Ryan Mulligan
64a512048a
[CVE] add isuse relating to doas
2019-12-21 06:48:31 -08:00
Ryan Mulligan
9a395bdd48
[CVE] fix kanboard issue
2019-12-07 20:56:08 -08:00
Ryan Mulligan
42d01c92bb
[CVE] resolve socat issue
2019-12-07 20:43:23 -08:00
Ryan Mulligan
fc9c340cb8
[CVE] add socat issue
2019-11-28 13:51:10 -08:00
Ryan Mulligan
27c59e4f46
[CVE] add issue for kanboard
2019-11-28 06:17:50 -08:00
Ryan Mulligan
fc4d20b8ca
[CVE] fix CVENOTES merge resolution mistakes
2019-11-24 21:36:49 -08:00
Ryan Mulligan
65fcc8dc21
Merge branch 'cve'
2019-11-24 21:35:18 -08:00
Ryan Mulligan
4435e4912f
[CVE] fix go issues, improve uzbl handling
...
Before it was going to always ignore certain uzbl CVEs, but now it
only ignores them if the version doesn't look like a date (start with
four numbers).
2019-11-24 16:16:29 -08:00
Ryan Mulligan
828662099b
[CVE] fix thrift issues
2019-11-24 15:19:43 -08:00
Ryan Mulligan
cab001cbfc
[CVE] Fix arena issues
2019-11-24 15:11:51 -08:00
Ryan Mulligan
5fdc8af00d
[CVE] Only consider bounded matchers, fix tor issues
...
Sometimes the NVD contains unbounded matchers that match everything
for example https://nvd.nist.gov/vuln/detail/CVE-2009-0414 has a
matcher of
cpe:2.3🅰️ tor:tor:*:*:*:*:*:*:*:*
without any bounds. Lars and I decided to ignore these CPE matches
because it seems nonsensical or at least not useful for there to be a
CVE that cannot be fixed.
2019-11-24 15:02:42 -08:00
Ryan Mulligan
29847728fb
[CVE] fix uzbl issues
2019-11-24 14:39:52 -08:00
Ryan Mulligan
6d2c8f09c0
[CVE] add filtering, fix terraform CVE issue
2019-11-24 14:28:04 -08:00
Jan Tojnar
8ce6cf3bf0
[CVE] Fix links
2019-11-05 15:53:23 +01:00
Ryan Mulligan
ad0b954b32
[CVE] add note about golang
2019-11-01 20:53:39 -07:00
Ryan Mulligan
ad2fd44fc3
CVE: add note about Thrift
2019-10-31 06:26:40 -07:00
Ryan Mulligan
bb67484804
update CVE notes
2019-10-12 07:34:52 -07:00
Ryan Mulligan
303aed0afc
add notes researching CVE failed matches
2019-10-06 16:16:31 -07:00