944.json",
- BlobHash: "0fcfa628243c48bdb9c07e0ed2c83806793a2b47",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-10944",
+ Path: "2020/10xxx/CVE-2020-10944.json",
+ BlobHash: "0fcfa628243c48bdb9c07e0ed2c83806793a2b47",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/nomad/issues/7468",
+ },
},
-
{
- ID: "CVE-2020-11008",
- Path: "2020/11xxx/CVE-2020-11008.json",
- BlobHash: "49b7673095fcc8b089bff21bac55476915375266",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11008",
+ Path: "2020/11xxx/CVE-2020-11008.json",
+ BlobHash: "49b7673095fcc8b089bff21bac55476915375266",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7",
+ "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q",
+ "https://github.com/git/git/commit/c44088ecc4b0722636e0a305f9608d3047197282",
+ "https://security.gentoo.org/glsa/202004-13",
+ "https://lists.debian.org/debian-lts-announce/2020/04/msg00015.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/",
+ "https://usn.ubuntu.com/4334-1/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
+ "https://support.apple.com/kb/HT211183",
+ "http://seclists.org/fulldisclosure/2020/May/41",
+ },
},
-
{
- ID: "CVE-2020-11012",
- Path: "2020/11xxx/CVE-2020-11012.json",
- BlobHash: "eda555e8b97f25306c94cfcb961ee6c97bc7005c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11012",
+ Path: "2020/11xxx/CVE-2020-11012.json",
+ BlobHash: "eda555e8b97f25306c94cfcb961ee6c97bc7005c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/minio/minio/security/advisories/GHSA-xv4r-vccv-mg4w",
+ "https://github.com/minio/minio/pull/9422",
+ "https://github.com/minio/minio/commit/4cd6ca02c7957aeb2de3eede08b0754332a77923",
+ "https://github.com/minio/minio/releases/tag/RELEASE.2020-04-23T00-58-49Z",
+ },
},
-
{
- ID: "CVE-2020-11013",
- Path: "2020/11xxx/CVE-2020-11013.json",
- BlobHash: "094ee70f2f433077aaee4062ac5c12fb19dc8df2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11013",
+ Path: "2020/11xxx/CVE-2020-11013.json",
+ BlobHash: "094ee70f2f433077aaee4062ac5c12fb19dc8df2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-q8q8-93cv-v6h8",
+ "https://github.com/helm/helm/releases/tag/v3.2.0",
+ },
},
-
{
- ID: "CVE-2020-11053",
- Path: "2020/11xxx/CVE-2020-11053.json",
- BlobHash: "35faf332602e9f8a188e8842e36b59318312184f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11053",
+ Path: "2020/11xxx/CVE-2020-11053.json",
+ BlobHash: "35faf332602e9f8a188e8842e36b59318312184f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg",
+ },
},
-
{
- ID: "CVE-2020-11080",
- Path: "2020/11xxx/CVE-2020-11080.json",
- BlobHash: "4fa5eac63a53a7eb9f7f4eea563e03111bac58e7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11080",
+ Path: "2020/11xxx/CVE-2020-11080.json",
+ BlobHash: "4fa5eac63a53a7eb9f7f4eea563e03111bac58e7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.debian.org/security/2020/dsa-4696",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAC2AA36OTRHKSVM5OV7TTVB3CZIGEFL/",
+ "https://www.oracle.com/security-alerts/cpujul2020.html",
+ "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr",
+ "https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090",
+ "https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394",
+ "https://www.oracle.com/security-alerts/cpuoct2020.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4OOYAMJVLLCLXDTHW3V5UXNULZBBK4O6/",
+ "https://www.oracle.com/security-alerts/cpujan2021.html",
+ },
},
-
{
- ID: "CVE-2020-11091",
- Path: "2020/11xxx/CVE-2020-11091.json",
- BlobHash: "e4d76ded9cbc0f4dfae213028ecfe4ff8003e0fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11091",
+ Path: "2020/11xxx/CVE-2020-11091.json",
+ BlobHash: "e4d76ded9cbc0f4dfae213028ecfe4ff8003e0fb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/weaveworks/weave/security/advisories/GHSA-59qg-grp7-5r73",
+ "https://github.com/weaveworks/weave/commit/15f21f1899060f7716c70a8555a084e836f39a60",
+ },
},
-
{
- ID: "CVE-2020-11110",
- Path: "2020/11xxx/CVE-2020-11110.json",
- BlobHash: "3a67b7a18ba3de7f72afe992db666d0e7235ef6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11110",
+ Path: "2020/11xxx/CVE-2020-11110.json",
+ BlobHash: "3a67b7a18ba3de7f72afe992db666d0e7235ef6c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/blob/master/CHANGELOG.md",
+ "https://security.netapp.com/advisory/ntap-20200810-0002/",
+ },
},
-
{
- ID: "CVE-2020-11498",
- Path: "2020/11xxx/CVE-2020-11498.json",
- BlobHash: "2bfc8ec0f4298b3d984e25c885470da69e1e0314",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11498",
+ Path: "2020/11xxx/CVE-2020-11498.json",
+ BlobHash: "2bfc8ec0f4298b3d984e25c885470da69e1e0314",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/slackhq/nebula/pull/191",
+ "http://www.pwn3d.org/posts/7918501-slack-nebula-relative-path-bug-bounty-disclosure",
+ },
},
-
{
- ID: "CVE-2020-11576",
- Path: "2020/11xxx/CVE-2020-11576.json",
- BlobHash: "f003dec53d4d2ef8de2dc76461a02cb5b3268a3d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11576",
+ Path: "2020/11xxx/CVE-2020-11576.json",
+ BlobHash: "f003dec53d4d2ef8de2dc76461a02cb5b3268a3d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo-cd/pull/3215",
+ "https://github.com/argoproj/argo-cd/commit/35a7350b7444bcaf53ee0bb11b9d8e3ae4b717a1",
+ "https://www.soluble.ai/blog/argo-cves-2020",
+ },
},
-
{
- ID: "CVE-2020-11710",
- Path: "2020/11xxx/CVE-2020-11710.json",
- BlobHash: "06704241be0913c4e32085f5fe9d42d3d02589f6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11710",
+ Path: "2020/11xxx/CVE-2020-11710.json",
+ BlobHash: "06704241be0913c4e32085f5fe9d42d3d02589f6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/Kong/kong",
+ "https://github.com/Kong/docs.konghq.com/commit/d693827c32144943a2f45abc017c1321b33ff611",
+ "https://github.com/Kong/docker-kong/commit/dfa095cadf7e8309155be51982d8720daf32e31c",
+ "https://github.com/Kong/docs.konghq.com/commit/e99cf875d875dd84fdb751079ac37882c9972949",
+ },
},
-
{
- ID: "CVE-2020-11767",
- Path: "2020/11xxx/CVE-2020-11767.json",
- BlobHash: "2da1921971291d993c9d73746cef16d55339bc2f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-11767",
+ Path: "2020/11xxx/CVE-2020-11767.json",
+ BlobHash: "2da1921971291d993c9d73746cef16d55339bc2f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.chromium.org/p/chromium/issues/detail?id=954160#c5",
+ "https://github.com/envoyproxy/envoy/issues/6767",
+ "https://github.com/istio/istio/issues/9429",
+ "https://github.com/istio/istio/issues/13589",
+ },
},
-
{
- ID: "CVE-2020-12118",
- Path: "2020/12xxx/CVE-2020-12118.json",
- BlobHash: "625c805c88e57aafe0bfca5d2f8e5be9d5114990",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12118",
+ Path: "2020/12xxx/CVE-2020-12118.json",
+ BlobHash: "625c805c88e57aafe0bfca5d2f8e5be9d5114990",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/binance-chain/tss-lib/pull/89",
+ "https://github.com/binance-chain/tss-lib/releases/tag/v1.2.0",
+ },
},
-
{
- ID: "CVE-2020-12245",
- Path: "2020/12xxx/CVE-2020-12245.json",
- BlobHash: "616c91ca3b57b2b744bd08a30ad12b9704199d15",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12245",
+ Path: "2020/12xxx/CVE-2020-12245.json",
+ BlobHash: "616c91ca3b57b2b744bd08a30ad12b9704199d15",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#673-2020-04-23",
+ "https://community.grafana.com/t/release-notes-v6-7-x/27119",
+ "https://github.com/grafana/grafana/pull/23816",
+ "https://security.netapp.com/advisory/ntap-20200511-0001/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00060.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00083.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00009.html",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00017.html",
+ },
},
-
{
- ID: "CVE-2020-12278",
- Path: "2020/12xxx/CVE-2020-12278.json",
- BlobHash: "861d14b4598cc4348972ddad1a39a4b976945a7f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12278",
+ Path: "2020/12xxx/CVE-2020-12278.json",
+ BlobHash: "861d14b4598cc4348972ddad1a39a4b976945a7f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/git/git/security/advisories/GHSA-5wph-8frv-58vj",
+ "https://github.com/libgit2/libgit2/releases/tag/v0.99.0",
+ "https://github.com/libgit2/libgit2/releases/tag/v0.28.4",
+ "https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01",
+ "https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb",
+ },
},
-
{
- ID: "CVE-2020-12279",
- Path: "2020/12xxx/CVE-2020-12279.json",
- BlobHash: "a9ca1a376635da8365a74526596e71051eaf85bc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12279",
+ Path: "2020/12xxx/CVE-2020-12279.json",
+ BlobHash: "a9ca1a376635da8365a74526596e71051eaf85bc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/libgit2/libgit2/releases/tag/v0.99.0",
+ "https://github.com/libgit2/libgit2/releases/tag/v0.28.4",
+ "https://github.com/git/git/security/advisories/GHSA-589j-mmg9-733v",
+ "https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4",
+ },
},
-
{
- ID: "CVE-2020-12283",
- Path: "2020/12xxx/CVE-2020-12283.json",
- BlobHash: "c3d171533a26a23b619ad725f8fc12aec7637849",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12283",
+ Path: "2020/12xxx/CVE-2020-12283.json",
+ BlobHash: "c3d171533a26a23b619ad725f8fc12aec7637849",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/sourcegraph/sourcegraph/pull/10167",
+ "https://github.com/sourcegraph/sourcegraph/compare/v3.15.0...v3.15.1",
+ "https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64",
+ "https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md",
+ "https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph",
+ },
},
-
{
- ID: "CVE-2020-12458",
- Path: "2020/12xxx/CVE-2020-12458.json",
- BlobHash: "cdec1bb3fb314b5c27d7374bad63975a26fa55e6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12458",
+ Path: "2020/12xxx/CVE-2020-12458.json",
+ BlobHash: "cdec1bb3fb314b5c27d7374bad63975a26fa55e6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/issues/8283",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1827765",
+ "https://access.redhat.com/security/cve/CVE-2020-12458",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/",
+ "https://security.netapp.com/advisory/ntap-20200518-0001/",
+ },
},
-
{
- ID: "CVE-2020-12459",
- Path: "2020/12xxx/CVE-2020-12459.json",
- BlobHash: "03485979cc6e5e9b2c6d6cfa0360fb3f3b6477f8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12459",
+ Path: "2020/12xxx/CVE-2020-12459.json",
+ BlobHash: "03485979cc6e5e9b2c6d6cfa0360fb3f3b6477f8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/issues/8283",
+ "https://access.redhat.com/security/cve/CVE-2020-12459",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1829724",
+ "https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CTQCKJZZYXMCSHJFZZ3YXEO5NUBANGZS/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WEBCIEVSYIDDCA7FTRS2IFUOYLIQU34A/",
+ "https://security.netapp.com/advisory/ntap-20200518-0004/",
+ },
},
-
{
- ID: "CVE-2020-12603",
- Path: "2020/12xxx/CVE-2020-12603.json",
- BlobHash: "7921cd1fe37271cd23d6fbd97dd6bf8648a570d2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12603",
+ Path: "2020/12xxx/CVE-2020-12603.json",
+ BlobHash: "7921cd1fe37271cd23d6fbd97dd6bf8648a570d2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy-setec/issues/80",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-pc38-4q6c-85p6",
+ },
},
-
{
- ID: "CVE-2020-12604",
- Path: "2020/12xxx/CVE-2020-12604.json",
- BlobHash: "306d21154935ffdff9526f480445a678a3466151",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12604",
+ Path: "2020/12xxx/CVE-2020-12604.json",
+ BlobHash: "306d21154935ffdff9526f480445a678a3466151",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/commits/master",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-8hf8-8gvw-ggvx",
+ },
},
-
{
- ID: "CVE-2020-12605",
- Path: "2020/12xxx/CVE-2020-12605.json",
- BlobHash: "dc93e6a6f6445f141dd06a0440940375304156f1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12605",
+ Path: "2020/12xxx/CVE-2020-12605.json",
+ BlobHash: "dc93e6a6f6445f141dd06a0440940375304156f1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy-setec/issues/137",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fjxc-jj43-f777",
+ },
},
-
{
- ID: "CVE-2020-12757",
- Path: "2020/12xxx/CVE-2020-12757.json",
- BlobHash: "ac21b00cd3522a4933f9bf719e1c8260b985c974",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12757",
+ Path: "2020/12xxx/CVE-2020-12757.json",
+ BlobHash: "ac21b00cd3522a4933f9bf719e1c8260b985c974",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
+ },
},
-
{
- ID: "CVE-2020-12758",
- Path: "2020/12xxx/CVE-2020-12758.json",
- BlobHash: "b3e8bdddb005a15366c5a85809f500b72a463df2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12758",
+ Path: "2020/12xxx/CVE-2020-12758.json",
+ BlobHash: "b3e8bdddb005a15366c5a85809f500b72a463df2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/pull/7783",
+ },
},
-
{
- ID: "CVE-2020-12797",
- Path: "2020/12xxx/CVE-2020-12797.json",
- BlobHash: "db1a0c6081be54b27a441939d9628fa00abd7d79",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-12797",
+ Path: "2020/12xxx/CVE-2020-12797.json",
+ BlobHash: "db1a0c6081be54b27a441939d9628fa00abd7d79",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/pull/8047",
+ },
},
-
{
- ID: "CVE-2020-13170",
- Path: "2020/13xxx/CVE-2020-13170.json",
- BlobHash: "c5cfc8d95bd3b388fb13f5286707ec01ee3de264",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13170",
+ Path: "2020/13xxx/CVE-2020-13170.json",
+ BlobHash: "c5cfc8d95bd3b388fb13f5286707ec01ee3de264",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/pull/8068",
+ },
},
-
{
- ID: "CVE-2020-13223",
- Path: "2020/13xxx/CVE-2020-13223.json",
- BlobHash: "7b3e591fb1f19e2da0e1c47fd65218f1c28997b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13223",
+ Path: "2020/13xxx/CVE-2020-13223.json",
+ BlobHash: "7b3e591fb1f19e2da0e1c47fd65218f1c28997b9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#142-may-21st-2020",
+ },
},
-
{
- ID: "CVE-2020-13246",
- Path: "2020/13xxx/CVE-2020-13246.json",
- BlobHash: "9a649cb20e560e89d2bedf10e48c8d90282e74be",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13246",
+ Path: "2020/13xxx/CVE-2020-13246.json",
+ BlobHash: "9a649cb20e560e89d2bedf10e48c8d90282e74be",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/issues/10549",
+ "https://github.com/go-gitea/gitea/pull/11438",
+ "https://www.youtube.com/watch?v=DmVgADSVS88",
+ },
},
-
{
- ID: "CVE-2020-13250",
- Path: "2020/13xxx/CVE-2020-13250.json",
- BlobHash: "90cd61a54bd8ca27ad801f95bab9250095ec68d0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13250",
+ Path: "2020/13xxx/CVE-2020-13250.json",
+ BlobHash: "90cd61a54bd8ca27ad801f95bab9250095ec68d0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/consul/pull/8023",
+ "https://github.com/hashicorp/consul/blob/v1.6.6/CHANGELOG.md",
+ "https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md",
+ },
},
-
{
- ID: "CVE-2020-13401",
- Path: "2020/13xxx/CVE-2020-13401.json",
- BlobHash: "5db4a90b1a48460ea29578043949b311359777e8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13401",
+ Path: "2020/13xxx/CVE-2020-13401.json",
+ BlobHash: "5db4a90b1a48460ea29578043949b311359777e8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://docs.docker.com/engine/release-notes/",
+ "http://www.openwall.com/lists/oss-security/2020/06/01/5",
+ "https://github.com/docker/docker-ce/releases/tag/v19.03.11",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DN4JQAOXBE3XUNK3FD423LHE3K74EMJT/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJZLKRCOJMOGUIJI2AS27BOZS3RBEF3K/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00040.html",
+ "https://www.debian.org/security/2020/dsa-4716",
+ "https://security.netapp.com/advisory/ntap-20200717-0002/",
+ "https://security.gentoo.org/glsa/202008-15",
+ },
},
-
{
- ID: "CVE-2020-13430",
- Path: "2020/13xxx/CVE-2020-13430.json",
- BlobHash: "0196be588481d0cc2288cef28f8cb57f5417af3c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13430",
+ Path: "2020/13xxx/CVE-2020-13430.json",
+ BlobHash: "0196be588481d0cc2288cef28f8cb57f5417af3c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/releases/tag/v7.0.0",
+ "https://github.com/grafana/grafana/pull/24539",
+ "https://security.netapp.com/advisory/ntap-20200528-0003/",
+ },
},
-
{
- ID: "CVE-2020-13449",
- Path: "2020/13xxx/CVE-2020-13449.json",
- BlobHash: "17a03c8be88615c863ac5cf82112d1e31a30d323",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13449",
+ Path: "2020/13xxx/CVE-2020-13449.json",
+ BlobHash: "17a03c8be88615c863ac5cf82112d1e31a30d323",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/thecodingmachine/gotenberg/issues/199",
+ "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
+ },
},
-
{
- ID: "CVE-2020-13450",
- Path: "2020/13xxx/CVE-2020-13450.json",
- BlobHash: "96a4e9c87a8714691a5eab17acec86406aafeac6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13450",
+ Path: "2020/13xxx/CVE-2020-13450.json",
+ BlobHash: "96a4e9c87a8714691a5eab17acec86406aafeac6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/thecodingmachine/gotenberg/issues/199",
+ "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
+ },
},
-
{
- ID: "CVE-2020-13451",
- Path: "2020/13xxx/CVE-2020-13451.json",
- BlobHash: "1c80691154fe0a5f68df5e33af3919a910bfa597",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13451",
+ Path: "2020/13xxx/CVE-2020-13451.json",
+ BlobHash: "1c80691154fe0a5f68df5e33af3919a910bfa597",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/thecodingmachine/gotenberg/issues/199",
+ "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
+ },
},
-
{
- ID: "CVE-2020-13452",
- Path: "2020/13xxx/CVE-2020-13452.json",
- BlobHash: "9ccd02a6b2b6b8f7156f996b71b11bdf8be4bdf5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13452",
+ Path: "2020/13xxx/CVE-2020-13452.json",
+ BlobHash: "9ccd02a6b2b6b8f7156f996b71b11bdf8be4bdf5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/thecodingmachine/gotenberg/issues/199",
+ "http://packetstormsecurity.com/files/160744/Gotenberg-6.2.0-Traversal-Code-Execution-Insecure-Permissions.html",
+ },
},
-
{
- ID: "CVE-2020-13597",
- Path: "2020/13xxx/CVE-2020-13597.json",
- BlobHash: "9344e780825e6ee6ee9f002ff3bfca76bc8a298b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13597",
+ Path: "2020/13xxx/CVE-2020-13597.json",
+ BlobHash: "9344e780825e6ee6ee9f002ff3bfca76bc8a298b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.projectcalico.org/security-bulletins/",
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/BMb_6ICCfp8",
+ "https://github.com/kubernetes/kubernetes/issues/91507",
+ },
},
-
{
- ID: "CVE-2020-13788",
- Path: "2020/13xxx/CVE-2020-13788.json",
- BlobHash: "94dae312a3e1a91ed7bd20ef9ca4a81f3ae95583",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13788",
+ Path: "2020/13xxx/CVE-2020-13788.json",
+ BlobHash: "94dae312a3e1a91ed7bd20ef9ca4a81f3ae95583",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/releases",
+ "https://www.soluble.ai/blog/harbor-ssrf-cve-2020-13788",
+ "https://www.youtube.com/watch?v=v8Isqy4yR3Q",
+ },
},
-
{
- ID: "CVE-2020-13794",
- Path: "2020/13xxx/CVE-2020-13794.json",
- BlobHash: "cb3c9de369ff824af51b6b18346b3f1d21242fb0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-13794",
+ Path: "2020/13xxx/CVE-2020-13794.json",
+ BlobHash: "cb3c9de369ff824af51b6b18346b3f1d21242fb0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/releases",
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-q9p8-33wc-h432",
+ "https://www.cybereagle.io/blog/cve-2020-13794/",
+ },
},
-
{
- ID: "CVE-2020-14144",
- Path: "2020/14xxx/CVE-2020-14144.json",
- BlobHash: "45e745dadce235e2420c3eeead0b337d1df1ebed",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-14144",
+ Path: "2020/14xxx/CVE-2020-14144.json",
+ BlobHash: "45e745dadce235e2420c3eeead0b337d1df1ebed",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/releases",
+ "https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/",
+ "https://github.com/go-gitea/gitea/pull/13058",
+ "https://docs.gitlab.com/ee/administration/server_hooks.html",
+ "https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script",
+ "http://packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html",
+ },
},
-
{
- ID: "CVE-2020-14306",
- Path: "2020/14xxx/CVE-2020-14306.json",
- BlobHash: "7bd070a5ed90353454650d9b7c884d02a8b6d18f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-14306",
+ Path: "2020/14xxx/CVE-2020-14306.json",
+ BlobHash: "7bd070a5ed90353454650d9b7c884d02a8b6d18f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/maistra/istio-operator/pull/462",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1850380",
+ },
},
-
{
- ID: "CVE-2020-14330",
- Path: "2020/14xxx/CVE-2020-14330.json",
- BlobHash: "03c537b1619b4365a94d10cf314fd180e9c06e7d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-14330",
+ Path: "2020/14xxx/CVE-2020-14330.json",
+ BlobHash: "03c537b1619b4365a94d10cf314fd180e9c06e7d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/issues/68400",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14330",
+ },
},
-
{
- ID: "CVE-2020-14332",
- Path: "2020/14xxx/CVE-2020-14332.json",
- BlobHash: "afb8d34597ddf56c910f3539ba26d6a12f0603b1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-14332",
+ Path: "2020/14xxx/CVE-2020-14332.json",
+ BlobHash: "afb8d34597ddf56c910f3539ba26d6a12f0603b1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ansible/ansible/pull/71033",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-14332",
+ },
},
-
{
- ID: "CVE-2020-14958",
- Path: "2020/14xxx/CVE-2020-14958.json",
- BlobHash: "cf7ec412d6f491b8a2fdf30518ad5fbf8135e8ce",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-14958",
+ Path: "2020/14xxx/CVE-2020-14958.json",
+ BlobHash: "cf7ec412d6f491b8a2fdf30518ad5fbf8135e8ce",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/commit/82ff0c5852f29daa5f95d965fd50665581e7ea3c",
+ "https://github.com/gogs/gogs/pull/5988",
+ },
},
-
{
- ID: "CVE-2020-15104",
- Path: "2020/15xxx/CVE-2020-15104.json",
- BlobHash: "1edfac609c0401df144b93f68b5985348b82b10e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15104",
+ Path: "2020/15xxx/CVE-2020-15104.json",
+ BlobHash: "1edfac609c0401df144b93f68b5985348b82b10e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-w5f5-6qhq-hhrg",
+ },
},
-
{
ID: "CVE-2020-15112",
Path: "2020/15xxx/CVE-2020-15112.json",
BlobHash: "3d87891317ff107037bc0145194ab72df1890411",
CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "covered by GO-2020-0005",
+ TriageState: "HasVuln",
+ TriageStateReason: "GO-2020-0005",
},
-
{
- ID: "CVE-2020-15113",
- Path: "2020/15xxx/CVE-2020-15113.json",
- BlobHash: "9133c3be68ef84771bad74ec8770e1efff7bf0de",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15113",
+ Path: "2020/15xxx/CVE-2020-15113.json",
+ BlobHash: "9133c3be68ef84771bad74ec8770e1efff7bf0de",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
+ },
},
-
{
- ID: "CVE-2020-15114",
- Path: "2020/15xxx/CVE-2020-15114.json",
- BlobHash: "e5fc68a458642e7cf17a7026f3c2f7c5abf88434",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15114",
+ Path: "2020/15xxx/CVE-2020-15114.json",
+ BlobHash: "e5fc68a458642e7cf17a7026f3c2f7c5abf88434",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
+ },
},
-
{
- ID: "CVE-2020-15115",
- Path: "2020/15xxx/CVE-2020-15115.json",
- BlobHash: "f7eace29c0f83893a3d865628dd5733cdd72fd3d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15115",
+ Path: "2020/15xxx/CVE-2020-15115.json",
+ BlobHash: "f7eace29c0f83893a3d865628dd5733cdd72fd3d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
+ },
},
-
{
- ID: "CVE-2020-15127",
- Path: "2020/15xxx/CVE-2020-15127.json",
- BlobHash: "56ec1fae6e4706da0e7d88f246be25d5e955d966",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15127",
+ Path: "2020/15xxx/CVE-2020-15127.json",
+ BlobHash: "56ec1fae6e4706da0e7d88f246be25d5e955d966",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/projectcontour/contour/security/advisories/GHSA-mjp8-x484-pm3r",
+ "https://github.com/projectcontour/contour/releases/tag/v1.7.0",
+ },
},
-
{
- ID: "CVE-2020-15129",
- Path: "2020/15xxx/CVE-2020-15129.json",
- BlobHash: "ce972aecfeb350c6d3a365b51401a16761b2e455",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15129",
+ Path: "2020/15xxx/CVE-2020-15129.json",
+ BlobHash: "ce972aecfeb350c6d3a365b51401a16761b2e455",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containous/traefik/security/advisories/GHSA-6qq8-5wq3-86rp",
+ "https://github.com/containous/traefik/releases/tag/v1.7.26",
+ "https://github.com/containous/traefik/releases/tag/v2.2.8",
+ "https://github.com/containous/traefik/releases/tag/v2.3.0-rc3",
+ "https://github.com/containous/traefik/pull/7109",
+ "https://github.com/containous/traefik/commit/e63db782c11c7b8bfce30be4c902e7ef8f9f33d2",
+ },
},
-
{
- ID: "CVE-2020-15136",
- Path: "2020/15xxx/CVE-2020-15136.json",
- BlobHash: "8f347e8c68494ec8f12395fdb9a73e5b5fe8919c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15136",
+ Path: "2020/15xxx/CVE-2020-15136.json",
+ BlobHash: "8f347e8c68494ec8f12395fdb9a73e5b5fe8919c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q",
+ "https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/gateway.md",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6B6R43Y7M3DCHWK3L3UVGE2K6WWECMP/",
+ },
},
-
{
- ID: "CVE-2020-15157",
- Path: "2020/15xxx/CVE-2020-15157.json",
- BlobHash: "97c472abe48bdb0b5bcfc9476e9e986ddece309d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15157",
+ Path: "2020/15xxx/CVE-2020-15157.json",
+ BlobHash: "97c472abe48bdb0b5bcfc9476e9e986ddece309d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c",
+ "https://github.com/containerd/containerd/releases/tag/v1.2.14",
+ "https://usn.ubuntu.com/4589-1/",
+ "https://usn.ubuntu.com/4589-2/",
+ "https://www.debian.org/security/2021/dsa-4865",
+ },
},
-
{
- ID: "CVE-2020-15184",
- Path: "2020/15xxx/CVE-2020-15184.json",
- BlobHash: "75627eb4432e1e8e595ad18c122450db22d13d29",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15184",
+ Path: "2020/15xxx/CVE-2020-15184.json",
+ BlobHash: "75627eb4432e1e8e595ad18c122450db22d13d29",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-9vp5-m38w-j776",
+ "https://github.com/helm/helm/commit/e7c281564d8306e1dcf8023d97f972449ad74850",
+ },
},
-
{
- ID: "CVE-2020-15185",
- Path: "2020/15xxx/CVE-2020-15185.json",
- BlobHash: "83e7748e619b25d85b7c23fe17b62b93fe5111bf",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15185",
+ Path: "2020/15xxx/CVE-2020-15185.json",
+ BlobHash: "83e7748e619b25d85b7c23fe17b62b93fe5111bf",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-jm56-5h66-w453",
+ "https://github.com/helm/helm/commit/055dd41cbe53ce131ab0357524a7f6729e6e40dc",
+ },
},
-
{
- ID: "CVE-2020-15186",
- Path: "2020/15xxx/CVE-2020-15186.json",
- BlobHash: "bc01ca56a8da6601e8566740fbe6f53a4d9d8215",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15186",
+ Path: "2020/15xxx/CVE-2020-15186.json",
+ BlobHash: "bc01ca56a8da6601e8566740fbe6f53a4d9d8215",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-m54r-vrmv-hw33",
+ "https://github.com/helm/helm/commit/809e2d999e2c33e20e77f6bff30652d79c287542",
+ },
},
-
{
- ID: "CVE-2020-15187",
- Path: "2020/15xxx/CVE-2020-15187.json",
- BlobHash: "ce64bf787d290e1867052ee17f87cd6ba392f3b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15187",
+ Path: "2020/15xxx/CVE-2020-15187.json",
+ BlobHash: "ce64bf787d290e1867052ee17f87cd6ba392f3b0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-c52f-pq47-2r9j",
+ "https://github.com/helm/helm/commit/d9ef5ce8bad512e325390c0011be1244b8380e4b",
+ },
},
-
{
- ID: "CVE-2020-15190",
- Path: "2020/15xxx/CVE-2020-15190.json",
- BlobHash: "69b59e5bf80856e0359142de61ca85efc130db3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15190",
+ Path: "2020/15xxx/CVE-2020-15190.json",
+ BlobHash: "69b59e5bf80856e0359142de61ca85efc130db3a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4g9f-63rx-5cw4",
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/da8558533d925694483d2c136a9220d6d49d843c",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15191",
- Path: "2020/15xxx/CVE-2020-15191.json",
- BlobHash: "bdceab9a0ef2b19dfa872378bb9d67b57fe72da1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15191",
+ Path: "2020/15xxx/CVE-2020-15191.json",
+ BlobHash: "bdceab9a0ef2b19dfa872378bb9d67b57fe72da1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8qj-fc9q-cphr",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15192",
- Path: "2020/15xxx/CVE-2020-15192.json",
- BlobHash: "e84ea5377e0da66e43b115a03cceba37dc5222a7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15192",
+ Path: "2020/15xxx/CVE-2020-15192.json",
+ BlobHash: "e84ea5377e0da66e43b115a03cceba37dc5222a7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-8fxw-76px-3rxv",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15193",
- Path: "2020/15xxx/CVE-2020-15193.json",
- BlobHash: "2943e7e3b913448345f8107a34b3e69e4fbf7763",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15193",
+ Path: "2020/15xxx/CVE-2020-15193.json",
+ BlobHash: "2943e7e3b913448345f8107a34b3e69e4fbf7763",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rjjg-hgv6-h69v",
+ "https://github.com/tensorflow/tensorflow/commit/22e07fb204386768e5bcbea563641ea11f96ceb8",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15194",
- Path: "2020/15xxx/CVE-2020-15194.json",
- BlobHash: "c27861ebb39abe40817ae4993e4bd96d8f92c997",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15194",
+ Path: "2020/15xxx/CVE-2020-15194.json",
+ BlobHash: "c27861ebb39abe40817ae4993e4bd96d8f92c997",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9mqp-7v2h-2382",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15195",
- Path: "2020/15xxx/CVE-2020-15195.json",
- BlobHash: "09764b50866a76569b24649dee251a3e5e79adfa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15195",
+ Path: "2020/15xxx/CVE-2020-15195.json",
+ BlobHash: "09764b50866a76569b24649dee251a3e5e79adfa",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-63xm-rx5p-xvqr",
+ "https://github.com/tensorflow/tensorflow/commit/390611e0d45c5793c7066110af37c8514e6a6c54",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15196",
- Path: "2020/15xxx/CVE-2020-15196.json",
- BlobHash: "b7f3b2b6fb43fa1c289fa5b2046b571c3d35ac69",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15196",
+ Path: "2020/15xxx/CVE-2020-15196.json",
+ BlobHash: "b7f3b2b6fb43fa1c289fa5b2046b571c3d35ac69",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-pg59-2f92-5cph",
+ },
},
-
{
- ID: "CVE-2020-15197",
- Path: "2020/15xxx/CVE-2020-15197.json",
- BlobHash: "eb8804b7987a100032e5f939859ca8a8ce6c4296",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15197",
+ Path: "2020/15xxx/CVE-2020-15197.json",
+ BlobHash: "eb8804b7987a100032e5f939859ca8a8ce6c4296",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qc53-44cj-vfvx",
+ },
},
-
{
- ID: "CVE-2020-15198",
- Path: "2020/15xxx/CVE-2020-15198.json",
- BlobHash: "67f4566285f0919fbd89e2ea900c8282c60e63b1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15198",
+ Path: "2020/15xxx/CVE-2020-15198.json",
+ BlobHash: "67f4566285f0919fbd89e2ea900c8282c60e63b1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-jc87-6vpp-7ff3",
+ },
},
-
{
- ID: "CVE-2020-15199",
- Path: "2020/15xxx/CVE-2020-15199.json",
- BlobHash: "2a6df28b3f1f02fab1823e37601a97fdf58a22c3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15199",
+ Path: "2020/15xxx/CVE-2020-15199.json",
+ BlobHash: "2a6df28b3f1f02fab1823e37601a97fdf58a22c3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x5cp-9pcf-pp3h",
+ },
},
-
{
- ID: "CVE-2020-15200",
- Path: "2020/15xxx/CVE-2020-15200.json",
- BlobHash: "6a686cb7695ff2798e93514481122251bb966816",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15200",
+ Path: "2020/15xxx/CVE-2020-15200.json",
+ BlobHash: "6a686cb7695ff2798e93514481122251bb966816",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x7rp-74x2-mjf3",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ },
},
-
{
- ID: "CVE-2020-15201",
- Path: "2020/15xxx/CVE-2020-15201.json",
- BlobHash: "a184d90bf2119a79767efc4adeadc88978aa81db",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15201",
+ Path: "2020/15xxx/CVE-2020-15201.json",
+ BlobHash: "a184d90bf2119a79767efc4adeadc88978aa81db",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/3cbb917b4714766030b28eba9fb41bb97ce9ee02",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p5f8-gfw5-33w4",
+ },
},
-
{
- ID: "CVE-2020-15202",
- Path: "2020/15xxx/CVE-2020-15202.json",
- BlobHash: "8db71c4621f5a8621f59194d98202222e8f4f73e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15202",
+ Path: "2020/15xxx/CVE-2020-15202.json",
+ BlobHash: "8db71c4621f5a8621f59194d98202222e8f4f73e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6fg-mjxg-hqq4",
+ "https://github.com/tensorflow/tensorflow/commit/27b417360cbd671ef55915e4bb6bb06af8b8a832",
+ "https://github.com/tensorflow/tensorflow/commit/ca8c013b5e97b1373b3bb1c97ea655e69f31a575",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15203",
- Path: "2020/15xxx/CVE-2020-15203.json",
- BlobHash: "be6e48983405407b7a1a0c0449ab4bf524a4caf6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15203",
+ Path: "2020/15xxx/CVE-2020-15203.json",
+ BlobHash: "be6e48983405407b7a1a0c0449ab4bf524a4caf6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xmq7-7fxm-rr79",
+ "https://github.com/tensorflow/tensorflow/commit/33be22c65d86256e6826666662e40dbdfe70ee83",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15204",
- Path: "2020/15xxx/CVE-2020-15204.json",
- BlobHash: "342980aa6ae1f5c0b07fb3b3d513414e09994127",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15204",
+ Path: "2020/15xxx/CVE-2020-15204.json",
+ BlobHash: "342980aa6ae1f5c0b07fb3b3d513414e09994127",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q8gv-q7wr-9jf8",
+ "https://github.com/tensorflow/tensorflow/commit/9a133d73ae4b4664d22bd1aa6d654fec13c52ee1",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15205",
- Path: "2020/15xxx/CVE-2020-15205.json",
- BlobHash: "d11a5519a3651939a3798ff873794184a5f691ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15205",
+ Path: "2020/15xxx/CVE-2020-15205.json",
+ BlobHash: "d11a5519a3651939a3798ff873794184a5f691ae",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g7p5-5759-qv46",
+ "https://github.com/tensorflow/tensorflow/commit/0462de5b544ed4731aa2fb23946ac22c01856b80",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15206",
- Path: "2020/15xxx/CVE-2020-15206.json",
- BlobHash: "fe7b833644ef82b0add4530b2ab94ec513442fd2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15206",
+ Path: "2020/15xxx/CVE-2020-15206.json",
+ BlobHash: "fe7b833644ef82b0add4530b2ab94ec513442fd2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w5gh-2wr2-pm6g",
+ "https://github.com/tensorflow/tensorflow/commit/adf095206f25471e864a8e63a0f1caef53a0e3a6",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15207",
- Path: "2020/15xxx/CVE-2020-15207.json",
- BlobHash: "21067fd9482a3b523ceba1fb574224cb5e5dc478",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15207",
+ Path: "2020/15xxx/CVE-2020-15207.json",
+ BlobHash: "21067fd9482a3b523ceba1fb574224cb5e5dc478",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q4qf-3fc6-8x34",
+ "https://github.com/tensorflow/tensorflow/commit/2d88f470dea2671b430884260f3626b1fe99830a",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15208",
- Path: "2020/15xxx/CVE-2020-15208.json",
- BlobHash: "fbfd53b8d4a5bea542c8e11dbad4cd0b029ab8c2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15208",
+ Path: "2020/15xxx/CVE-2020-15208.json",
+ BlobHash: "fbfd53b8d4a5bea542c8e11dbad4cd0b029ab8c2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-mxjj-953w-2c2v",
+ "https://github.com/tensorflow/tensorflow/commit/8ee24e7949a203d234489f9da2c5bf45a7d5157d",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15209",
- Path: "2020/15xxx/CVE-2020-15209.json",
- BlobHash: "736967f1a08f3de2611a6c5211af41d59163ef52",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15209",
+ Path: "2020/15xxx/CVE-2020-15209.json",
+ BlobHash: "736967f1a08f3de2611a6c5211af41d59163ef52",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qh32-6jjc-qprm",
+ "https://github.com/tensorflow/tensorflow/commit/0b5662bc2be13a8c8f044d925d87fb6e56247cd8",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15210",
- Path: "2020/15xxx/CVE-2020-15210.json",
- BlobHash: "e825062e26147ca204059d7d5770f588b0686443",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15210",
+ Path: "2020/15xxx/CVE-2020-15210.json",
+ BlobHash: "e825062e26147ca204059d7d5770f588b0686443",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-x9j7-x98r-r4w2",
+ "https://github.com/tensorflow/tensorflow/commit/d58c96946b2880991d63d1dacacb32f0a4dfa453",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15211",
- Path: "2020/15xxx/CVE-2020-15211.json",
- BlobHash: "4526d71491a9bcf7f797020f1bebf47843074522",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15211",
+ Path: "2020/15xxx/CVE-2020-15211.json",
+ BlobHash: "4526d71491a9bcf7f797020f1bebf47843074522",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cvpc-8phh-8f45",
+ "https://github.com/tensorflow/tensorflow/commit/46d5b0852528ddfd614ded79bccc75589f801bd9",
+ "https://github.com/tensorflow/tensorflow/commit/00302787b788c5ff04cb6f62aed5a74d936e86c0",
+ "https://github.com/tensorflow/tensorflow/commit/e11f55585f614645b360563072ffeb5c3eeff162",
+ "https://github.com/tensorflow/tensorflow/commit/cd31fd0ce0449a9e0f83dcad08d6ed7f1d6bef3f",
+ "https://github.com/tensorflow/tensorflow/commit/1970c2158b1ffa416d159d03c3370b9a462aee35",
+ "https://github.com/tensorflow/tensorflow/commit/fff2c8326280c07733828f990548979bdc893859",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00065.html",
+ },
},
-
{
- ID: "CVE-2020-15212",
- Path: "2020/15xxx/CVE-2020-15212.json",
- BlobHash: "72d1531ceaaf0863c6d6903a9d1f79da94ce8f76",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15212",
+ Path: "2020/15xxx/CVE-2020-15212.json",
+ BlobHash: "72d1531ceaaf0863c6d6903a9d1f79da94ce8f76",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hx2x-85gr-wrpq",
+ },
},
-
{
- ID: "CVE-2020-15213",
- Path: "2020/15xxx/CVE-2020-15213.json",
- BlobHash: "922ec7d4d730ace15c0fe9983ee4e86692416c02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15213",
+ Path: "2020/15xxx/CVE-2020-15213.json",
+ BlobHash: "922ec7d4d730ace15c0fe9983ee4e86692416c02",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hjmq-236j-8m87",
+ },
},
-
{
- ID: "CVE-2020-15214",
- Path: "2020/15xxx/CVE-2020-15214.json",
- BlobHash: "ce9b6b29509589dc98577cf830707d730300fbe3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15214",
+ Path: "2020/15xxx/CVE-2020-15214.json",
+ BlobHash: "ce9b6b29509589dc98577cf830707d730300fbe3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.3.1",
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-p2cq-cprg-frvm",
+ "https://github.com/tensorflow/tensorflow/commit/204945b19e44b57906c9344c0d00120eeeae178a",
+ },
},
-
{
- ID: "CVE-2020-15223",
- Path: "2020/15xxx/CVE-2020-15223.json",
- BlobHash: "83c8b4250af787675df5a0f49fc85d4346bd4a02",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15223",
+ Path: "2020/15xxx/CVE-2020-15223.json",
+ BlobHash: "83c8b4250af787675df5a0f49fc85d4346bd4a02",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ory/fosite/security/advisories/GHSA-7mqr-2v3q-v2wm",
+ "https://github.com/ory/fosite/commit/03dd55813f5521985f7dd64277b7ba0cf1441319",
+ "https://tools.ietf.org/html/rfc7009#section-2.2.1",
+ },
},
-
{
- ID: "CVE-2020-15233",
- Path: "2020/15xxx/CVE-2020-15233.json",
- BlobHash: "3e3a32a7abdd4d693415cab662f8f3a804d3016f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15233",
+ Path: "2020/15xxx/CVE-2020-15233.json",
+ BlobHash: "3e3a32a7abdd4d693415cab662f8f3a804d3016f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
+ "https://github.com/ory/fosite/security/advisories/GHSA-rfq3-w54c-f9q5",
+ },
},
-
{
- ID: "CVE-2020-15234",
- Path: "2020/15xxx/CVE-2020-15234.json",
- BlobHash: "1e41a8769ee0a2dc219ea475a4496fa7f45b6a90",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15234",
+ Path: "2020/15xxx/CVE-2020-15234.json",
+ BlobHash: "1e41a8769ee0a2dc219ea475a4496fa7f45b6a90",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ory/fosite/security/advisories/GHSA-grfp-q2mm-hfp6",
+ "https://github.com/ory/fosite/commit/cdee51ebe721bfc8acca0fd0b86b030ca70867bf",
+ },
},
-
{
- ID: "CVE-2020-15254",
- Path: "2020/15xxx/CVE-2020-15254.json",
- BlobHash: "8ee99b9d3ed4210fe22e38d0176770eb1539ad14",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15254",
+ Path: "2020/15xxx/CVE-2020-15254.json",
+ BlobHash: "8ee99b9d3ed4210fe22e38d0176770eb1539ad14",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx",
+ "https://github.com/crossbeam-rs/crossbeam/issues/539",
+ "https://github.com/crossbeam-rs/crossbeam/pull/533",
+ "https://github.com/RustSec/advisory-db/pull/425",
+ },
},
-
{
- ID: "CVE-2020-15257",
- Path: "2020/15xxx/CVE-2020-15257.json",
- BlobHash: "d3307806e58681229f67d2d1858ffce149a97ca4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15257",
+ Path: "2020/15xxx/CVE-2020-15257.json",
+ BlobHash: "d3307806e58681229f67d2d1858ffce149a97ca4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4",
+ "https://github.com/containerd/containerd/commit/4a4bb851f5da563ff6e68a83dc837c7699c469ad",
+ "https://github.com/containerd/containerd/releases/tag/v1.4.3",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNKXLOLZWO5FMAPX63ZL7JNKTNNT5NQD/",
+ "https://www.debian.org/security/2021/dsa-4865",
+ },
},
-
{
- ID: "CVE-2020-15265",
- Path: "2020/15xxx/CVE-2020-15265.json",
- BlobHash: "eb0b70648f0fd52e57b8619ffee97256e5f8b7ae",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15265",
+ Path: "2020/15xxx/CVE-2020-15265.json",
+ BlobHash: "eb0b70648f0fd52e57b8619ffee97256e5f8b7ae",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-rrfp-j2mp-hq9c",
+ "https://github.com/tensorflow/tensorflow/issues/42105",
+ "https://github.com/tensorflow/tensorflow/commit/eccb7ec454e6617738554a255d77f08e60ee0808",
+ },
},
-
{
- ID: "CVE-2020-15266",
- Path: "2020/15xxx/CVE-2020-15266.json",
- BlobHash: "d4288afc8306d8d0da027ed34be7977ba9366b79",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15266",
+ Path: "2020/15xxx/CVE-2020-15266.json",
+ BlobHash: "d4288afc8306d8d0da027ed34be7977ba9366b79",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-xwhf-g6j5-j5gc",
+ "https://github.com/tensorflow/tensorflow/issues/42129",
+ "https://github.com/tensorflow/tensorflow/pull/42143/commits/3ade2efec2e90c6237de32a19680caaa3ebc2845",
+ },
},
-
{
- ID: "CVE-2020-15391",
- Path: "2020/15xxx/CVE-2020-15391.json",
- BlobHash: "86980a5a1174555d80467f60769a8329a7bbb7d9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-15391",
+ Path: "2020/15xxx/CVE-2020-15391.json",
+ BlobHash: "86980a5a1174555d80467f60769a8329a7bbb7d9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/devspace-cloud/devspace/tags",
+ "https://github.com/devspace-cloud/devspace/releases/tag/v4.14.0",
+ },
},
-
{
- ID: "CVE-2020-16248",
- Path: "2020/16xxx/CVE-2020-16248.json",
- BlobHash: "444ddc83f5309e202900762cb040330d169e7178",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-16248",
+ Path: "2020/16xxx/CVE-2020-16248.json",
+ BlobHash: "444ddc83f5309e202900762cb040330d169e7178",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/prometheus/blackbox_exporter/issues/669",
+ "https://prometheus.io/docs/operating/security/#exporters",
+ "https://www.openwall.com/lists/oss-security/2020/08/08/3",
+ "https://www.openwall.com/lists/oss-security/2020/08/08/12",
+ "https://seclists.org/oss-sec/2020/q3/94",
+ },
},
-
{
- ID: "CVE-2020-16250",
- Path: "2020/16xxx/CVE-2020-16250.json",
- BlobHash: "67ef5666d43aed3715f5944b1e7c544340c016da",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-16250",
+ Path: "2020/16xxx/CVE-2020-16250.json",
+ BlobHash: "67ef5666d43aed3715f5944b1e7c544340c016da",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
+ "http://packetstormsecurity.com/files/159478/Hashicorp-Vault-AWS-IAM-Integration-Authentication-Bypass.html",
+ },
},
-
{
- ID: "CVE-2020-16251",
- Path: "2020/16xxx/CVE-2020-16251.json",
- BlobHash: "86ec5dea5110b7393008bf3db623a1d0e3982144",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-16251",
+ Path: "2020/16xxx/CVE-2020-16251.json",
+ BlobHash: "86ec5dea5110b7393008bf3db623a1d0e3982144",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#151",
+ "http://packetstormsecurity.com/files/159479/Hashicorp-Vault-GCP-IAM-Integration-Authentication-Bypass.html",
+ },
},
-
{
- ID: "CVE-2020-16844",
- Path: "2020/16xxx/CVE-2020-16844.json",
- BlobHash: "11eeb4570be6985ee8f44d76e1c8aaf4ead9ef4a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-16844",
+ Path: "2020/16xxx/CVE-2020-16844.json",
+ BlobHash: "11eeb4570be6985ee8f44d76e1c8aaf4ead9ef4a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/istio/istio/releases",
+ "https://istio.io/latest/news/security/istio-security-2020-009/",
+ },
},
-
{
- ID: "CVE-2020-1733",
- Path: "2020/1xxx/CVE-2020-1733.json",
- BlobHash: "7199fd13ae2ac658fb5a8ce1c28c710d568d2bf0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1733",
+ Path: "2020/1xxx/CVE-2020-1733.json",
+ BlobHash: "7199fd13ae2ac658fb5a8ce1c28c710d568d2bf0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1733",
+ "https://github.com/ansible/ansible/issues/67791",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-1734",
- Path: "2020/1xxx/CVE-2020-1734.json",
- BlobHash: "8ed8e1886e0b26a4a6122a1caf005d3c203133af",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1734",
+ Path: "2020/1xxx/CVE-2020-1734.json",
+ BlobHash: "8ed8e1886e0b26a4a6122a1caf005d3c203133af",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1734",
+ "https://github.com/ansible/ansible/issues/67792",
+ },
},
-
{
- ID: "CVE-2020-1735",
- Path: "2020/1xxx/CVE-2020-1735.json",
- BlobHash: "372bedb4c5a9e911ad090add905c8034a7463b2d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1735",
+ Path: "2020/1xxx/CVE-2020-1735.json",
+ BlobHash: "372bedb4c5a9e911ad090add905c8034a7463b2d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1735",
+ "https://github.com/ansible/ansible/issues/67793",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-1736",
- Path: "2020/1xxx/CVE-2020-1736.json",
- BlobHash: "e64fe330f308fd24826ea5cd68cd82e3a6c91335",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1736",
+ Path: "2020/1xxx/CVE-2020-1736.json",
+ BlobHash: "e64fe330f308fd24826ea5cd68cd82e3a6c91335",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1736",
+ "https://github.com/ansible/ansible/issues/67794",
+ "https://security.gentoo.org/glsa/202006-11",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NYYQP2XJB2TTRP6AKWVMBSPB2DFJNKD/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BPNZWBAUP4ZHUR6PO7U6ZXEKNCX62KZ7/",
+ },
},
-
{
- ID: "CVE-2020-1737",
- Path: "2020/1xxx/CVE-2020-1737.json",
- BlobHash: "5de1c3fd61a11dce7e1bdc450f3ec4adb319de9b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1737",
+ Path: "2020/1xxx/CVE-2020-1737.json",
+ BlobHash: "5de1c3fd61a11dce7e1bdc450f3ec4adb319de9b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1737",
+ "https://github.com/ansible/ansible/issues/67795",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-1738",
- Path: "2020/1xxx/CVE-2020-1738.json",
- BlobHash: "313a7e1e6ef581235ee7ab691dac6bf899e9cd58",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1738",
+ Path: "2020/1xxx/CVE-2020-1738.json",
+ BlobHash: "313a7e1e6ef581235ee7ab691dac6bf899e9cd58",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1738",
+ "https://github.com/ansible/ansible/issues/67796",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-1739",
- Path: "2020/1xxx/CVE-2020-1739.json",
- BlobHash: "a8b8d6e63980a2416f6b982e5c2d1a9e32664ff1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1739",
+ Path: "2020/1xxx/CVE-2020-1739.json",
+ BlobHash: "a8b8d6e63980a2416f6b982e5c2d1a9e32664ff1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1739",
+ "https://github.com/ansible/ansible/issues/67797",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FWDK3QUVBULS3Q3PQTGEKUQYPSNOU5M3/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QT27K5ZRGDPCH7GT3DRI3LO4IVDVQUB7/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3IMV3XEIUXL6S4KPLYYM4TVJQ2VNEP2/",
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
+ },
},
-
{
- ID: "CVE-2020-1740",
- Path: "2020/1xxx/CVE-2020-1740.json",
- BlobHash: "f73ad4f77c6fa38f410216fc3edb4d294329d165",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1740",
+ Path: "2020/1xxx/CVE-2020-1740.json",
+ BlobHash: "f73ad4f77c6fa38f410216fc3edb4d294329d165",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1740",
+ "https://github.com/ansible/ansible/issues/67798",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQVOQD4VAIXXTVQAJKTN7NUGTJFE2PCB/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DKPA4KC3OJSUFASUYMG66HKJE7ADNGFW/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRRYUU5ZBLPBXCYG6CFP35D64NP2UB2S/",
+ "https://lists.debian.org/debian-lts-announce/2020/05/msg00005.html",
+ "https://security.gentoo.org/glsa/202006-11",
+ },
},
-
{
- ID: "CVE-2020-1746",
- Path: "2020/1xxx/CVE-2020-1746.json",
- BlobHash: "00b42e86162ea2dba91bd9be84113a850c6ec111",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-1746",
+ Path: "2020/1xxx/CVE-2020-1746.json",
+ BlobHash: "00b42e86162ea2dba91bd9be84113a850c6ec111",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1746",
+ "https://github.com/ansible/ansible/pull/67866",
+ },
},
-
{
- ID: "CVE-2020-2023",
- Path: "2020/2xxx/CVE-2020-2023.json",
- BlobHash: "0a1db5ead568b7d0a196dce929750df98d16c45b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-2023",
+ Path: "2020/2xxx/CVE-2020-2023.json",
+ BlobHash: "0a1db5ead568b7d0a196dce929750df98d16c45b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kata-containers/runtime/pull/2487",
+ "https://github.com/kata-containers/runtime/pull/2477",
+ "https://github.com/kata-containers/runtime/issues/2488",
+ "https://github.com/kata-containers/agent/issues/791",
+ "https://github.com/kata-containers/agent/pull/792",
+ "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
+ "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
+ },
},
-
{
- ID: "CVE-2020-2024",
- Path: "2020/2xxx/CVE-2020-2024.json",
- BlobHash: "fabf6af796f277e2955effc7d02a09fb275163b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-2024",
+ Path: "2020/2xxx/CVE-2020-2024.json",
+ BlobHash: "fabf6af796f277e2955effc7d02a09fb275163b0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kata-containers/runtime/issues/2474",
+ "https://github.com/kata-containers/runtime/pull/2475",
+ },
},
-
{
- ID: "CVE-2020-2025",
- Path: "2020/2xxx/CVE-2020-2025.json",
- BlobHash: "6f5a2fc978fbe50ed06ba771582f5c2ad128d624",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-2025",
+ Path: "2020/2xxx/CVE-2020-2025.json",
+ BlobHash: "6f5a2fc978fbe50ed06ba771582f5c2ad128d624",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kata-containers/runtime/pull/2487",
+ },
},
-
{
- ID: "CVE-2020-2026",
- Path: "2020/2xxx/CVE-2020-2026.json",
- BlobHash: "94164a6a0933d7d8d37c91606e6348ab38531df4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-2026",
+ Path: "2020/2xxx/CVE-2020-2026.json",
+ BlobHash: "94164a6a0933d7d8d37c91606e6348ab38531df4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kata-containers/runtime/releases/tag/1.11.1",
+ "https://github.com/kata-containers/runtime/releases/tag/1.10.5",
+ "https://github.com/kata-containers/runtime/issues/2712",
+ "https://github.com/kata-containers/runtime/pull/2713",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NJAMOVB7DSOGX7J26QH5HZKU7GSSX2VU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JPBKAQBF3OR72N55GWM2TDYQP2OHK6H/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6W5MKF7HSAIL2AX2BX6RV4WWVGUIKVLS/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWACJQSMY5BVDMVTF3FBN7HZSOSFOG3Q/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QNJHSSPCKUGJDVXXIXK2JUWCRJDQX7CE/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7FHA4AF6Y6PAVJBTTQPUEHXZQUOF3P/",
+ },
},
-
{
- ID: "CVE-2020-24263",
- Path: "2020/24xxx/CVE-2020-24263.json",
- BlobHash: "4b9a720a4cf4500fc11fae2e4c17449e6bc7df51",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24263",
+ Path: "2020/24xxx/CVE-2020-24263.json",
+ BlobHash: "4b9a720a4cf4500fc11fae2e4c17449e6bc7df51",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/portainer/portainer/issues/4105",
+ },
},
-
{
- ID: "CVE-2020-24264",
- Path: "2020/24xxx/CVE-2020-24264.json",
- BlobHash: "61bfb8376f06cc89f44f5460415debdb2bd47fd2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24264",
+ Path: "2020/24xxx/CVE-2020-24264.json",
+ BlobHash: "61bfb8376f06cc89f44f5460415debdb2bd47fd2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/portainer/portainer/issues/4106",
+ },
},
-
{
- ID: "CVE-2020-24303",
- Path: "2020/24xxx/CVE-2020-24303.json",
- BlobHash: "90f9c4a3f31035200ebc6c2f594dd761a91009d8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24303",
+ Path: "2020/24xxx/CVE-2020-24303.json",
+ BlobHash: "90f9c4a3f31035200ebc6c2f594dd761a91009d8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#710-beta-1-2020-07-01",
+ "https://github.com/grafana/grafana/pull/25401",
+ "https://security.netapp.com/advisory/ntap-20201123-0002/",
+ },
},
-
{
- ID: "CVE-2020-24356",
- Path: "2020/24xxx/CVE-2020-24356.json",
- BlobHash: "e1f9f8f284db6f27fd4b52ec54b25b2a49052e22",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24356",
+ Path: "2020/24xxx/CVE-2020-24356.json",
+ BlobHash: "e1f9f8f284db6f27fd4b52ec54b25b2a49052e22",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cloudflare/cloudflared/security/advisories/GHSA-hgwp-4vp4-qmm2",
+ },
},
-
{
- ID: "CVE-2020-24359",
- Path: "2020/24xxx/CVE-2020-24359.json",
- BlobHash: "575a9c5a5878039671c9baceb3d8de46de7f0e0c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24359",
+ Path: "2020/24xxx/CVE-2020-24359.json",
+ BlobHash: "575a9c5a5878039671c9baceb3d8de46de7f0e0c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/vault-ssh-helper/releases",
+ "https://github.com/hashicorp/vault-ssh-helper/blob/master/CHANGELOG.md#020-august-19-2020",
+ },
},
-
{
- ID: "CVE-2020-24707",
- Path: "2020/24xxx/CVE-2020-24707.json",
- BlobHash: "cafc372f5eae3e28aa11e148374e4823749ac6f0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24707",
+ Path: "2020/24xxx/CVE-2020-24707.json",
+ BlobHash: "cafc372f5eae3e28aa11e148374e4823749ac6f0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://herolab.usd.de/security-advisories/usd-2020-0052/",
+ "https://github.com/gophish/gophish/releases/tag/v0.11.0",
+ "https://github.com/gophish/gophish/commit/b25f5ac5e468f6730e377f43c7995e18f8fccc2b",
+ },
},
-
{
- ID: "CVE-2020-24708",
- Path: "2020/24xxx/CVE-2020-24708.json",
- BlobHash: "f6cb45553b062072c6cf0243995699343c789e7b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24708",
+ Path: "2020/24xxx/CVE-2020-24708.json",
+ BlobHash: "f6cb45553b062072c6cf0243995699343c789e7b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://herolab.usd.de/security-advisories/usd-2020-0048/",
+ "https://github.com/gophish/gophish/commit/90fed5a575628b89eaf941e1627b49e0f3693812",
+ },
},
-
{
- ID: "CVE-2020-24710",
- Path: "2020/24xxx/CVE-2020-24710.json",
- BlobHash: "37cb54072a9dae2cfee50554f5716d3a588a2e28",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24710",
+ Path: "2020/24xxx/CVE-2020-24710.json",
+ BlobHash: "37cb54072a9dae2cfee50554f5716d3a588a2e28",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gophish/gophish/commit/e3352f481e94054ffe08494c9225d3878347b005",
+ "https://herolab.usd.de/security-advisories/usd-2020-0054/",
+ "https://github.com/gophish/gophish/releases/tag/v0.11.0",
+ },
},
-
{
- ID: "CVE-2020-24711",
- Path: "2020/24xxx/CVE-2020-24711.json",
- BlobHash: "4013ba940157a966d1c21672ab6e4d7818764a44",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24711",
+ Path: "2020/24xxx/CVE-2020-24711.json",
+ BlobHash: "4013ba940157a966d1c21672ab6e4d7818764a44",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gophish/gophish/commit/6df62e85fd60f0931d3c8bfdb13b436a961bc9b6",
+ "https://herolab.usd.de/security-advisories/usd-2020-0051/",
+ "https://github.com/gophish/gophish/releases/tag/v0.11.0",
+ },
},
-
{
- ID: "CVE-2020-24712",
- Path: "2020/24xxx/CVE-2020-24712.json",
- BlobHash: "2ba575c2bbebc92e9807e033c1e30b76161c5a06",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-24712",
+ Path: "2020/24xxx/CVE-2020-24712.json",
+ BlobHash: "2ba575c2bbebc92e9807e033c1e30b76161c5a06",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://herolab.usd.de/security-advisories/usd-2020-0050/",
+ "https://github.com/gophish/gophish/commit/4e9b94b641755f359542b246cc0c555fa3bc6715",
+ "https://github.com/gophish/gophish/releases/tag/v0.11.0",
+ },
},
-
{
- ID: "CVE-2020-25017",
- Path: "2020/25xxx/CVE-2020-25017.json",
- BlobHash: "157895fb235bb1aef7aa2f399d9ec89b92a6fe87",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-25017",
+ Path: "2020/25xxx/CVE-2020-25017.json",
+ BlobHash: "157895fb235bb1aef7aa2f399d9ec89b92a6fe87",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!forum/envoy-security-announce",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-2v25-cjjq-5f4w",
+ },
},
-
{
- ID: "CVE-2020-25018",
- Path: "2020/25xxx/CVE-2020-25018.json",
- BlobHash: "3b6b864db078f49506cb0aa00c5ad652c5bd07ff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-25018",
+ Path: "2020/25xxx/CVE-2020-25018.json",
+ BlobHash: "3b6b864db078f49506cb0aa00c5ad652c5bd07ff",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!forum/envoy-security-announce",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-fwwh-fc9w-9673",
+ },
},
-
{
- ID: "CVE-2020-25201",
- Path: "2020/25xxx/CVE-2020-25201.json",
- BlobHash: "5cfc056da2d28378447d8e1b0f528249b754a894",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-25201",
+ Path: "2020/25xxx/CVE-2020-25201.json",
+ BlobHash: "5cfc056da2d28378447d8e1b0f528249b754a894",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/consul",
+ "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020",
+ },
},
-
{
- ID: "CVE-2020-25816",
- Path: "2020/25xxx/CVE-2020-25816.json",
- BlobHash: "b9f2c10124187ed400868b40e08f8371f32ccd09",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-25816",
+ Path: "2020/25xxx/CVE-2020-25816.json",
+ BlobHash: "b9f2c10124187ed400868b40e08f8371f32ccd09",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#154",
+ },
},
-
{
- ID: "CVE-2020-25989",
- Path: "2020/25xxx/CVE-2020-25989.json",
- BlobHash: "1f9bfea839566f63aa9aaef6a175693c6cdd8818",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-25989",
+ Path: "2020/25xxx/CVE-2020-25989.json",
+ BlobHash: "1f9bfea839566f63aa9aaef6a175693c6cdd8818",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://vkas-afk.github.io/vuln-disclosures/",
+ "https://github.com/pritunl/pritunl-client-electron/commit/89f8c997c6f93e724f68f76f7f47f8891d9acc2d",
+ },
},
-
{
- ID: "CVE-2020-26222",
- Path: "2020/26xxx/CVE-2020-26222.json",
- BlobHash: "4e6dedb7c01b71049ec21c0001069ab5b077d3cc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26222",
+ Path: "2020/26xxx/CVE-2020-26222.json",
+ BlobHash: "4e6dedb7c01b71049ec21c0001069ab5b077d3cc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/dependabot/dependabot-core/security/advisories/GHSA-23f7-99jx-m54r",
+ "https://github.com/dependabot/dependabot-core/pull/2727",
+ "https://github.com/dependabot/dependabot-core/commit/e089116abbe284425b976f7920e502b8e83a61b5",
+ },
},
-
{
- ID: "CVE-2020-26240",
- Path: "2020/26xxx/CVE-2020-26240.json",
- BlobHash: "dd264dc92c67f3e2a52b2b0a337dd8de2415f6c5",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26240",
+ Path: "2020/26xxx/CVE-2020-26240.json",
+ BlobHash: "dd264dc92c67f3e2a52b2b0a337dd8de2415f6c5",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://blog.ethereum.org/2020/11/12/geth_security_release/",
+ "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p",
+ "https://github.com/ethereum/go-ethereum/pull/21793",
+ "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0",
+ },
},
-
{
- ID: "CVE-2020-26241",
- Path: "2020/26xxx/CVE-2020-26241.json",
- BlobHash: "70211d0b60bab3fba1120796f7f8051b3ee177a8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26241",
+ Path: "2020/26xxx/CVE-2020-26241.json",
+ BlobHash: "70211d0b60bab3fba1120796f7f8051b3ee177a8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://blog.ethereum.org/2020/11/12/geth_security_release/",
+ "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-69v6-xc2j-r2jf",
+ },
},
-
{
- ID: "CVE-2020-26242",
- Path: "2020/26xxx/CVE-2020-26242.json",
- BlobHash: "8413421d6e4d08facc9ccf302d2b33fe405b8f14",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26242",
+ Path: "2020/26xxx/CVE-2020-26242.json",
+ BlobHash: "8413421d6e4d08facc9ccf302d2b33fe405b8f14",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-jm5c-rv3w-w83m",
+ "https://blog.ethereum.org/2020/11/12/geth_security_release/",
+ },
},
-
{
- ID: "CVE-2020-26265",
- Path: "2020/26xxx/CVE-2020-26265.json",
- BlobHash: "fb9e971c245f7ea0d776d8f1584a25eebdcba04e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26265",
+ Path: "2020/26xxx/CVE-2020-26265.json",
+ BlobHash: "fb9e971c245f7ea0d776d8f1584a25eebdcba04e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4",
+ "https://github.com/ethereum/go-ethereum/releases/tag/v1.9.20",
+ },
},
-
{
- ID: "CVE-2020-26266",
- Path: "2020/26xxx/CVE-2020-26266.json",
- BlobHash: "71c06d936541d40401d37bc626cb652ceec868a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26266",
+ Path: "2020/26xxx/CVE-2020-26266.json",
+ BlobHash: "71c06d936541d40401d37bc626cb652ceec868a4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qhxx-j73r-qpm2",
+ "https://github.com/tensorflow/tensorflow/commit/ace0c15a22f7f054abcc1f53eabbcb0a1239a9e2",
+ },
},
-
{
- ID: "CVE-2020-26267",
- Path: "2020/26xxx/CVE-2020-26267.json",
- BlobHash: "6034efe677705536fb2d23af45620f5af263ad64",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26267",
+ Path: "2020/26xxx/CVE-2020-26267.json",
+ BlobHash: "6034efe677705536fb2d23af45620f5af263ad64",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9f3-9wfr-wgh7",
+ "https://github.com/tensorflow/tensorflow/commit/ebc70b7a592420d3d2f359e4b1694c236b82c7ae",
+ },
},
-
{
- ID: "CVE-2020-26268",
- Path: "2020/26xxx/CVE-2020-26268.json",
- BlobHash: "758ba79802b734983f8a10eb3df449502f0ba4e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26268",
+ Path: "2020/26xxx/CVE-2020-26268.json",
+ BlobHash: "758ba79802b734983f8a10eb3df449502f0ba4e2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hhvc-g5hv-48c6",
+ "https://github.com/tensorflow/tensorflow/commit/c1e1fc899ad5f8c725dcbb6470069890b5060bc7",
+ },
},
-
{
- ID: "CVE-2020-26269",
- Path: "2020/26xxx/CVE-2020-26269.json",
- BlobHash: "85f41f33b7ab4ecc01bcbb33556101f9eec0ab6c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26269",
+ Path: "2020/26xxx/CVE-2020-26269.json",
+ BlobHash: "85f41f33b7ab4ecc01bcbb33556101f9eec0ab6c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9jjw-hf72-3mxw",
+ "https://github.com/tensorflow/tensorflow/commit/8b5b9dc96666a3a5d27fad7179ff215e3b74b67c",
+ },
},
-
{
- ID: "CVE-2020-26270",
- Path: "2020/26xxx/CVE-2020-26270.json",
- BlobHash: "fbef802aec5e97c28eeb07e9aee1f9110ae1e6ea",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26270",
+ Path: "2020/26xxx/CVE-2020-26270.json",
+ BlobHash: "fbef802aec5e97c28eeb07e9aee1f9110ae1e6ea",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m648-33qf-v3gp",
+ "https://github.com/tensorflow/tensorflow/commit/14755416e364f17fb1870882fa778c7fec7f16e3",
+ },
},
-
{
- ID: "CVE-2020-26271",
- Path: "2020/26xxx/CVE-2020-26271.json",
- BlobHash: "3dcf78c8cb6f40cb585155336b39b21df483ce6e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26271",
+ Path: "2020/26xxx/CVE-2020-26271.json",
+ BlobHash: "3dcf78c8cb6f40cb585155336b39b21df483ce6e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q263-fvxm-m5mw",
+ "https://github.com/tensorflow/tensorflow/commit/0cc38aaa4064fd9e79101994ce9872c6d91f816b",
+ },
},
-
{
- ID: "CVE-2020-26276",
- Path: "2020/26xxx/CVE-2020-26276.json",
- BlobHash: "dc65453786272e4661ecf8295279ce7d01ad36e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26276",
+ Path: "2020/26xxx/CVE-2020-26276.json",
+ BlobHash: "dc65453786272e4661ecf8295279ce7d01ad36e2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/fleetdm/fleet/security/advisories/GHSA-w3wf-cfx3-6gcx",
+ "https://github.com/fleetdm/fleet/commit/57812a532e5f749c8e18c6f6a652eca65c083607",
+ "https://github.com/fleetdm/fleet/blob/master/CHANGELOG.md#fleet-351-dec-14-2020",
+ "https://github.com/mattermost/xml-roundtrip-validator",
+ "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities",
+ },
},
-
{
- ID: "CVE-2020-26277",
- Path: "2020/26xxx/CVE-2020-26277.json",
- BlobHash: "b16123a76d209bc0d2832d178c9e86c7d1cf801c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26277",
+ Path: "2020/26xxx/CVE-2020-26277.json",
+ BlobHash: "b16123a76d209bc0d2832d178c9e86c7d1cf801c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/datacharmer/dbdeployer/security/advisories/GHSA-47wr-426j-fr82",
+ "https://github.com/datacharmer/dbdeployer/commit/548e256c1de2f99746e861454e7714ec6bc9bb10",
+ },
},
-
{
- ID: "CVE-2020-26278",
- Path: "2020/26xxx/CVE-2020-26278.json",
- BlobHash: "9026560ef73c0d8c6eadb51b0aa99e880ab6114d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26278",
+ Path: "2020/26xxx/CVE-2020-26278.json",
+ BlobHash: "9026560ef73c0d8c6eadb51b0aa99e880ab6114d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/weaveworks/weave/security/advisories/GHSA-pg3p-v8c6-c6h3",
+ "https://github.com/weaveworks/weave/commit/a0ac81b3b4cae6d0dcaf3732fd91cedefc89f720",
+ "https://github.com/weaveworks/weave/pull/3876",
+ "https://github.com/weaveworks/weave/blob/master/CHANGELOG.md#release-280",
+ },
},
-
{
- ID: "CVE-2020-26279",
- Path: "2020/26xxx/CVE-2020-26279.json",
- BlobHash: "512ba0677a38b40714593813bb912e6d9567522b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26279",
+ Path: "2020/26xxx/CVE-2020-26279.json",
+ BlobHash: "512ba0677a38b40714593813bb912e6d9567522b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g",
+ "https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2",
+ "https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227",
+ },
},
-
{
- ID: "CVE-2020-26283",
- Path: "2020/26xxx/CVE-2020-26283.json",
- BlobHash: "9ea7890fad7ea4c6209896233e5a968cd908b1f1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26283",
+ Path: "2020/26xxx/CVE-2020-26283.json",
+ BlobHash: "9ea7890fad7ea4c6209896233e5a968cd908b1f1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm",
+ "https://github.com/ipfs/go-ipfs/pull/7831",
+ "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a",
+ },
},
-
{
- ID: "CVE-2020-26284",
- Path: "2020/26xxx/CVE-2020-26284.json",
- BlobHash: "98bae0cf7fdeb463685d52b5cc46eeb855d46356",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26284",
+ Path: "2020/26xxx/CVE-2020-26284.json",
+ BlobHash: "98bae0cf7fdeb463685d52b5cc46eeb855d46356",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq",
+ "https://github.com/golang/go/issues/38736",
+ },
},
-
{
- ID: "CVE-2020-26290",
- Path: "2020/26xxx/CVE-2020-26290.json",
- BlobHash: "2ab920db8c88363ff231559d62b621b3fabaff46",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26290",
+ Path: "2020/26xxx/CVE-2020-26290.json",
+ BlobHash: "2ab920db8c88363ff231559d62b621b3fabaff46",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
+ "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
+ "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-attributes.md",
+ "https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/",
+ "https://github.com/dexidp/dex/security/advisories/GHSA-m9hp-7r99-94h5",
+ "https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7",
+ "https://github.com/dexidp/dex/commit/324b1c886b407594196113a3dbddebe38eecd4e8",
+ "https://github.com/dexidp/dex/releases/tag/v2.27.0",
+ },
},
-
{
- ID: "CVE-2020-26294",
- Path: "2020/26xxx/CVE-2020-26294.json",
- BlobHash: "ef140bc7feed35de17a6846477303b646d766e03",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26294",
+ Path: "2020/26xxx/CVE-2020-26294.json",
+ BlobHash: "ef140bc7feed35de17a6846477303b646d766e03",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-vela/compiler/security/advisories/GHSA-gv2h-gf8m-r68j",
+ "https://github.com/go-vela/compiler/commit/f1ace5f8a05c95c4d02264556e38a959ee2d9bda",
+ "https://pkg.go.dev/github.com/go-vela/compiler/compiler",
+ },
},
-
{
- ID: "CVE-2020-26521",
- Path: "2020/26xxx/CVE-2020-26521.json",
- BlobHash: "14607d51110f2f457003dd9f48388df6a06ff587",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26521",
+ Path: "2020/26xxx/CVE-2020-26521.json",
+ BlobHash: "14607d51110f2f457003dd9f48388df6a06ff587",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/nats-io/nats-server/commits/master",
+ "http://www.openwall.com/lists/oss-security/2020/11/02/2",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/",
+ },
},
-
{
- ID: "CVE-2020-26892",
- Path: "2020/26xxx/CVE-2020-26892.json",
- BlobHash: "e7911516f50d1fe0a6074a2b936a2f262e5cf1b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-26892",
+ Path: "2020/26xxx/CVE-2020-26892.json",
+ BlobHash: "e7911516f50d1fe0a6074a2b936a2f262e5cf1b9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/nats-io/nats-server/commits/master",
+ "https://www.openwall.com/lists/oss-security/2020/11/02/2",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VT67XCLIIBYRT762SVFBYFFTQFVSM3SI/",
+ },
},
-
{
- ID: "CVE-2020-27151",
- Path: "2020/27xxx/CVE-2020-27151.json",
- BlobHash: "b877ce39ae927cd03544372226921ac65b9593fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-27151",
+ Path: "2020/27xxx/CVE-2020-27151.json",
+ BlobHash: "b877ce39ae927cd03544372226921ac65b9593fd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugs.launchpad.net/katacontainers.io/+bug/1878234",
+ "https://github.com/kata-containers/runtime/releases/tag/1.12.0",
+ "https://github.com/kata-containers/runtime/releases/tag/1.11.5",
+ "https://github.com/kata-containers/kata-containers/releases/tag/2.0.0",
+ },
},
-
{
- ID: "CVE-2020-27195",
- Path: "2020/27xxx/CVE-2020-27195.json",
- BlobHash: "5662c3da9f2f20260a9e35d8123ea808136a6f9d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-27195",
+ Path: "2020/27xxx/CVE-2020-27195.json",
+ BlobHash: "5662c3da9f2f20260a9e35d8123ea808136a6f9d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.nomadproject.io/downloads",
+ "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0126-october-21-2020",
+ },
},
-
{
- ID: "CVE-2020-27534",
- Path: "2020/27xxx/CVE-2020-27534.json",
- BlobHash: "060af0f2ca30afb26effcb2914e8e2b04ee2ede1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-27534",
+ Path: "2020/27xxx/CVE-2020-27534.json",
+ BlobHash: "060af0f2ca30afb26effcb2914e8e2b04ee2ede1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/buildkit/pull/1462",
+ "https://github.com/moby/moby/pull/40877",
+ "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes/",
+ "https://golang.org/pkg/io/ioutil/#TempDir",
+ "https://golang.org/pkg/os/#TempDir",
+ },
},
-
{
- ID: "CVE-2020-27955",
- Path: "2020/27xxx/CVE-2020-27955.json",
- BlobHash: "12f3e2562af256a69a256d8150824fcf5fbb8aed",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-27955",
+ Path: "2020/27xxx/CVE-2020-27955.json",
+ BlobHash: "12f3e2562af256a69a256d8150824fcf5fbb8aed",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://legalhackers.com",
+ "https://exploitbox.io",
+ "https://github.com/git-lfs/git-lfs/releases",
+ "https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html",
+ "http://seclists.org/fulldisclosure/2020/Nov/1",
+ "http://packetstormsecurity.com/files/159923/git-lfs-Remote-Code-Execution.html",
+ },
},
-
{
- ID: "CVE-2020-28053",
- Path: "2020/28xxx/CVE-2020-28053.json",
- BlobHash: "7db62ac6a3d54fd3f309bf11d3e50585d7824743",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28053",
+ Path: "2020/28xxx/CVE-2020-28053.json",
+ BlobHash: "7db62ac6a3d54fd3f309bf11d3e50585d7824743",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/consul",
+ "https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020",
+ },
},
-
{
- ID: "CVE-2020-28348",
- Path: "2020/28xxx/CVE-2020-28348.json",
- BlobHash: "56ff2fdda5c3c9577be61f5c5800787e61502dde",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28348",
+ Path: "2020/28xxx/CVE-2020-28348.json",
+ BlobHash: "56ff2fdda5c3c9577be61f5c5800787e61502dde",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/nomad/issues/9303",
+ "https://github.com/hashicorp/nomad/blob/master/CHANGELOG.md#0128-november-10-2020",
+ },
},
-
{
- ID: "CVE-2020-28349",
- Path: "2020/28xxx/CVE-2020-28349.json",
- BlobHash: "38ce17799f38d82bc9c424a3c6c7bcecdcd42de3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28349",
+ Path: "2020/28xxx/CVE-2020-28349.json",
+ BlobHash: "38ce17799f38d82bc9c424a3c6c7bcecdcd42de3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/brocaar/chirpstack-network-server/commit/f996bb0c6c85281b5658f59ff09db1b4a73db453",
+ "https://github.com/brocaar/chirpstack-network-server/commit/874fc1a9b01045ebe8a340f0bb01ed19e8256e60",
+ "https://www.cyberark.com/resources/threat-research-blog/lorawan-mqtt-what-to-know-when-securing-your-iot-network",
+ },
},
-
{
- ID: "CVE-2020-28466",
- Path: "2020/28xxx/CVE-2020-28466.json",
- BlobHash: "c0a55f088ed15dc696fd1418cdb1975ef53cd29b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28466",
+ Path: "2020/28xxx/CVE-2020-28466.json",
+ BlobHash: "c0a55f088ed15dc696fd1418cdb1975ef53cd29b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNATSIONATSSERVERSERVER-1042967",
+ "https://github.com/nats-io/nats-server/pull/1731",
+ "http://www.openwall.com/lists/oss-security/2021/03/16/1",
+ "http://www.openwall.com/lists/oss-security/2021/03/16/2",
+ },
},
-
{
- ID: "CVE-2020-28914",
- Path: "2020/28xxx/CVE-2020-28914.json",
- BlobHash: "48df1ceeff9786ddd4ab6046203782c765c0a05e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28914",
+ Path: "2020/28xxx/CVE-2020-28914.json",
+ BlobHash: "48df1ceeff9786ddd4ab6046203782c765c0a05e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kata-containers/kata-containers/pull/1062",
+ "https://github.com/kata-containers/runtime/pull/3042",
+ "https://github.com/kata-containers/runtime/pull/3051",
+ "https://github.com/kata-containers/runtime/releases/tag/1.12.0",
+ "https://github.com/kata-containers/runtime/releases/tag/1.11.5",
+ },
},
-
{
- ID: "CVE-2020-28924",
- Path: "2020/28xxx/CVE-2020-28924.json",
- BlobHash: "a62a46f6a8be3a0b924d00a575eb72eef15dddeb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28924",
+ Path: "2020/28xxx/CVE-2020-28924.json",
+ BlobHash: "a62a46f6a8be3a0b924d00a575eb72eef15dddeb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://rclone.org/downloads/",
+ "https://github.com/rclone/rclone/issues/4783",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJIFT24Q6EFXLQZ24AER2QGFFZLMIPCD/",
+ },
},
-
{
- ID: "CVE-2020-28991",
- Path: "2020/28xxx/CVE-2020-28991.json",
- BlobHash: "7e0fb248094364cd58c023bb7a43e7c0de3ba5df",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-28991",
+ Path: "2020/28xxx/CVE-2020-28991.json",
+ BlobHash: "7e0fb248094364cd58c023bb7a43e7c0de3ba5df",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/13525",
+ "https://github.com/go-gitea/gitea/releases/tag/v1.12.6",
+ },
},
-
{
ID: "CVE-2020-29243",
Path: "2020/29xxx/CVE-2020-29243.json",
BlobHash: "9d858baedef0166d0f7a6a9ce17e7d74968f103d",
CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "covered by GO-2021-0097",
+ TriageState: "HasVuln",
+ TriageStateReason: "GO-2021-0097",
},
-
{
ID: "CVE-2020-29244",
Path: "2020/29xxx/CVE-2020-29244.json",
BlobHash: "a026e8fb7d2e485604f3ce6668e8cb6b30073df1",
CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "covered by GO-2021-0097",
+ TriageState: "HasVuln",
+ TriageStateReason: "GO-2021-0097",
},
-
{
ID: "CVE-2020-29245",
Path: "2020/29xxx/CVE-2020-29245.json",
BlobHash: "b3681813bc67a3ccab7454290f5c2cd4083868c8",
CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "covered by GO-2021-0097",
+ TriageState: "HasVuln",
+ TriageStateReason: "GO-2021-0097",
},
-
{
- ID: "CVE-2020-29510",
- Path: "2020/29xxx/CVE-2020-29510.json",
- BlobHash: "2ce59f158faad4fbc86a583cf1131ef7d3e094ab",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-29510",
+ Path: "2020/29xxx/CVE-2020-29510.json",
+ BlobHash: "2ce59f158faad4fbc86a583cf1131ef7d3e094ab",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md",
+ "https://security.netapp.com/advisory/ntap-20210129-0006/",
+ },
},
-
{
- ID: "CVE-2020-29511",
- Path: "2020/29xxx/CVE-2020-29511.json",
- BlobHash: "eca8fc190c7d851bb56638a547f8804f48cc8c5f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-29511",
+ Path: "2020/29xxx/CVE-2020-29511.json",
+ BlobHash: "eca8fc190c7d851bb56638a547f8804f48cc8c5f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-elements.md",
+ "https://security.netapp.com/advisory/ntap-20210129-0006/",
+ },
},
-
{
- ID: "CVE-2020-29662",
- Path: "2020/29xxx/CVE-2020-29662.json",
- BlobHash: "6d64ebca8fe685276dba327d73690016907bc8e3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-29662",
+ Path: "2020/29xxx/CVE-2020-29662.json",
+ BlobHash: "6d64ebca8fe685276dba327d73690016907bc8e3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/goharbor/harbor/security/advisories/GHSA-38r5-34mr-mvm7",
+ },
},
-
{
- ID: "CVE-2020-35137",
- Path: "2020/35xxx/CVE-2020-35137.json",
- BlobHash: "cb400a4dfb8408ca20df47336d3dbdb7cbc259fd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35137",
+ Path: "2020/35xxx/CVE-2020-35137.json",
+ BlobHash: "cb400a4dfb8408ca20df47336d3dbdb7cbc259fd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US",
+ "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
+ "https://github.com/optiv/rustyIron",
+ },
},
-
{
- ID: "CVE-2020-35138",
- Path: "2020/35xxx/CVE-2020-35138.json",
- BlobHash: "f26259101699d38848e61ed9cc9b956ae6788e92",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35138",
+ Path: "2020/35xxx/CVE-2020-35138.json",
+ BlobHash: "f26259101699d38848e61ed9cc9b956ae6788e92",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://play.google.com/store/apps/details?id=com.mobileiron&hl=en_US&gl=US",
+ "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
+ "https://github.com/optiv/rustyIron",
+ },
},
-
{
- ID: "CVE-2020-35177",
- Path: "2020/35xxx/CVE-2020-35177.json",
- BlobHash: "bbc0f5f57cd18b395d27eec0fcb4b3caf1d094ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35177",
+ Path: "2020/35xxx/CVE-2020-35177.json",
+ BlobHash: "bbc0f5f57cd18b395d27eec0fcb4b3caf1d094ac",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
+ "https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984",
+ },
},
-
{
- ID: "CVE-2020-35453",
- Path: "2020/35xxx/CVE-2020-35453.json",
- BlobHash: "54e12d4f10d80f858cc9495d0bcffd14dc988006",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35453",
+ Path: "2020/35xxx/CVE-2020-35453.json",
+ BlobHash: "54e12d4f10d80f858cc9495d0bcffd14dc988006",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161",
+ "https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983",
+ },
},
-
{
- ID: "CVE-2020-35470",
- Path: "2020/35xxx/CVE-2020-35470.json",
- BlobHash: "b7f8e4eec6825f7f152847aeeaed65b6cd43896c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35470",
+ Path: "2020/35xxx/CVE-2020-35470.json",
+ BlobHash: "b7f8e4eec6825f7f152847aeeaed65b6cd43896c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/issues/14087",
+ "https://github.com/envoyproxy/envoy/pull/14131",
+ "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
+ },
},
-
{
- ID: "CVE-2020-35471",
- Path: "2020/35xxx/CVE-2020-35471.json",
- BlobHash: "ead021f3bfe67c6bbedba9a99f4616a7b580a41c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-35471",
+ Path: "2020/35xxx/CVE-2020-35471.json",
+ BlobHash: "ead021f3bfe67c6bbedba9a99f4616a7b580a41c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/compare/v1.16.0...v1.16.1",
+ "https://github.com/envoyproxy/envoy/issues/14113",
+ "https://github.com/envoyproxy/envoy/pull/14122",
+ },
},
-
{
- ID: "CVE-2020-36066",
- Path: "2020/36xxx/CVE-2020-36066.json",
- BlobHash: "0fb58953eb66d8730856107ab395e845f2a59d15",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-36066",
+ Path: "2020/36xxx/CVE-2020-36066.json",
+ BlobHash: "0fb58953eb66d8730856107ab395e845f2a59d15",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tidwall/gjson/issues/195",
+ },
},
-
{
- ID: "CVE-2020-3996",
- Path: "2020/3xxx/CVE-2020-3996.json",
- BlobHash: "08041a31a48cd05b1378c05bd3348b71c0714010",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-3996",
+ Path: "2020/3xxx/CVE-2020-3996.json",
+ BlobHash: "08041a31a48cd05b1378c05bd3348b71c0714010",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/vmware-tanzu/velero/security/advisories/GHSA-72xg-3mcq-52v4",
+ },
},
-
{
- ID: "CVE-2020-4037",
- Path: "2020/4xxx/CVE-2020-4037.json",
- BlobHash: "5ea639ff7409d1b593eabbea5920d5c293596239",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-4037",
+ Path: "2020/4xxx/CVE-2020-4037.json",
+ BlobHash: "5ea639ff7409d1b593eabbea5920d5c293596239",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-5m6c-jp6f-2vcv",
+ "https://github.com/oauth2-proxy/oauth2-proxy/commit/ee5662e0f5001d76ec76562bb605abbd07c266a2",
+ },
},
-
{
- ID: "CVE-2020-4053",
- Path: "2020/4xxx/CVE-2020-4053.json",
- BlobHash: "5f92c559cc9d64ddbb923d7b83c99e6a9082cf96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-4053",
+ Path: "2020/4xxx/CVE-2020-4053.json",
+ BlobHash: "5f92c559cc9d64ddbb923d7b83c99e6a9082cf96",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-qq3j-xp49-j73f",
+ "https://github.com/helm/helm/commit/0ad800ef43d3b826f31a5ad8dfbb4fe05d143688",
+ "https://github.com/helm/helm/releases/tag/v3.2.4",
+ },
},
-
{
- ID: "CVE-2020-5215",
- Path: "2020/5xxx/CVE-2020-5215.json",
- BlobHash: "21bd7f3fc3bc78cc6af900157836ba3aec7327e8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5215",
+ Path: "2020/5xxx/CVE-2020-5215.json",
+ BlobHash: "21bd7f3fc3bc78cc6af900157836ba3aec7327e8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-977j-xj7q-2jr9",
+ "https://github.com/tensorflow/tensorflow/commit/5ac1b9e24ff6afc465756edf845d2e9660bd34bf",
+ "https://github.com/tensorflow/tensorflow/releases/tag/v1.15.2",
+ "https://github.com/tensorflow/tensorflow/releases/tag/v2.0.1",
+ },
},
-
{
- ID: "CVE-2020-5233",
- Path: "2020/5xxx/CVE-2020-5233.json",
- BlobHash: "c9c511656cdfb0d8e1d4c4698c639e0d0e428c94",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5233",
+ Path: "2020/5xxx/CVE-2020-5233.json",
+ BlobHash: "c9c511656cdfb0d8e1d4c4698c639e0d0e428c94",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/pusher/oauth2_proxy/security/advisories/GHSA-qqxw-m5fj-f7gv",
+ "https://github.com/pusher/oauth2_proxy/commit/a316f8a06f3c0ca2b5fc5fa18a91781b313607b2",
+ "https://github.com/pusher/oauth2_proxy/releases/tag/v5.0.0",
+ },
},
-
{
- ID: "CVE-2020-5260",
- Path: "2020/5xxx/CVE-2020-5260.json",
- BlobHash: "fa891ab947bd850d7f63ffa253cc7d2c2d16a348",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5260",
+ Path: "2020/5xxx/CVE-2020-5260.json",
+ BlobHash: "fa891ab947bd850d7f63ffa253cc7d2c2d16a348",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q",
+ "https://github.com/git/git/commit/9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b",
+ "https://lore.kernel.org/git/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/",
+ "https://www.debian.org/security/2020/dsa-4657",
+ "https://lists.debian.org/debian-lts-announce/2020/04/msg00010.html",
+ "http://www.openwall.com/lists/oss-security/2020/04/15/5",
+ "http://packetstormsecurity.com/files/157250/Git-Credential-Helper-Protocol-Newline-Injection.html",
+ "http://www.openwall.com/lists/oss-security/2020/04/15/6",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00027.html",
+ "https://support.apple.com/kb/HT211141",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XPCEOIFLLEF24L6GLVJVFZX4CREDEHDF/",
+ "http://www.openwall.com/lists/oss-security/2020/04/20/1",
+ "https://security.gentoo.org/glsa/202004-13",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7TVS5UG6JD3MYIGSBKMIOS6AF7CR5IPI/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PN3FUOXKX3AXTULYV53ACABER2W2FSOU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MOCTR2SEHCPSCOVUQJAGFPGKFMI2VE6V/",
+ "https://usn.ubuntu.com/4329-1/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/74Q7WVJ6FKLIN62VS2JD2XCNWK5TNKOW/",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html",
+ },
},
-
{
- ID: "CVE-2020-5300",
- Path: "2020/5xxx/CVE-2020-5300.json",
- BlobHash: "2804f2fbaa0be107dfd335b3149b46d324f82a3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5300",
+ Path: "2020/5xxx/CVE-2020-5300.json",
+ BlobHash: "2804f2fbaa0be107dfd335b3149b46d324f82a3a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ory/hydra/security/advisories/GHSA-3p3g-vpw6-4w66",
+ "https://github.com/ory/hydra/commit/700d17d3b7d507de1b1d459a7261d6fb2571ebe3",
+ "https://github.com/ory/hydra/releases/tag/v1.4.0",
+ },
},
-
{
- ID: "CVE-2020-5303",
- Path: "2020/5xxx/CVE-2020-5303.json",
- BlobHash: "b7c94fac03cbe007acc270ed36c755c6edbf329d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5303",
+ Path: "2020/5xxx/CVE-2020-5303.json",
+ BlobHash: "b7c94fac03cbe007acc270ed36c755c6edbf329d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tendermint/tendermint/security/advisories/GHSA-v24h-pjjv-mcp6",
+ "https://hackerone.com/reports/820317",
+ "https://github.com/tendermint/tendermint/commit/e2d6859afd7dba4cf97c7f7d412e7d8fc908d1cd",
+ },
},
-
{
- ID: "CVE-2020-5415",
- Path: "2020/5xxx/CVE-2020-5415.json",
- BlobHash: "95efec6f658a6b0ba8538d897802ddb37d6fc77e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-5415",
+ Path: "2020/5xxx/CVE-2020-5415.json",
+ BlobHash: "95efec6f658a6b0ba8538d897802ddb37d6fc77e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/concourse/concourse/security/advisories/GHSA-627p-rr78-99rj",
+ "https://tanzu.vmware.com/security/cve-2020-5415",
+ },
},
-
{
- ID: "CVE-2020-6016",
- Path: "2020/6xxx/CVE-2020-6016.json",
- BlobHash: "5c4c115c626c0fceebb52092447bb1b133f3b0dc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-6016",
+ Path: "2020/6xxx/CVE-2020-6016.json",
+ BlobHash: "5c4c115c626c0fceebb52092447bb1b133f3b0dc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43",
+ "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
+ },
},
-
{
- ID: "CVE-2020-6017",
- Path: "2020/6xxx/CVE-2020-6017.json",
- BlobHash: "b0f37ea09fbfcb3024b2f02889f3145ffb16198b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-6017",
+ Path: "2020/6xxx/CVE-2020-6017.json",
+ BlobHash: "b0f37ea09fbfcb3024b2f02889f3145ffb16198b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43",
+ "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
+ },
},
-
{
- ID: "CVE-2020-6018",
- Path: "2020/6xxx/CVE-2020-6018.json",
- BlobHash: "580bdc2d931b6585f36933c58a8abf5f42c491fa",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-6018",
+ Path: "2020/6xxx/CVE-2020-6018.json",
+ BlobHash: "580bdc2d931b6585f36933c58a8abf5f42c491fa",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3",
+ "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
+ },
},
-
{
- ID: "CVE-2020-6019",
- Path: "2020/6xxx/CVE-2020-6019.json",
- BlobHash: "ab652b1e325affd6b88afcdea2ed653154102cff",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-6019",
+ Path: "2020/6xxx/CVE-2020-6019.json",
+ BlobHash: "ab652b1e325affd6b88afcdea2ed653154102cff",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678",
+ "https://research.checkpoint.com/2020/game-on-finding-vulnerabilities-in-valves-steam-sockets/",
+ },
},
-
{
- ID: "CVE-2020-7218",
- Path: "2020/7xxx/CVE-2020-7218.json",
- BlobHash: "bd2d1e359653c01e1ab818d1cb726631146636fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7218",
+ Path: "2020/7xxx/CVE-2020-7218.json",
+ BlobHash: "bd2d1e359653c01e1ab818d1cb726631146636fb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/nomad/",
+ "https://github.com/hashicorp/nomad/issues/7002",
+ },
},
-
{
- ID: "CVE-2020-7219",
- Path: "2020/7xxx/CVE-2020-7219.json",
- BlobHash: "8d5c10c0ed8d5c77da30e575f78c42c8bd95877d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7219",
+ Path: "2020/7xxx/CVE-2020-7219.json",
+ BlobHash: "8d5c10c0ed8d5c77da30e575f78c42c8bd95877d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/consul/",
+ "https://github.com/hashicorp/consul/issues/7159",
+ },
},
-
{
- ID: "CVE-2020-7220",
- Path: "2020/7xxx/CVE-2020-7220.json",
- BlobHash: "f66a4007b9c793f2bd539d184417a729ff9ba48d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7220",
+ Path: "2020/7xxx/CVE-2020-7220.json",
+ BlobHash: "f66a4007b9c793f2bd539d184417a729ff9ba48d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/vault/",
+ "https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#132-january-22nd-2020",
+ },
},
-
{
- ID: "CVE-2020-7665",
- Path: "2020/7xxx/CVE-2020-7665.json",
- BlobHash: "30a2a295432bb889b6d5c8e0a24dc350679c7ffc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7665",
+ Path: "2020/7xxx/CVE-2020-7665.json",
+ BlobHash: "30a2a295432bb889b6d5c8e0a24dc350679c7ffc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGUZIP-570441",
+ "https://github.com/u-root/u-root/pull/1817",
+ },
},
-
{
- ID: "CVE-2020-7666",
- Path: "2020/7xxx/CVE-2020-7666.json",
- BlobHash: "2a020b03156e3b81a07beb40cdbfd2f6a9ad3da7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7666",
+ Path: "2020/7xxx/CVE-2020-7666.json",
+ BlobHash: "2a020b03156e3b81a07beb40cdbfd2f6a9ad3da7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/u-root/u-root/pull/1817",
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGCPIO-570440",
+ },
},
-
{
- ID: "CVE-2020-7669",
- Path: "2020/7xxx/CVE-2020-7669.json",
- BlobHash: "31d1031eb41e7a4b1d10ad12ab96dd32e07f2b51",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7669",
+ Path: "2020/7xxx/CVE-2020-7669.json",
+ BlobHash: "31d1031eb41e7a4b1d10ad12ab96dd32e07f2b51",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/u-root/u-root/pull/1817",
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUROOTUROOTPKGTARUTIL-570428",
+ },
},
-
{
- ID: "CVE-2020-7955",
- Path: "2020/7xxx/CVE-2020-7955.json",
- BlobHash: "e13d278b5274372bf45362bb2c501689443de7ac",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7955",
+ Path: "2020/7xxx/CVE-2020-7955.json",
+ BlobHash: "e13d278b5274372bf45362bb2c501689443de7ac",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/consul/",
+ "https://github.com/hashicorp/consul/issues/7160",
+ },
},
-
{
- ID: "CVE-2020-7956",
- Path: "2020/7xxx/CVE-2020-7956.json",
- BlobHash: "5bd4768bbc32b3cf56ebd583d10e05fb2dd502a4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-7956",
+ Path: "2020/7xxx/CVE-2020-7956.json",
+ BlobHash: "5bd4768bbc32b3cf56ebd583d10e05fb2dd502a4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.hashicorp.com/blog/category/nomad/",
+ "https://github.com/hashicorp/nomad/issues/7003",
+ },
},
-
{
- ID: "CVE-2020-8551",
- Path: "2020/8xxx/CVE-2020-8551.json",
- BlobHash: "09ec4b0e62e1459c63bec75d9ec11f827f1a0156",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8551",
+ Path: "2020/8xxx/CVE-2020-8551.json",
+ BlobHash: "09ec4b0e62e1459c63bec75d9ec11f827f1a0156",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/89377",
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
+ "https://security.netapp.com/advisory/ntap-20200413-0003/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
+ },
},
-
{
- ID: "CVE-2020-8552",
- Path: "2020/8xxx/CVE-2020-8552.json",
- BlobHash: "0982590ec0d255381877b1e5b9bb7c068303cd08",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8552",
+ Path: "2020/8xxx/CVE-2020-8552.json",
+ BlobHash: "0982590ec0d255381877b1e5b9bb7c068303cd08",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/forum/#!topic/kubernetes-security-announce/2UOlsba2g0s",
+ "https://github.com/kubernetes/kubernetes/issues/89378",
+ "https://security.netapp.com/advisory/ntap-20200413-0003/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
+ },
},
-
{
- ID: "CVE-2020-8553",
- Path: "2020/8xxx/CVE-2020-8553.json",
- BlobHash: "7a2e4a618c0752663f3226bd1fc449e1ff7b7466",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8553",
+ Path: "2020/8xxx/CVE-2020-8553.json",
+ BlobHash: "7a2e4a618c0752663f3226bd1fc449e1ff7b7466",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/ingress-nginx/issues/5126",
+ },
},
-
{
- ID: "CVE-2020-8554",
- Path: "2020/8xxx/CVE-2020-8554.json",
- BlobHash: "e58456be0269d61b3b3993e128541e03877e05b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8554",
+ Path: "2020/8xxx/CVE-2020-8554.json",
+ BlobHash: "e58456be0269d61b3b3993e128541e03877e05b4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/g/kubernetes-security-announce/c/iZWsF9nbKE8",
+ "https://github.com/kubernetes/kubernetes/issues/97076",
+ "https://lists.apache.org/thread.html/rcafa485d63550657f068775801aeb706b7a07140a8ebbdef822b3bb3@%3Ccommits.druid.apache.org%3E",
+ "https://lists.apache.org/thread.html/r0c76b3d0be348f788cd947054141de0229af00c540564711e828fd40@%3Ccommits.druid.apache.org%3E",
+ "https://lists.apache.org/thread.html/rdb223e1b82e3d7d8e4eaddce8dd1ab87252e3935cc41c859f49767b6@%3Ccommits.druid.apache.org%3E",
+ "https://lists.apache.org/thread.html/r1975078e44d96f2a199aa90aa874b57a202eaf7f25f2fde6d1c44942@%3Ccommits.druid.apache.org%3E",
+ },
},
-
{
- ID: "CVE-2020-8555",
- Path: "2020/8xxx/CVE-2020-8555.json",
- BlobHash: "ffdef13b994f7ecc3e5ae844e868c5eade0ec3e7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8555",
+ Path: "2020/8xxx/CVE-2020-8555.json",
+ BlobHash: "ffdef13b994f7ecc3e5ae844e868c5eade0ec3e7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.openwall.com/lists/oss-security/2020/06/01/4",
+ "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion",
+ "https://github.com/kubernetes/kubernetes/issues/91542",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX/",
+ "https://security.netapp.com/advisory/ntap-20200724-0005/",
+ },
},
-
{
- ID: "CVE-2020-8557",
- Path: "2020/8xxx/CVE-2020-8557.json",
- BlobHash: "3c46c71bf16eb4e152d2b39490d1954c65d0159e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8557",
+ Path: "2020/8xxx/CVE-2020-8557.json",
+ BlobHash: "3c46c71bf16eb4e152d2b39490d1954c65d0159e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/93032",
+ "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ",
+ "https://security.netapp.com/advisory/ntap-20200821-0002/",
+ },
},
-
{
- ID: "CVE-2020-8558",
- Path: "2020/8xxx/CVE-2020-8558.json",
- BlobHash: "4c416416b21504042574609fff1d379779d4600d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8558",
+ Path: "2020/8xxx/CVE-2020-8558.json",
+ BlobHash: "4c416416b21504042574609fff1d379779d4600d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/92315",
+ "https://groups.google.com/g/kubernetes-announce/c/sI4KmlH3S2I/m/TljjxOBvBQAJ",
+ "https://security.netapp.com/advisory/ntap-20200821-0001/",
+ },
},
-
{
- ID: "CVE-2020-8559",
- Path: "2020/8xxx/CVE-2020-8559.json",
- BlobHash: "603bddd77f4f116b070972262cbf19faf6c893f7",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8559",
+ Path: "2020/8xxx/CVE-2020-8559.json",
+ BlobHash: "603bddd77f4f116b070972262cbf19faf6c893f7",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/d/msg/kubernetes-security-announce/JAIGG5yNROs/19nHQ5wkBwAJ",
+ "https://github.com/kubernetes/kubernetes/issues/92914",
+ "https://security.netapp.com/advisory/ntap-20200810-0004/",
+ },
},
-
{
- ID: "CVE-2020-8563",
- Path: "2020/8xxx/CVE-2020-8563.json",
- BlobHash: "1ba7a7715ba9b749e94cc5b2eb0048b52e7d1011",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8563",
+ Path: "2020/8xxx/CVE-2020-8563.json",
+ BlobHash: "1ba7a7715ba9b749e94cc5b2eb0048b52e7d1011",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/kubernetes/kubernetes/issues/95621",
+ "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ",
+ "https://security.netapp.com/advisory/ntap-20210122-0006/",
+ },
},
-
{
- ID: "CVE-2020-8566",
- Path: "2020/8xxx/CVE-2020-8566.json",
- BlobHash: "c5e81c9e5a057e9840a14221d3df018be34e3b32",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8566",
+ Path: "2020/8xxx/CVE-2020-8566.json",
+ BlobHash: "c5e81c9e5a057e9840a14221d3df018be34e3b32",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/g/kubernetes-security-discuss/c/vm-HcrFUOCs/m/36utxAM5CwAJ",
+ "https://github.com/kubernetes/kubernetes/issues/95624",
+ "https://security.netapp.com/advisory/ntap-20210122-0006/",
+ },
},
-
{
- ID: "CVE-2020-8569",
- Path: "2020/8xxx/CVE-2020-8569.json",
- BlobHash: "5f0759887fb13de6d35b124c55bc2eabacbf00c8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8569",
+ Path: "2020/8xxx/CVE-2020-8569.json",
+ BlobHash: "5f0759887fb13de6d35b124c55bc2eabacbf00c8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://groups.google.com/g/kubernetes-security-announce/c/1EzCr1qUxxU",
+ "https://github.com/kubernetes-csi/external-snapshotter/issues/380",
+ },
},
-
{
- ID: "CVE-2020-8595",
- Path: "2020/8xxx/CVE-2020-8595.json",
- BlobHash: "6071d2ddeaf2d2d89ed12edc7a5de18009f7fc17",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8595",
+ Path: "2020/8xxx/CVE-2020-8595.json",
+ BlobHash: "6071d2ddeaf2d2d89ed12edc7a5de18009f7fc17",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/istio/istio/commits/master",
+ "https://istio.io/news/security/",
+ "https://access.redhat.com/errata/RHSA-2020:0477",
+ "https://access.redhat.com/security/cve/cve-2020-8595",
+ "https://istio.io/news/security/istio-security-2020-001/",
+ "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-8595",
+ },
},
-
{
- ID: "CVE-2020-8659",
- Path: "2020/8xxx/CVE-2020-8659.json",
- BlobHash: "b0dc65fdeb534c984ec215f2f4327eab9c2ae3db",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8659",
+ Path: "2020/8xxx/CVE-2020-8659.json",
+ BlobHash: "b0dc65fdeb534c984ec215f2f4327eab9c2ae3db",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jwcm-4pwp-c2qv",
+ "https://access.redhat.com/errata/RHSA-2020:0734",
+ },
},
-
{
- ID: "CVE-2020-8660",
- Path: "2020/8xxx/CVE-2020-8660.json",
- BlobHash: "acddebf5b2fc96e6a2f4a3e0fad2421f0657275b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8660",
+ Path: "2020/8xxx/CVE-2020-8660.json",
+ BlobHash: "acddebf5b2fc96e6a2f4a3e0fad2421f0657275b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-c4g8-7grc-5wvx",
+ "https://access.redhat.com/errata/RHSA-2020:0734",
+ },
},
-
{
- ID: "CVE-2020-8661",
- Path: "2020/8xxx/CVE-2020-8661.json",
- BlobHash: "14e31e81f1b7bf25da58aaf52bc420301fa3bda9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8661",
+ Path: "2020/8xxx/CVE-2020-8661.json",
+ BlobHash: "14e31e81f1b7bf25da58aaf52bc420301fa3bda9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-36cq-ww7h-p4j7",
+ "https://access.redhat.com/errata/RHSA-2020:0734",
+ },
},
-
{
- ID: "CVE-2020-8663",
- Path: "2020/8xxx/CVE-2020-8663.json",
- BlobHash: "1aa92bbeb6c1f17c2c5475fb42bc4a3bbcdbb6f0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8663",
+ Path: "2020/8xxx/CVE-2020-8663.json",
+ BlobHash: "1aa92bbeb6c1f17c2c5475fb42bc4a3bbcdbb6f0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-v8q7-fq78-4997",
+ },
},
-
{
- ID: "CVE-2020-8664",
- Path: "2020/8xxx/CVE-2020-8664.json",
- BlobHash: "85aeb8e32d460e381a7464d2daadd6bb84a64875",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8664",
+ Path: "2020/8xxx/CVE-2020-8664.json",
+ BlobHash: "85aeb8e32d460e381a7464d2daadd6bb84a64875",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.envoyproxy.io/docs/envoy/v1.13.1/intro/version_history",
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-3x9m-pgmg-xpx8",
+ "https://access.redhat.com/errata/RHSA-2020:0734",
+ },
},
-
{
- ID: "CVE-2020-8826",
- Path: "2020/8xxx/CVE-2020-8826.json",
- BlobHash: "62b21aea4341b73f8faf0ad7961ceb31958fb441",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8826",
+ Path: "2020/8xxx/CVE-2020-8826.json",
+ BlobHash: "62b21aea4341b73f8faf0ad7961ceb31958fb441",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo/releases",
+ "https://www.soluble.ai/blog/argo-cves-2020",
+ "https://argoproj.github.io/argo-cd/security_considerations/",
+ },
},
-
{
- ID: "CVE-2020-8827",
- Path: "2020/8xxx/CVE-2020-8827.json",
- BlobHash: "b0c1ff33bfdd649b6987e035775afcf826972a36",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8827",
+ Path: "2020/8xxx/CVE-2020-8827.json",
+ BlobHash: "b0c1ff33bfdd649b6987e035775afcf826972a36",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo/releases",
+ "https://www.soluble.ai/blog/argo-cves-2020",
+ "https://argoproj.github.io/argo-cd/security_considerations/",
+ "https://argoproj.github.io/argo-cd/operator-manual/user-management/#disable-admin-user",
+ },
},
-
{
- ID: "CVE-2020-8828",
- Path: "2020/8xxx/CVE-2020-8828.json",
- BlobHash: "21fe5b894a68ece2ed54cc4c6497129f02c0b5b0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8828",
+ Path: "2020/8xxx/CVE-2020-8828.json",
+ BlobHash: "21fe5b894a68ece2ed54cc4c6497129f02c0b5b0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo/releases",
+ "https://www.soluble.ai/blog/argo-cves-2020",
+ "https://argoproj.github.io/argo-cd/security_considerations/",
+ },
},
-
{
- ID: "CVE-2020-8843",
- Path: "2020/8xxx/CVE-2020-8843.json",
- BlobHash: "7266cfa62b86bdb3fa3967b3b1383aed8f77f204",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8843",
+ Path: "2020/8xxx/CVE-2020-8843.json",
+ BlobHash: "7266cfa62b86bdb3fa3967b3b1383aed8f77f204",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/istio/istio/commits/master",
+ "https://istio.io/news/security/",
+ "https://istio.io/news/security/istio-security-2020-002/",
+ },
},
-
{
- ID: "CVE-2020-8927",
- Path: "2020/8xxx/CVE-2020-8927.json",
- BlobHash: "a74b79d653c28d5411481b759920e926d3f116fb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8927",
+ Path: "2020/8xxx/CVE-2020-8927.json",
+ BlobHash: "a74b79d653c28d5411481b759920e926d3f116fb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/google/brotli/releases/tag/v1.0.9",
+ "http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/",
+ "https://usn.ubuntu.com/4568-1/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/",
+ "https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html",
+ "https://www.debian.org/security/2020/dsa-4801",
+ },
},
-
{
- ID: "CVE-2020-8929",
- Path: "2020/8xxx/CVE-2020-8929.json",
- BlobHash: "6687103ed33ba44db734d45dc9bf83a6755bdbfd",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-8929",
+ Path: "2020/8xxx/CVE-2020-8929.json",
+ BlobHash: "6687103ed33ba44db734d45dc9bf83a6755bdbfd",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/google/tink/commit/93d839a5865b9d950dffdc9d0bc99b71280a8899",
+ "https://github.com/google/tink/security/advisories/GHSA-g5vf-v6wf-7w2r",
+ },
},
-
{
- ID: "CVE-2020-9321",
- Path: "2020/9xxx/CVE-2020-9321.json",
- BlobHash: "7dd986987adca8f06cae07dbb79ffad46e10f31c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-9321",
+ Path: "2020/9xxx/CVE-2020-9321.json",
+ BlobHash: "7dd986987adca8f06cae07dbb79ffad46e10f31c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containous/traefik/pull/6281",
+ "https://github.com/containous/traefik/releases/tag/v2.1.4",
+ },
},
-
{
- ID: "CVE-2020-9329",
- Path: "2020/9xxx/CVE-2020-9329.json",
- BlobHash: "77443824e256f2f79f659817791d65215d19cc72",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2020-9329",
+ Path: "2020/9xxx/CVE-2020-9329.json",
+ BlobHash: "77443824e256f2f79f659817791d65215d19cc72",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/gogs/gogs/issues/5926",
+ },
},
-
{
- ID: "CVE-2021-20198",
- Path: "2021/20xxx/CVE-2021-20198.json",
- BlobHash: "36f39b7dec6ed1972bb53296ee4ead1810c35b04",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-20198",
+ Path: "2021/20xxx/CVE-2021-20198.json",
+ BlobHash: "36f39b7dec6ed1972bb53296ee4ead1810c35b04",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1920764",
+ },
},
-
{
- ID: "CVE-2021-20199",
- Path: "2021/20xxx/CVE-2021-20199.json",
- BlobHash: "036706579ffcc0f5251f5fe77e2b1497e13fa85b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-20199",
+ Path: "2021/20xxx/CVE-2021-20199.json",
+ BlobHash: "036706579ffcc0f5251f5fe77e2b1497e13fa85b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1919050",
+ "https://github.com/containers/podman/issues/5138",
+ "https://github.com/rootless-containers/rootlesskit/pull/206",
+ "https://github.com/containers/podman/pull/9052",
+ },
},
-
{
- ID: "CVE-2021-20218",
- Path: "2021/20xxx/CVE-2021-20218.json",
- BlobHash: "41e4faa44f343eac8722b74e31baee7f9a3b6f87",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-20218",
+ Path: "2021/20xxx/CVE-2021-20218.json",
+ BlobHash: "41e4faa44f343eac8722b74e31baee7f9a3b6f87",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1923405",
+ "https://github.com/fabric8io/kubernetes-client/issues/2715",
+ },
},
-
{
- ID: "CVE-2021-20291",
- Path: "2021/20xxx/CVE-2021-20291.json",
- BlobHash: "50e725a2db767f452cefbf2eb01028a24fa5603f",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-20291",
+ Path: "2021/20xxx/CVE-2021-20291.json",
+ BlobHash: "50e725a2db767f452cefbf2eb01028a24fa5603f",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1939485",
+ },
},
-
{
- ID: "CVE-2021-21271",
- Path: "2021/21xxx/CVE-2021-21271.json",
- BlobHash: "978caf2547d11f0b49d2089bb10582324287eb96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21271",
+ Path: "2021/21xxx/CVE-2021-21271.json",
+ BlobHash: "978caf2547d11f0b49d2089bb10582324287eb96",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/tendermint/tendermint/security/advisories/GHSA-p658-8693-mhvg",
+ "https://github.com/tendermint/tendermint/blob/v0.34.3/CHANGELOG.md#v0.34.3",
+ "https://github.com/tendermint/tendermint/commit/a2a6852ab99e4a0f9e79f0ea8c1726e262e25c76",
+ },
},
-
{
- ID: "CVE-2021-21284",
- Path: "2021/21xxx/CVE-2021-21284.json",
- BlobHash: "30c62672c6ef54c5784409a23208fc40197b4f49",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21284",
+ Path: "2021/21xxx/CVE-2021-21284.json",
+ BlobHash: "30c62672c6ef54c5784409a23208fc40197b4f49",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://docs.docker.com/engine/release-notes/#20103",
+ "https://github.com/moby/moby/releases/tag/v20.10.3",
+ "https://github.com/moby/moby/releases/tag/v19.03.15",
+ "https://github.com/moby/moby/security/advisories/GHSA-7452-xqpj-6rpc",
+ "https://github.com/moby/moby/commit/64bd4485b3a66a597c02c95f5776395e540b2c7c",
+ "https://security.netapp.com/advisory/ntap-20210226-0005/",
+ "https://www.debian.org/security/2021/dsa-4865",
+ },
},
-
{
- ID: "CVE-2021-21285",
- Path: "2021/21xxx/CVE-2021-21285.json",
- BlobHash: "86f5c8e875762d39fc91eadd1f304afcf3d5dcf3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21285",
+ Path: "2021/21xxx/CVE-2021-21285.json",
+ BlobHash: "86f5c8e875762d39fc91eadd1f304afcf3d5dcf3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/moby/moby/security/advisories/GHSA-6fj5-m822-rqx8",
+ "https://docs.docker.com/engine/release-notes/#20103",
+ "https://github.com/moby/moby/releases/tag/v20.10.3",
+ "https://github.com/moby/moby/releases/tag/v19.03.15",
+ "https://github.com/moby/moby/commit/8d3179546e79065adefa67cc697c09d0ab137d30",
+ "https://security.netapp.com/advisory/ntap-20210226-0005/",
+ "https://www.debian.org/security/2021/dsa-4865",
+ },
},
-
{
- ID: "CVE-2021-21287",
- Path: "2021/21xxx/CVE-2021-21287.json",
- BlobHash: "15436dba58b58830e5fbe2e705ec4288af28b3dc",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21287",
+ Path: "2021/21xxx/CVE-2021-21287.json",
+ BlobHash: "15436dba58b58830e5fbe2e705ec4288af28b3dc",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/minio/minio/security/advisories/GHSA-m4qq-5f7c-693q",
+ "https://github.com/minio/minio/pull/11337",
+ "https://github.com/minio/minio/commit/eb6871ecd960d570f70698877209e6db181bf276",
+ "https://github.com/minio/minio/releases/tag/RELEASE.2021-01-30T00-20-58Z",
+ },
},
-
{
- ID: "CVE-2021-21291",
- Path: "2021/21xxx/CVE-2021-21291.json",
- BlobHash: "f881d6472d7fa68fb4553fddccc75150413a0097",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21291",
+ Path: "2021/21xxx/CVE-2021-21291.json",
+ BlobHash: "f881d6472d7fa68fb4553fddccc75150413a0097",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-4mf2-f3wh-gvf2",
+ "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.0.0",
+ "https://pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7",
+ "https://github.com/oauth2-proxy/oauth2-proxy/commit/780ae4f3c99b579cb2ea9845121caebb6192f725",
+ },
},
-
{
- ID: "CVE-2021-21296",
- Path: "2021/21xxx/CVE-2021-21296.json",
- BlobHash: "c89066f834f7df81387343c61b002a63cb6e2224",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21296",
+ Path: "2021/21xxx/CVE-2021-21296.json",
+ BlobHash: "c89066f834f7df81387343c61b002a63cb6e2224",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/fleetdm/fleet/security/advisories/GHSA-xwh8-9p3f-3x45",
+ "https://www.npmjs.com/package/fleetctl",
+ "https://github.com/fleetdm/fleet/commit/f68f4238e83b45b2164e4ed05df14af0f06eaf40",
+ },
},
-
{
- ID: "CVE-2021-21300",
- Path: "2021/21xxx/CVE-2021-21300.json",
- BlobHash: "f2dafbd39d2eadea6c56513663a4d296f475a47c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21300",
+ Path: "2021/21xxx/CVE-2021-21300.json",
+ BlobHash: "f2dafbd39d2eadea6c56513663a4d296f475a47c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/git/git/security/advisories/GHSA-8prw-h3cq-mghm",
+ "https://lore.kernel.org/git/xmqqim6019yd.fsf@gitster.c.googlers.com/",
+ "https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks",
+ "https://git-scm.com/docs/gitattributes#_filter",
+ "https://github.com/git/git/commit/684dd4c2b414bcf648505e74498a608f28de4592",
+ "http://www.openwall.com/lists/oss-security/2021/03/09/3",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LCLJJLKKMS5WRFO6C475AOUZTWQLIARX/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LMXX2POK5X576BSDWSXGU7EIK6I72ERU/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBPNGLQSYJHLZZ37BO42YY6S5OTIF4L4/",
+ },
},
-
{
- ID: "CVE-2021-21303",
- Path: "2021/21xxx/CVE-2021-21303.json",
- BlobHash: "d11843a853e5e85164821385ed91a62834180092",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21303",
+ Path: "2021/21xxx/CVE-2021-21303.json",
+ BlobHash: "d11843a853e5e85164821385ed91a62834180092",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/helm/helm/security/advisories/GHSA-c38g-469g-cmgx",
+ "https://github.com/helm/helm/commit/6ce9ba60b73013857e2e7c73d3f86ed70bc1ac9a",
+ "https://github.com/helm/helm/releases/tag/v3.5.2",
+ },
},
-
{
- ID: "CVE-2021-21334",
- Path: "2021/21xxx/CVE-2021-21334.json",
- BlobHash: "be2655d8200ac614b22315b90181f6c5cbc7c756",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21334",
+ Path: "2021/21xxx/CVE-2021-21334.json",
+ BlobHash: "be2655d8200ac614b22315b90181f6c5cbc7c756",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/containerd/containerd/security/advisories/GHSA-6g2q-w5j3-fwh4",
+ "https://github.com/containerd/containerd/releases/tag/v1.4.4",
+ "https://github.com/containerd/containerd/releases/tag/v1.3.10",
+ "https://github.com/containerd/containerd/commit/05f951a3781f4f2c1911b05e61c160e9c30eaa8e",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KUE2Z2ZUWBHRU36ZGBD2YSJCYB6ELPXE/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIBPKSX5IOWPM3ZPFB3JVLXWDHSZTTWT/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VTXHA5JOWQRCCUZH7ZQBEYN6KZKJEYSD/",
+ },
},
-
{
- ID: "CVE-2021-21362",
- Path: "2021/21xxx/CVE-2021-21362.json",
- BlobHash: "303ed59cb9f1685d2e51e0fb37de0b61f43a9315",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21362",
+ Path: "2021/21xxx/CVE-2021-21362.json",
+ BlobHash: "303ed59cb9f1685d2e51e0fb37de0b61f43a9315",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/minio/minio/security/advisories/GHSA-hq5j-6r98-9m8v",
+ "https://github.com/minio/minio/pull/11682",
+ "https://github.com/minio/minio/commit/039f59b552319fcc2f83631bb421a7d4b82bc482",
+ "https://github.com/minio/minio/releases/tag/RELEASE.2021-03-04T00-53-13Z",
+ },
},
-
{
- ID: "CVE-2021-21363",
- Path: "2021/21xxx/CVE-2021-21363.json",
- BlobHash: "b0697dcfd6d2cb36677757a058c46f5a4e40a15e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21363",
+ Path: "2021/21xxx/CVE-2021-21363.json",
+ BlobHash: "b0697dcfd6d2cb36677757a058c46f5a4e40a15e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-pc22-3g76-gm6j",
+ "https://github.com/swagger-api/swagger-codegen/commit/987ea7a30b463cc239580d6ad166c707ae942a89",
+ },
},
-
{
- ID: "CVE-2021-21364",
- Path: "2021/21xxx/CVE-2021-21364.json",
- BlobHash: "2b47524049b50602bc70e72913bc6c20ac7387a3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21364",
+ Path: "2021/21xxx/CVE-2021-21364.json",
+ BlobHash: "2b47524049b50602bc70e72913bc6c20ac7387a3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/swagger-api/swagger-codegen/security/advisories/GHSA-hpv8-9rq5-hq7w",
+ "https://github.com/swagger-api/swagger-codegen/commit/35adbd552d5f99b3ff1e0e59da228becc85190f2",
+ },
},
-
{
- ID: "CVE-2021-21378",
- Path: "2021/21xxx/CVE-2021-21378.json",
- BlobHash: "f0d766bee258a38351382e41af42da47c96492fe",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21378",
+ Path: "2021/21xxx/CVE-2021-21378.json",
+ BlobHash: "f0d766bee258a38351382e41af42da47c96492fe",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4996-m8hf-hj27",
+ "https://github.com/envoyproxy/envoy/pull/15194",
+ "https://github.com/envoyproxy/envoy/commit/ea39e3cba652bcc4b11bb0d5c62b017e584d2e5a",
+ },
},
-
{
- ID: "CVE-2021-21390",
- Path: "2021/21xxx/CVE-2021-21390.json",
- BlobHash: "1f0ffef9cc992a8bbc3e15668c9380b016ea9df1",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21390",
+ Path: "2021/21xxx/CVE-2021-21390.json",
+ BlobHash: "1f0ffef9cc992a8bbc3e15668c9380b016ea9df1",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/minio/minio/security/advisories/GHSA-xr7r-7gpj-5pgp",
+ "https://github.com/minio/minio/pull/11801",
+ "https://github.com/minio/minio/commit/e197800f9055489415b53cf137e31e194aaf7ba0",
+ },
},
-
{
- ID: "CVE-2021-21404",
- Path: "2021/21xxx/CVE-2021-21404.json",
- BlobHash: "f52a011c5031b91375d3cbe7e8f0c5d640502144",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21404",
+ Path: "2021/21xxx/CVE-2021-21404.json",
+ BlobHash: "f52a011c5031b91375d3cbe7e8f0c5d640502144",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h",
+ "https://pkg.go.dev/github.com/syncthing/syncthing",
+ "https://github.com/syncthing/syncthing/commit/fb4fdaf4c0a79c22cad000c42ac1394e3ccb6a97",
+ "https://github.com/syncthing/syncthing/releases/tag/v1.15.0",
+ },
},
-
{
- ID: "CVE-2021-21411",
- Path: "2021/21xxx/CVE-2021-21411.json",
- BlobHash: "c0e226682ede3fdfde49ddb7b94e3bf0bbb2e61e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21411",
+ Path: "2021/21xxx/CVE-2021-21411.json",
+ BlobHash: "c0e226682ede3fdfde49ddb7b94e3bf0bbb2e61e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://pkg.go.dev/github.com/oauth2-proxy/oauth2-proxy/v7",
+ "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-652x-m2gr-hppm",
+ "https://github.com/oauth2-proxy/oauth2-proxy/commit/0279fa7dff1752f1710707dbd1ffac839de8bbfc",
+ "https://docs.gitlab.com/ee/user/group/",
+ "https://github.com/oauth2-proxy/oauth2-proxy/releases/tag/v7.1.0",
+ },
},
-
{
- ID: "CVE-2021-21432",
- Path: "2021/21xxx/CVE-2021-21432.json",
- BlobHash: "328bc5221f5d982efa361723e742526ab53427f3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-21432",
+ Path: "2021/21xxx/CVE-2021-21432.json",
+ BlobHash: "328bc5221f5d982efa361723e742526ab53427f3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-vela/server/security/advisories/GHSA-8j3f-mhq8-gmh4",
+ "https://pkg.go.dev/github.com/go-vela/server",
+ "https://github.com/go-vela/server/releases/tag/v0.7.5",
+ "https://github.com/go-vela/server/pull/337",
+ "https://github.com/go-vela/server/commit/cb4352918b8ecace9fe969b90404d337b0744d46",
+ },
},
-
{
- ID: "CVE-2021-22538",
- Path: "2021/22xxx/CVE-2021-22538.json",
- BlobHash: "c99e02a596b7de10c88315315d804d33285e634a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-22538",
+ Path: "2021/22xxx/CVE-2021-22538.json",
+ BlobHash: "c99e02a596b7de10c88315315d804d33285e634a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/google/exposure-notifications-verification-server/security/advisories/GHSA-5v95-v8c8-3rh6",
+ "https://github.com/google/exposure-notifications-verification-server/commit/eb8cf40b12dbe79304f1133c06fb73419383cd95",
+ "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.23.1",
+ "https://github.com/google/exposure-notifications-verification-server/releases/tag/v0.24.0",
+ },
},
-
{
- ID: "CVE-2021-23345",
- Path: "2021/23xxx/CVE-2021-23345.json",
- BlobHash: "f7fdaec22b9dac4f5cc50dd383427ec611a1004c",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-23345",
+ Path: "2021/23xxx/CVE-2021-23345.json",
+ BlobHash: "f7fdaec22b9dac4f5cc50dd383427ec611a1004c",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTHECODINGMACHINEGOTENBERG-1062043",
+ "https://github.com/thecodingmachine/gotenberg/issues/261",
+ },
},
-
{
- ID: "CVE-2021-23347",
- Path: "2021/23xxx/CVE-2021-23347.json",
- BlobHash: "346f5ec02402d7dadbb69d56467fd57fca40f8b3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-23347",
+ Path: "2021/23xxx/CVE-2021-23347.json",
+ BlobHash: "346f5ec02402d7dadbb69d56467fd57fca40f8b3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMARGOPROJARGOCDCMD-1078291",
+ "https://github.com/argoproj/argo-cd/pull/5563",
+ },
},
-
{
- ID: "CVE-2021-23351",
- Path: "2021/23xxx/CVE-2021-23351.json",
- BlobHash: "568be6cfe865f943f6f8a45058ef7a74f01148f8",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-23351",
+ Path: "2021/23xxx/CVE-2021-23351.json",
+ BlobHash: "568be6cfe865f943f6f8a45058ef7a74f01148f8",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1081577",
+ "https://github.com/pires/go-proxyproto/pull/71",
+ "https://github.com/pires/go-proxyproto/issues/69",
+ "https://github.com/pires/go-proxyproto/commit/7f48261db810703d173f27f3309a808cc2b49b8b",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BNVGJMVI3ZTZ675EFPUHPGXCKCGSX46/",
+ "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C36IBVOZXRTWM7MGTRUTOM56P5RR74VU/",
+ },
},
-
{
- ID: "CVE-2021-23357",
- Path: "2021/23xxx/CVE-2021-23357.json",
- BlobHash: "a9678541d5fe167a1c9825bb4883b056590461e2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-23357",
+ Path: "2021/23xxx/CVE-2021-23357.json",
+ BlobHash: "a9678541d5fe167a1c9825bb4883b056590461e2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMTYKTECHNOLOGIESTYKGATEWAY-1078516",
+ "https://github.com/TykTechnologies/tyk/issues/3390",
+ },
},
-
{
- ID: "CVE-2021-23827",
- Path: "2021/23xxx/CVE-2021-23827.json",
- BlobHash: "a2578d805be173c453968081730d81ccbe16bad6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-23827",
+ Path: "2021/23xxx/CVE-2021-23827.json",
+ BlobHash: "a2578d805be173c453968081730d81ccbe16bad6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/keybase/client/releases",
+ "https://johnjhacking.com/blog/cve-2021-23827/",
+ "https://hackerone.com/reports/1074930",
+ },
},
-
{
- ID: "CVE-2021-25313",
- Path: "2021/25xxx/CVE-2021-25313.json",
- BlobHash: "760454b213f7a9c1ca5721635a73f847ec06099d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-25313",
+ Path: "2021/25xxx/CVE-2021-25313.json",
+ BlobHash: "760454b213f7a9c1ca5721635a73f847ec06099d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.suse.com/show_bug.cgi?id=1181852",
+ "https://github.com/rancher/rancher/issues/31583",
+ "https://github.com/rancher/rancher/releases/tag/v2.5.6",
+ },
},
-
{
- ID: "CVE-2021-25834",
- Path: "2021/25xxx/CVE-2021-25834.json",
- BlobHash: "4a088aef94c3ce4b3667a8296db56f974a47331b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-25834",
+ Path: "2021/25xxx/CVE-2021-25834.json",
+ BlobHash: "4a088aef94c3ce4b3667a8296db56f974a47331b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cosmos/ethermint/issues/686",
+ },
},
-
{
- ID: "CVE-2021-25835",
- Path: "2021/25xxx/CVE-2021-25835.json",
- BlobHash: "bd2490d03a0accbf294384a5d0c4b7f46f442ac6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-25835",
+ Path: "2021/25xxx/CVE-2021-25835.json",
+ BlobHash: "bd2490d03a0accbf294384a5d0c4b7f46f442ac6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cosmos/ethermint/issues/687",
+ "https://github.com/cosmos/ethermint/pull/692",
+ },
},
-
{
- ID: "CVE-2021-25836",
- Path: "2021/25xxx/CVE-2021-25836.json",
- BlobHash: "784031dd9a871068b40d967d146de12606c8f1e0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-25836",
+ Path: "2021/25xxx/CVE-2021-25836.json",
+ BlobHash: "784031dd9a871068b40d967d146de12606c8f1e0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cosmos/ethermint/issues/667#issuecomment-759284303",
+ },
},
-
{
- ID: "CVE-2021-25837",
- Path: "2021/25xxx/CVE-2021-25837.json",
- BlobHash: "6a11801aae616e08a19eb9f38a88f5e4da0277bb",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-25837",
+ Path: "2021/25xxx/CVE-2021-25837.json",
+ BlobHash: "6a11801aae616e08a19eb9f38a88f5e4da0277bb",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/cosmos/ethermint/issues/667#issuecomment-759284107",
+ },
},
-
{
- ID: "CVE-2021-26921",
- Path: "2021/26xxx/CVE-2021-26921.json",
- BlobHash: "d4787d5df538c35322c74936a787102399c24a75",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-26921",
+ Path: "2021/26xxx/CVE-2021-26921.json",
+ BlobHash: "d4787d5df538c35322c74936a787102399c24a75",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
+ "https://github.com/argoproj/argo-cd/commit/f5b0db240b4e3abf18e97f6fd99096b4f9e94dc5",
+ "https://github.com/argoproj/argo-cd/security/advisories/GHSA-9h6w-j7w4-jr52",
+ },
},
-
{
- ID: "CVE-2021-26923",
- Path: "2021/26xxx/CVE-2021-26923.json",
- BlobHash: "f0bd85a75f16cca777a0476a3094fe70784cdf9b",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-26923",
+ Path: "2021/26xxx/CVE-2021-26923.json",
+ BlobHash: "f0bd85a75f16cca777a0476a3094fe70784cdf9b",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
+ "https://github.com/argoproj/argo-cd/security/advisories/GHSA-pfgj-mh5m-2p48",
+ },
},
-
{
- ID: "CVE-2021-26924",
- Path: "2021/26xxx/CVE-2021-26924.json",
- BlobHash: "d29ca782e39d26dc2c068caf8012236a5b847f89",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-26924",
+ Path: "2021/26xxx/CVE-2021-26924.json",
+ BlobHash: "d29ca782e39d26dc2c068caf8012236a5b847f89",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/argoproj/argo-cd/compare/v1.8.3...v1.8.4",
+ "https://github.com/argoproj/argo-cd/security/advisories/GHSA-pg99-h5gc-446r",
+ },
},
-
{
- ID: "CVE-2021-27098",
- Path: "2021/27xxx/CVE-2021-27098.json",
- BlobHash: "539f3f2377b46e2dad9e378e4db48c3aa819cba0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27098",
+ Path: "2021/27xxx/CVE-2021-27098.json",
+ BlobHash: "539f3f2377b46e2dad9e378e4db48c3aa819cba0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/spiffe/spire/security/advisories/GHSA-h746-rm5q-8mgq",
+ },
},
-
{
- ID: "CVE-2021-27099",
- Path: "2021/27xxx/CVE-2021-27099.json",
- BlobHash: "c005ee5a8bac6d91625b5111c4516391cb7e0796",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27099",
+ Path: "2021/27xxx/CVE-2021-27099.json",
+ BlobHash: "c005ee5a8bac6d91625b5111c4516391cb7e0796",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/spiffe/spire/security/advisories/GHSA-q7gm-mjrg-44h9",
+ },
},
-
{
- ID: "CVE-2021-27358",
- Path: "2021/27xxx/CVE-2021-27358.json",
- BlobHash: "aba8205fd68a792685ad77217a278384c8b9e8b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27358",
+ Path: "2021/27xxx/CVE-2021-27358.json",
+ BlobHash: "aba8205fd68a792685ad77217a278384c8b9e8b4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/grafana/grafana/blob/master/CHANGELOG.md",
+ "https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-2/",
+ "https://github.com/grafana/grafana/blob/master/CHANGELOG.md#742-2021-02-17",
+ },
},
-
{
- ID: "CVE-2021-27375",
- Path: "2021/27xxx/CVE-2021-27375.json",
- BlobHash: "a9b8cf26eb914e7056badec571dfbb318272579e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27375",
+ Path: "2021/27xxx/CVE-2021-27375.json",
+ BlobHash: "a9b8cf26eb914e7056badec571dfbb318272579e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/traefik/traefik/pull/7904",
+ "https://github.com/traefik/traefik/releases/tag/v2.4.5",
+ },
},
-
{
- ID: "CVE-2021-27935",
- Path: "2021/27xxx/CVE-2021-27935.json",
- BlobHash: "f1fbf363fc76f87dfc5d3205c1e371aef24f938d",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27935",
+ Path: "2021/27xxx/CVE-2021-27935.json",
+ BlobHash: "f1fbf363fc76f87dfc5d3205c1e371aef24f938d",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/AdguardTeam/AdGuardHome/issues/2470",
+ },
},
-
{
- ID: "CVE-2021-27940",
- Path: "2021/27xxx/CVE-2021-27940.json",
- BlobHash: "35ea4e985c93d6d8449ba1e50766b39aa0857c96",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-27940",
+ Path: "2021/27xxx/CVE-2021-27940.json",
+ BlobHash: "35ea4e985c93d6d8449ba1e50766b39aa0857c96",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/openark/orchestrator/pull/1313",
+ "https://github.com/openark/orchestrator/releases/tag/v3.2.4",
+ "https://www.youtube.com/watch?v=DOYm0DIS3Us",
+ },
},
-
{
- ID: "CVE-2021-28361",
- Path: "2021/28xxx/CVE-2021-28361.json",
- BlobHash: "0de97584b55224ffd84e0c77080e3cd75432f3b9",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-28361",
+ Path: "2021/28xxx/CVE-2021-28361.json",
+ BlobHash: "0de97584b55224ffd84e0c77080e3cd75432f3b9",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/spdk/spdk/releases/tag/v21.01.1",
+ },
},
-
{
- ID: "CVE-2021-28378",
- Path: "2021/28xxx/CVE-2021-28378.json",
- BlobHash: "c5c41d55d5713b680020faad631c31040d381508",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-28378",
+ Path: "2021/28xxx/CVE-2021-28378.json",
+ BlobHash: "c5c41d55d5713b680020faad631c31040d381508",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/14898",
+ "https://blog.gitea.io/2021/03/gitea-1.13.4-is-released/",
+ },
},
-
{
- ID: "CVE-2021-28681",
- Path: "2021/28xxx/CVE-2021-28681.json",
- BlobHash: "ffd61ae772a9228c6b39b632a1a1efb42b539f55",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-28681",
+ Path: "2021/28xxx/CVE-2021-28681.json",
+ BlobHash: "ffd61ae772a9228c6b39b632a1a1efb42b539f55",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/pion/webrtc/issues/1708",
+ "https://github.com/pion/webrtc/security/advisories/GHSA-74xm-qj29-cq8p",
+ },
},
-
{
- ID: "CVE-2021-28954",
- Path: "2021/28xxx/CVE-2021-28954.json",
- BlobHash: "c96faf1a3c298a8d302bde4a33e53922056325b4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-28954",
+ Path: "2021/28xxx/CVE-2021-28954.json",
+ BlobHash: "c96faf1a3c298a8d302bde4a33e53922056325b4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/chriswalz/bit/releases/tag/v1.0.5",
+ "https://vuln.ryotak.me/advisories/17",
+ },
},
-
{
- ID: "CVE-2021-28955",
- Path: "2021/28xxx/CVE-2021-28955.json",
- BlobHash: "7c3869ed9845a4062e9529893144b191b8842cb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-28955",
+ Path: "2021/28xxx/CVE-2021-28955.json",
+ BlobHash: "7c3869ed9845a4062e9529893144b191b8842cb2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/MichaelMure/git-bug/security/advisories/GHSA-m898-h4pm-pqfr",
+ "https://vuln.ryotak.me/advisories/18",
+ },
},
-
{
- ID: "CVE-2021-29136",
- Path: "2021/29xxx/CVE-2021-29136.json",
- BlobHash: "942c7f190f4df5dbbe3e0e0f766c8c177b3f4eb3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29136",
+ Path: "2021/29xxx/CVE-2021-29136.json",
+ BlobHash: "942c7f190f4df5dbbe3e0e0f766c8c177b3f4eb3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "http://www.openwall.com/lists/oss-security/2021/04/06/2",
+ "https://github.com/opencontainers/umoci/security/advisories/GHSA-9m95-8hx6-7p9v",
+ "https://github.com/opencontainers/umoci/commit/d9efc31daf2206f7d3fdb839863cf7a576a2eb57",
+ },
},
-
{
- ID: "CVE-2021-29271",
- Path: "2021/29xxx/CVE-2021-29271.json",
- BlobHash: "0296f139e8bb821d7e853cd0196bda02c3eac2d3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29271",
+ Path: "2021/29xxx/CVE-2021-29271.json",
+ BlobHash: "0296f139e8bb821d7e853cd0196bda02c3eac2d3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/umputun/remark42/compare/v1.6.0...v1.6.1",
+ "https://vuln.ryotak.me/advisories/19",
+ },
},
-
{
- ID: "CVE-2021-29272",
- Path: "2021/29xxx/CVE-2021-29272.json",
- BlobHash: "49dbdd5ac9bf867a0115a5892116495ab83509a3",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29272",
+ Path: "2021/29xxx/CVE-2021-29272.json",
+ BlobHash: "49dbdd5ac9bf867a0115a5892116495ab83509a3",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.5",
+ "https://vuln.ryotak.me/advisories/4",
+ },
},
-
{
- ID: "CVE-2021-29417",
- Path: "2021/29xxx/CVE-2021-29417.json",
- BlobHash: "899a3cfaae898f0f4490c3eae0dbd9ffee040d3a",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29417",
+ Path: "2021/29xxx/CVE-2021-29417.json",
+ BlobHash: "899a3cfaae898f0f4490c3eae0dbd9ffee040d3a",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/liamg/gitjacker/releases/tag/v0.1.0",
+ "https://github.com/liamg/gitjacker/compare/v0.0.3...v0.1.0",
+ "https://vuln.ryotak.me/advisories/5",
+ },
},
-
{
- ID: "CVE-2021-29651",
- Path: "2021/29xxx/CVE-2021-29651.json",
- BlobHash: "072c610f315a16d8ff3e37bbaa92b0f9bd65d8a6",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29651",
+ Path: "2021/29xxx/CVE-2021-29651.json",
+ BlobHash: "072c610f315a16d8ff3e37bbaa92b0f9bd65d8a6",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/pomerium/pomerium/security/advisories/GHSA-35vc-w93w-75c2",
+ },
},
-
{
- ID: "CVE-2021-29652",
- Path: "2021/29xxx/CVE-2021-29652.json",
- BlobHash: "9d55b7d4d0a1750890880ca5070f0aaaa74bf3f4",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-29652",
+ Path: "2021/29xxx/CVE-2021-29652.json",
+ BlobHash: "9d55b7d4d0a1750890880ca5070f0aaaa74bf3f4",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/pomerium/pomerium/security/advisories/GHSA-fv82-r8qv-ch4v",
+ },
},
-
{
- ID: "CVE-2021-3344",
- Path: "2021/3xxx/CVE-2021-3344.json",
- BlobHash: "05e0c6e64ea180e7ff2b4bc93696d1d430e4dcb2",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-3344",
+ Path: "2021/3xxx/CVE-2021-3344.json",
+ BlobHash: "05e0c6e64ea180e7ff2b4bc93696d1d430e4dcb2",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://bugzilla.redhat.com/show_bug.cgi?id=1921450",
+ },
},
-
{
- ID: "CVE-2021-3382",
- Path: "2021/3xxx/CVE-2021-3382.json",
- BlobHash: "6dbdcf6d4e58c1264b1b9066295ed35e61e9ffb0",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-3382",
+ Path: "2021/3xxx/CVE-2021-3382.json",
+ BlobHash: "6dbdcf6d4e58c1264b1b9066295ed35e61e9ffb0",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://github.com/go-gitea/gitea/pull/14390",
+ },
},
-
{
- ID: "CVE-2021-3391",
- Path: "2021/3xxx/CVE-2021-3391.json",
- BlobHash: "047ec1a6d8af1ac4b251c1c4dbbdaf209178a92e",
- CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
- CVEState: "PUBLIC",
- TriageState: "NoActionNeeded",
- TriageStateReason: "known false positive",
+ ID: "CVE-2021-3391",
+ Path: "2021/3xxx/CVE-2021-3391.json",
+ BlobHash: "047ec1a6d8af1ac4b251c1c4dbbdaf209178a92e",
+ CommitHash: "17294f1a2af61a2a2df52ac89cbd7c516f0c4e6a",
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ ReferenceURLs: []string{
+ "https://www.mobileiron.com/en/blog/mobileiron-security-updates-available",
+ "https://www.optiv.com/explore-optiv-insights/source-zero/mobileiron-mdm-contains-static-key-allowing-account-enumeration",
+ "https://github.com/optiv/rustyIron",
+ },
},
}
diff --git a/internal/worker/false_positives_test.go b/internal/worker/false_positives_test.go
index 380d3da..8c3f2cc 100644
--- a/internal/worker/false_positives_test.go
+++ b/internal/worker/false_positives_test.go
@@ -22,13 +22,16 @@
got := mstore.CVERecords()
for _, want := range []*store.CVERecord{
{
- ID: "CVE-2016-0216",
- Path: "2016/0xxx/CVE-2016-0216.json",
- CommitHash: FalsePositiveCommitHash,
- BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
- CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateNoActionNeeded,
- TriageStateReason: "known false positive",
+ ID: "CVE-2016-0216",
+ Path: "2016/0xxx/CVE-2016-0216.json",
+ CommitHash: FalsePositiveCommitHash,
+ BlobHash: "ac9f59c6700576b5936dc014ce265ee0c9a41097",
+ CVEState: cveschema.StatePublic,
+ TriageState: store.TriageStateFalsePositive,
+ ReferenceURLs: []string{
+ "http://www.ibm.com/support/docview.wss?uid=swg21975358",
+ "http://www.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_multiple_security_vulnerabilities_in_ibm_tivoli_storage_manager_fastback_cve_2016_0212_cve_2016_0213_cve_2016_0216",
+ },
},
{
ID: "CVE-2020-15112",
@@ -36,8 +39,8 @@
CommitHash: FalsePositiveCommitHash,
BlobHash: "3d87891317ff107037bc0145194ab72df1890411",
CVEState: cveschema.StatePublic,
- TriageState: store.TriageStateNoActionNeeded,
- TriageStateReason: "covered by GO-2020-0005",
+ TriageState: store.TriageStateHasVuln,
+ TriageStateReason: "GO-2020-0005",
},
} {
if diff := cmp.Diff(want, got[want.ID]); diff != "" {
diff --git a/internal/worker/gen_false_positives.go b/internal/worker/gen_false_positives.go
index b3dafd9..bbde9ed 100644
--- a/internal/worker/gen_false_positives.go
+++ b/internal/worker/gen_false_positives.go
@@ -30,7 +30,9 @@
"golang.org/x/vuln/internal/worker/store"
)
-// The CVEs marked "false-positive" in triaged-cve-list.
+// The CVEs marked "false-positive" in triaged-cve-list,
+// including both true false positives and CVEs that are
+// covered by a Go vulndb report.
var falsePositiveIDs = []string{
"CVE-2013-2124",
"CVE-2013-2233",
@@ -574,12 +576,12 @@
"CVE-2021-3391",
}
-// Reasons other than "known false positive".
-var falsePositiveReasons = map[string]string{
- "CVE-2020-15112": "covered by GO-2020-0005",
- "CVE-2020-29243": "covered by GO-2021-0097",
- "CVE-2020-29244": "covered by GO-2021-0097",
- "CVE-2020-29245": "covered by GO-2021-0097",
+// IDs that are covered by a Go vuln report, and the report ID.
+var coveredIDs = map[string]string{
+ "CVE-2020-15112": "GO-2020-0005",
+ "CVE-2020-29243": "GO-2021-0097",
+ "CVE-2020-29244": "GO-2021-0097",
+ "CVE-2020-29245": "GO-2021-0097",
}
func main() {
@@ -600,7 +602,7 @@
if err != nil {
return err
}
- crs, err := buildFalsePositiveCVERecords(repo)
+ crs, err := buildCVERecords(repo)
if err != nil {
return err
}
@@ -615,7 +617,7 @@
return ioutil.WriteFile("false_positive_records.gen.go", src, 0644)
}
-func buildFalsePositiveCVERecords(repo *git.Repository) ([]*store.CVERecord, error) {
+func buildCVERecords(repo *git.Repository) ([]*store.CVERecord, error) {
commit, err := repo.CommitObject(plumbing.NewHash(worker.FalsePositiveCommitHash))
if err != nil {
return nil, err
@@ -632,14 +634,18 @@
}
cr := store.NewCVERecord(cve, path, blobHash)
cr.CommitHash = worker.FalsePositiveCommitHash
- cr.TriageState = store.TriageStateNoActionNeeded
- cr.TriageStateReason = "known false positive"
- if r := falsePositiveReasons[id]; r != "" {
- // Not actually a false positive; something else.
- cr.TriageStateReason = r
+ if reportID := coveredIDs[id]; reportID != "" {
+ cr.TriageState = store.TriageStateHasVuln
+ cr.TriageStateReason = reportID
+ } else {
+ cr.TriageState = store.TriageStateFalsePositive
+ for _, r := range cve.References.Data {
+ if r.URL != "" {
+ cr.ReferenceURLs = append(cr.ReferenceURLs, r.URL)
+ }
+ }
}
crs = append(crs, cr)
-
}
return crs, nil
}
@@ -670,7 +676,7 @@
import "golang.org/x/vuln/internal/worker/store"
var falsePositives = []*store.CVERecord{
-{{range .}}
+{{range . -}}
{
ID: "{{.ID}}",
Path: "{{.Path}}",
@@ -678,7 +684,16 @@
CommitHash: "{{.CommitHash}}",
CVEState: "{{.CVEState}}",
TriageState: "{{.TriageState}}",
- TriageStateReason: "{{.TriageStateReason}}",
+ {{with .TriageStateReason -}}
+ TriageStateReason: "{{.}}",
+ {{end}}
+ {{- with .ReferenceURLs -}}
+ ReferenceURLs: []string{
+ {{- range .}}
+ "{{.}}",
+ {{- end}}
+ },
+ {{end}}
},
{{end}}
}
diff --git a/internal/worker/store/store.go b/internal/worker/store/store.go
index c916a99..3bbd2ab 100644
--- a/internal/worker/store/store.go
+++ b/internal/worker/store/store.go
@@ -37,6 +37,10 @@
// CVE is a copy of the CVE, for the NeedsIssue triage state.
CVE *cveschema.CVE
+ // ReferenceURLs is a list of the URLs in the CVE references,
+ // for the FalsePositive triage state.
+ ReferenceURLs []string
+
// IssueReference is a reference to the GitHub issue that was filed.
// E.g. golang/vulndb#12345.
// Set only after a GitHub issue has been successfully created.
@@ -83,14 +87,20 @@
TriageStateIssueCreated TriageState = "IssueCreated"
// The CVE state was changed after the CVE was created.
TriageStateUpdatedSinceIssueCreation TriageState = "UpdatedSinceIssueCreation"
+ // Although the triager might think this CVE is relevant to Go, it is not.
+ TriageStateFalsePositive TriageState = "FalsePositive"
+ // There is already an entry in the Go vuln DB that covers this CVE.
+ TriageStateHasVuln TriageState = "HasVuln"
)
// Validate returns an error if the TriageState is not one of the above values.
func (s TriageState) Validate() error {
- if s == TriageStateNoActionNeeded || s == TriageStateNeedsIssue || s == TriageStateIssueCreated || s == TriageStateUpdatedSinceIssueCreation {
+ switch s {
+ case TriageStateNoActionNeeded, TriageStateNeedsIssue, TriageStateIssueCreated, TriageStateUpdatedSinceIssueCreation, TriageStateFalsePositive, TriageStateHasVuln:
return nil
+ default:
+ return fmt.Errorf("bad TriageState %q", s)
}
- return fmt.Errorf("bad TriageState %q", s)
}
// NewCVERecord creates a CVERecord from a CVE, its path and its blob hash.
diff --git a/internal/worker/update.go b/internal/worker/update.go
index 7c85a34..3785bb0 100644
--- a/internal/worker/update.go
+++ b/internal/worker/update.go
@@ -259,7 +259,15 @@
}
var result *triageResult
if cve.State == cveschema.StatePublic && !u.knownIDs[cve.ID] {
- result, err = u.affectedModule(cve)
+ c := cve
+ // If a false positive has changed, we only care about
+ // whether new reference URLs refer to a Go module.
+ // We know some old ones do. So remove the old ones
+ // before checking.
+ if old != nil && old.TriageState == store.TriageStateFalsePositive {
+ c = copyRemoving(cve, old.ReferenceURLs)
+ }
+ result, err = u.affectedModule(c)
if err != nil {
return false, err
}
@@ -269,15 +277,15 @@
if old == nil {
cr := store.NewCVERecord(cve, pathname, f.blobHash.String())
cr.CommitHash = u.commitHash.String()
- if result != nil {
+ switch {
+ case result != nil:
cr.TriageState = store.TriageStateNeedsIssue
cr.Module = result.modulePath
cr.CVE = cve
- } else {
+ case u.knownIDs[cve.ID]:
+ cr.TriageState = store.TriageStateHasVuln
+ default:
cr.TriageState = store.TriageStateNoActionNeeded
- if u.knownIDs[cve.ID] {
- cr.TriageStateReason = "already in vuln DB"
- }
}
if err := tx.CreateCVERecord(cr); err != nil {
return false, err
@@ -291,7 +299,7 @@
mod.CVEState = cve.State
mod.CommitHash = u.commitHash.String()
switch old.TriageState {
- case store.TriageStateNoActionNeeded:
+ case store.TriageStateNoActionNeeded, store.TriageStateFalsePositive:
if result != nil {
// Didn't need an issue before, does now.
mod.TriageState = store.TriageStateNeedsIssue
@@ -299,6 +307,7 @@
}
// Else don't change the triage state, but we still want
// to update the other changed fields.
+
case store.TriageStateNeedsIssue:
if result == nil {
// Needed an issue, no longer does.
@@ -308,6 +317,7 @@
}
// Else don't change the triage state, but we still want
// to update the other changed fields.
+
case store.TriageStateIssueCreated, store.TriageStateUpdatedSinceIssueCreation:
// An issue was filed, so a person should revisit this CVE.
mod.TriageState = store.TriageStateUpdatedSinceIssueCreation
@@ -316,6 +326,9 @@
mp = result.modulePath
}
mod.TriageStateReason = fmt.Sprintf("CVE changed; affected module = %q", mp)
+ case store.TriageStateHasVuln:
+ // There is already a Go vuln report for this CVE, so
+ // nothing to do.
default:
return false, fmt.Errorf("unknown TriageState: %q", old.TriageState)
}
@@ -330,6 +343,23 @@
return false, nil
}
+// copyRemoving returns a copy of cve with any reference that has a given URL removed.
+func copyRemoving(cve *cveschema.CVE, refURLs []string) *cveschema.CVE {
+ remove := map[string]bool{}
+ for _, u := range refURLs {
+ remove[u] = true
+ }
+ c := *cve
+ var rs []cveschema.Reference
+ for _, r := range cve.References.Data {
+ if !remove[r.URL] {
+ rs = append(rs, r)
+ }
+ }
+ c.References.Data = rs
+ return &c
+}
+
type repoFile struct {
dirPath string
filename string
diff --git a/internal/worker/update_test.go b/internal/worker/update_test.go
index d577289..437cc00 100644
--- a/internal/worker/update_test.go
+++ b/internal/worker/update_test.go
@@ -30,6 +30,7 @@
if err != nil {
t.Fatal(err)
}
+
got, err := repoCVEFiles(repo, commit)
if err != nil {
t.Fatal(err)
@@ -83,6 +84,9 @@
if !m.IssueCreatedAt.IsZero() {
panic("unsupported modification")
}
+ if m.ReferenceURLs != nil {
+ c.ReferenceURLs = m.ReferenceURLs
+ }
if m.History != nil {
c.History = m.History
}
@@ -146,8 +150,7 @@
rs[0].CVE = cves[0]
rs[1].TriageState = store.TriageStateNoActionNeeded // state is reserved
rs[2].TriageState = store.TriageStateNoActionNeeded // state is rejected
- rs[3].TriageState = store.TriageStateNoActionNeeded
- rs[3].TriageStateReason = "already in vuln DB"
+ rs[3].TriageState = store.TriageStateHasVuln
for _, test := range []struct {
name string
@@ -236,6 +239,56 @@
rs[3],
},
},
+ {
+ name: "false positive no Go URLs",
+ cur: []*store.CVERecord{
+ // FalsePositive; no change
+ modify(rs[0], &store.CVERecord{
+ BlobHash: "x",
+ TriageState: store.TriageStateFalsePositive,
+ ReferenceURLs: []string{
+ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
+ "https://golang.org/x/mod",
+ },
+ }),
+ },
+ want: []*store.CVERecord{
+ modify(rs[0], &store.CVERecord{
+ TriageState: store.TriageStateFalsePositive,
+ ReferenceURLs: []string{
+ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
+ "https://golang.org/x/mod",
+ },
+ }),
+ rs[1], rs[2], rs[3],
+ },
+ },
+ {
+ name: "false positive new Go URLs",
+ cur: []*store.CVERecord{
+ // FalsePositive; no change
+ modify(rs[0], &store.CVERecord{
+ BlobHash: "x",
+ TriageState: store.TriageStateFalsePositive,
+ ReferenceURLs: []string{
+ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
+ },
+ }),
+ },
+ want: []*store.CVERecord{
+ modify(rs[0], &store.CVERecord{
+ ReferenceURLs: []string{
+ "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00477.html",
+ },
+ History: []*store.CVERecordSnapshot{{
+ CommitHash: commitHash,
+ CVEState: "PUBLIC",
+ TriageState: "FalsePositive",
+ }},
+ }),
+ rs[1], rs[2], rs[3],
+ },
+ },
} {
t.Run(test.name, func(t *testing.T) {
mstore := store.NewMemStore()
