Skip to content

Raspberry Pi OS(Raspbian) scanning using OVAL DB #1019

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 48 commits into from
Aug 25, 2020

Conversation

MaineK00n
Copy link
Collaborator

@MaineK00n MaineK00n commented Jul 14, 2020

What did you implement:

The survey(#1001) showed that on the Raspberry Pi OS, when the scan mode is other than deep to use Debian OVAL. ChangeLog is still used for packages such as libraspberrypi-dev, ffmpeg 7:4.1.4-1+rpt7~deb10u1 that exist only in Raspberry Pi OS.

Scan Mode fast fast-root deep
v0.11.0 (deep scan) (deep scan) changelog
raspberrypi-oval
  • OVAL
  • Debian Security Tracker
  • OVAL
  • Debian Security Tracker
  • changelog(only raspberrypi package)
  • OVAL
  • Debian Security Tracker
  • changelog(all updatable package)

As of vuls v0.11.3, when the scan target is Raspbian, the following bugs that can not get Changelog are fixed.

[Aug 17 14:37:34]  WARN [raspi] Failed to SSH: execResult: servername: raspi
  cmd: /usr/bin/ssh -tt -o StrictHostKeyChecking=yes -o LogLevel=quiet -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=auto -o ControlPath=/home/mainek00n/.vuls/controlmaster-%r-raspi.%p -o Controlpersist=10m pi@192.168.11.21 -p 22 -i /home/mainek00n/.ssh/id_rsa -o PasswordAuthentication=no stty cols 1000; PAGER=cat apt-get -q=2 changelog libavformat58
  exitstatus: 100
  stdout: E: Failed to fetch changelog:/ffmpeg.changelog  Changelog unavailable for ffmpeg=7:4.1.6-1~deb10u1+rpt1

  stderr:
  err: %!s(<nil>)

Also, due to this commit(7f8c975), the result of Changelog could not be saved in Cache. This bug will also be resolved in this PR.

Added support for Debian Security Tracker with gost.

In this PR, I also corrected the forgetting corrections around Amazon's OVAL. (72e3f44)

Fixes #1001

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • This change requires a documentation update

How Has This Been Tested?

The operation was confirmed by executing as follows.

$ ./vuls scan && ./vuls report
[Aug 18 23:42:11]  INFO [localhost] Start scanning
[Aug 18 23:42:11]  INFO [localhost] config: /home/mainek00n/github/github.com/MaineK00n/vuls/config.toml
[Aug 18 23:42:11]  INFO [localhost] Validating config...
[Aug 18 23:42:11]  INFO [localhost] Detecting Server/Container OS...
[Aug 18 23:42:11]  INFO [localhost] Detecting OS of servers...
[Aug 18 23:42:11]  INFO [localhost] (1/1) Detected: raspi: raspbian 10
[Aug 18 23:42:11]  INFO [localhost] Detecting OS of containers...
[Aug 18 23:42:11]  INFO [localhost] Checking Scan Modes...
[Aug 18 23:42:11]  INFO [localhost] Detecting Platforms...
[Aug 18 23:42:12]  INFO [localhost] (1/1) raspi is running on other
[Aug 18 23:42:12]  INFO [localhost] Detecting IPS identifiers...
[Aug 18 23:42:12]  INFO [localhost] (1/1) raspi has 0 IPS integration
[Aug 18 23:42:12]  INFO [localhost] Scanning vulnerabilities...
[Aug 18 23:42:12]  INFO [localhost] Open boltDB: /home/mainek00n/github/github.com/MaineK00n/vuls/cache.db
[Aug 18 23:42:12]  INFO [localhost] Scanning vulnerable OS packages...
[Aug 18 23:42:12]  INFO [raspi] Scanning in fast-root mode
[Aug 18 23:42:13]  INFO [raspi] apt-get update...
[Aug 18 23:42:44]  INFO [raspi] (1/65) Scanned vlc-plugin-notify: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (2/65) Scanned vlc-l10n: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (3/65) Scanned raspberrypi-sys-mods: []
[Aug 18 23:42:44]  INFO [raspi] (4/65) Scanned pi-package-data: []
[Aug 18 23:42:44]  INFO [raspi] (5/65) Scanned pi-package-session: []
[Aug 18 23:42:44]  INFO [raspi] (6/65) Scanned libfm-data: []
[Aug 18 23:42:44]  INFO [raspi] (7/65) Scanned libraspberrypi-doc: []
[Aug 18 23:42:44]  INFO [raspi] (8/65) Scanned firmware-misc-nonfree: []
[Aug 18 23:42:44]  INFO [raspi] (9/65) Scanned raspberrypi-ui-mods: []
[Aug 18 23:42:44]  INFO [raspi] (10/65) Scanned arandr: []
[Aug 18 23:42:44]  INFO [raspi] (11/65) Scanned libavcodec58: []
[Aug 18 23:42:44]  INFO [raspi] (12/65) Scanned libraspberrypi-bin: []
[Aug 18 23:42:44]  INFO [raspi] (13/65) Scanned libvlccore9: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (14/65) Scanned xserver-xorg-core: []
[Aug 18 23:42:44]  INFO [raspi] (15/65) Scanned vlc-plugin-video-splitter: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (16/65) Scanned rpi-eeprom-images: []
[Aug 18 23:42:44]  INFO [raspi] (17/65) Scanned pcmanfm: []
[Aug 18 23:42:44]  INFO [raspi] (18/65) Scanned xserver-common: []
[Aug 18 23:42:44]  INFO [raspi] (19/65) Scanned firmware-realtek: []
[Aug 18 23:42:44]  INFO [raspi] (20/65) Scanned ffmpeg: []
[Aug 18 23:42:44]  INFO [raspi] (21/65) Scanned vlc-bin: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (22/65) Scanned vlc-plugin-video-output: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (23/65) Scanned libfm-modules: []
[Aug 18 23:42:44]  INFO [raspi] (24/65) Scanned libfm-gtk-data: []
[Aug 18 23:42:44]  INFO [raspi] (25/65) Scanned libavdevice58: []
[Aug 18 23:42:44]  INFO [raspi] (26/65) Scanned pi-bluetooth: []
[Aug 18 23:42:44]  INFO [raspi] (27/65) Scanned libavresample4: []
[Aug 18 23:42:44]  INFO [raspi] (28/65) Scanned pi-package: []
[Aug 18 23:42:44]  INFO [raspi] (29/65) Scanned libavformat58: []
[Aug 18 23:42:44]  INFO [raspi] (30/65) Scanned libjavascriptcoregtk-4.0-18: [{CVE-2020-9802 95 / ChangelogExactMatch} {CVE-2020-9803 95 / ChangelogExactMatch} {CVE-2020-9805 95 / ChangelogExactMatch} {CVE-2020-9806 95 / ChangelogExactMatch} {CVE-2020-9807 95 / ChangelogExactMatch} {CVE-2020-9843 95 / ChangelogExactMatch} {CVE-2020-9850 95 / ChangelogExactMatch} {CVE-2020-13753 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (31/65) Scanned libvlc5: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (32/65) Scanned libswresample3: []
[Aug 18 23:42:44]  INFO [raspi] (33/65) Scanned vlc-plugin-samba: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (34/65) Scanned rpi-eeprom: []
[Aug 18 23:42:44]  INFO [raspi] (35/65) Scanned firmware-libertas: []
[Aug 18 23:42:44]  INFO [raspi] (36/65) Scanned libbluetooth3: []
[Aug 18 23:42:44]  INFO [raspi] (37/65) Scanned rpi-chromium-mods: []
[Aug 18 23:42:44]  INFO [raspi] (38/65) Scanned lxpanel-data: []
[Aug 18 23:42:44]  INFO [raspi] (39/65) Scanned libavfilter7: []
[Aug 18 23:42:44]  INFO [raspi] (40/65) Scanned piclone: []
[Aug 18 23:42:44]  INFO [raspi] (41/65) Scanned libfm4: []
[Aug 18 23:42:44]  INFO [raspi] (42/65) Scanned vlc: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (43/65) Scanned libavutil56: []
[Aug 18 23:42:44]  INFO [raspi] (44/65) Scanned piwiz: []
[Aug 18 23:42:44]  INFO [raspi] (45/65) Scanned libfm-gtk4: []
[Aug 18 23:42:44]  INFO [raspi] (46/65) Scanned vlc-plugin-base: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (47/65) Scanned vlc-plugin-skins2: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (48/65) Scanned vlc-plugin-visualization: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (49/65) Scanned pi-greeter: []
[Aug 18 23:42:44]  INFO [raspi] (50/65) Scanned raspberrypi-kernel: []
[Aug 18 23:42:44]  INFO [raspi] (51/65) Scanned bluez: []
[Aug 18 23:42:44]  INFO [raspi] (52/65) Scanned firmware-brcm80211: []
[Aug 18 23:42:44]  INFO [raspi] (53/65) Scanned libfm-extra4: []
[Aug 18 23:42:44]  INFO [raspi] (54/65) Scanned libvlc-bin: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (55/65) Scanned pipanel: []
[Aug 18 23:42:44]  INFO [raspi] (56/65) Scanned libpostproc55: []
[Aug 18 23:42:44]  INFO [raspi] (57/65) Scanned libwebkit2gtk-4.0-37: [{CVE-2020-9802 95 / ChangelogExactMatch} {CVE-2020-9803 95 / ChangelogExactMatch} {CVE-2020-9805 95 / ChangelogExactMatch} {CVE-2020-9806 95 / ChangelogExactMatch} {CVE-2020-9807 95 / ChangelogExactMatch} {CVE-2020-9843 95 / ChangelogExactMatch} {CVE-2020-9850 95 / ChangelogExactMatch} {CVE-2020-13753 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (58/65) Scanned libswscale5: []
[Aug 18 23:42:44]  INFO [raspi] (59/65) Scanned libraspberrypi0: []
[Aug 18 23:42:44]  INFO [raspi] (60/65) Scanned libraspberrypi-dev: []
[Aug 18 23:42:44]  INFO [raspi] (61/65) Scanned raspberrypi-bootloader: []
[Aug 18 23:42:44]  INFO [raspi] (62/65) Scanned firmware-atheros: []
[Aug 18 23:42:44]  INFO [raspi] (63/65) Scanned lxpanel: []
[Aug 18 23:42:44]  INFO [raspi] (64/65) Scanned vlc-data: [{CVE-2020-13428 95 / ChangelogExactMatch}]
[Aug 18 23:42:44]  INFO [raspi] (65/65) Scanned vlc-plugin-qt: [{CVE-2020-13428 95 / ChangelogExactMatch}]


One Line Summary
================
raspi   raspbian10      1358 installed, 110 updatable





To view the detail, vuls tui is useful.
To send a report, run vuls report -h.
[Aug 18 23:44:22]  INFO [localhost] Validating config...
[Aug 18 23:44:22]  INFO [localhost] Loaded: /home/mainek00n/github/github.com/MaineK00n/vuls/results/2020-08-18T23:42:12+09:00
[Aug 18 23:44:22]  INFO [localhost] Validating db config...
INFO[0000] -cvedb-type: sqlite3, -cvedb-url: , -cvedb-path: /usr/share/vuls-data/cve.sqlite3
INFO[0000] -ovaldb-type: sqlite3, -ovaldb-url: , -ovaldb-path: /home/mainek00n/github/github.com/MaineK00n/vuls/oval.sqlite3
INFO[0000] -gostdb-type: sqlite3, -gostdb-url: , -gostdb-path: /usr/share/vuls-data/gost.sqlite3
INFO[0000] -exploitdb-type: sqlite3, -exploitdb-url: , -exploitdb-path: /usr/share/vuls-data/go-exploitdb.sqlite3
INFO[0000] -msfdb-type: sqlite3, -msfdb-url: , -msfdb-path: /usr/share/vuls-data/go-msfdb.sqlite3
INFO[08-18|23:44:22] Opening DB.                              db=sqlite3
INFO[08-18|23:44:22] Migrating DB.                            db=sqlite3
INFO[08-18|23:44:22] Opening Database.                        db=sqlite3
INFO[08-18|23:44:22] Migrating DB.                            db=sqlite3
INFO[08-18|23:44:22] Opening DB                               db=sqlite3
INFO[08-18|23:44:22] Migrating DB                             db=sqlite3
[Aug 18 23:44:22]  INFO [localhost] raspi: 0 CVEs are detected with Library
[Aug 18 23:44:22]  INFO [localhost] OVAL is fresh: debian 10
[Aug 18 23:44:22]  INFO [localhost] raspi: 30 CVEs are detected with OVAL
[Aug 18 23:44:22]  INFO [localhost] raspi: 0 CVEs are detected with CPE
[Aug 18 23:44:22]  INFO [localhost] raspi: 0 CVEs are detected with GitHub Security Alerts
[Aug 18 23:44:29]  INFO [localhost] raspi: 347 unfixed CVEs are detected with gost
[Aug 18 23:44:29]  INFO [localhost] Fill CVE detailed information with CVE-DB
[Aug 18 23:44:30]  INFO [localhost] Fill exploit information with Exploit-DB
[Aug 18 23:44:30]  INFO [localhost] raspi: 6 exploits are detected
[Aug 18 23:44:30]  INFO [localhost] Fill metasploit module information with Metasploit-DB
[Aug 18 23:44:30]  INFO [localhost] raspi: 0 modules are detected
raspi (raspbian10)
==================
Total: 386 (High:53 Medium:269 Low:43 ?:21), 14/386 Fixed, 1358 installed, 110 updatable, 6 exploits, 0 modules, en: 10, ja: 0 alerts

+---------------------+------+--------+-----+--------+---------+---------------------------------------------------+
|       CVE-ID        | CVSS | ATTACK | POC |  CERT  |  FIXED  |                        NVD                        |
+---------------------+------+--------+-----+--------+---------+---------------------------------------------------+
| CVE-2005-2541       | 10.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2005-2541    |
| CVE-2014-2830       | 10.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-2830    |
| CVE-2019-3689       | 10.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3689    |
| CVE-2020-13753      | 10.0 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13753   |
| CVE-2016-10243      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-10243   |
| CVE-2016-1585       |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-1585    |
| CVE-2016-9085       |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9085    |
| CVE-2017-17479      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-17479   |
| CVE-2017-9117       |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9117    |
| CVE-2018-7648       |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-7648    |
| CVE-2019-15232      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15232   |
| CVE-2019-17041      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17041   |
| CVE-2019-17042      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17042   |
| CVE-2019-17113      |  9.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17113   |
| CVE-2019-17455      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17455   |
| CVE-2019-18604      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18604   |
| CVE-2019-18814      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18814   |
| CVE-2019-20079      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20079   |
| CVE-2019-8341       |  9.8 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-8341    |
| CVE-2019-9893       |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9893    |
| CVE-2020-11656      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11656   |
| CVE-2020-12268      |  9.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12268   |
| CVE-2020-9850       |  9.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9850    |
| CVE-2019-14889      |  9.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14889   |
| CVE-2019-19814      |  9.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19814   |
| CVE-2019-19816      |  9.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19816   |
| CVE-2019-2201       |  9.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-2201    |
| CVE-2017-6519       |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-6519    |
| CVE-2019-17544      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17544   |
| CVE-2019-19391      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19391   |
| CVE-2019-20367      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20367   |
| CVE-2019-20433      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20433   |
| CVE-2019-20838      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20838   |
| CVE-2020-13112      |  9.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13112   |
| CVE-2016-9580       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9580    |
| CVE-2016-9581       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9581    |
| CVE-2017-17513      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-17513   |
| CVE-2017-17522      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-17522   |
| CVE-2017-17973      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-17973   |
| CVE-2017-2814       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-2814    |
| CVE-2017-2818       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-2818    |
| CVE-2017-2820       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-2820    |
| CVE-2017-5563       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-5563    |
| CVE-2017-9111       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9111    |
| CVE-2017-9113       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9113    |
| CVE-2017-9115       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9115    |
| CVE-2018-1000021    |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1000021 |
| CVE-2018-11489      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11489   |
| CVE-2018-11490      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11490   |
| CVE-2018-14550      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14550   |
| CVE-2018-16375      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-16375   |
| CVE-2018-16376      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-16376   |
| CVE-2018-18444      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18444   |
| CVE-2019-13616      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13616   |
| CVE-2019-5059       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5059    |
| CVE-2019-5060       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5060    |
| CVE-2019-9543       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9543    |
| CVE-2019-9545       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9545    |
| CVE-2020-13249      |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13249   |
| CVE-2020-6860       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-6860    |
| CVE-2020-8112       |  8.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8112    |
| CVE-2020-9802       |  8.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9802    |
| CVE-2020-9803       |  8.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9803    |
| CVE-2020-9806       |  8.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9806    |
| CVE-2020-9807       |  8.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9807    |
| CVE-2020-10878      |  8.6 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10878   |
| CVE-2019-19770      |  8.2 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19770   |
| CVE-2020-10543      |  8.2 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10543   |
| CVE-2020-13113      |  8.2 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13113   |
| CVE-2017-6363       |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-6363    |
| CVE-2018-1000500    |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1000500 |
| CVE-2018-12886      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-12886   |
| CVE-2019-13115      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13115   |
| CVE-2019-13351      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13351   |
| CVE-2019-17498      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17498   |
| CVE-2019-17543      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17543   |
| CVE-2020-11538      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11538   |
| CVE-2020-13790      |  8.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13790   |
| CVE-2013-7445       |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2013-7445    |
| CVE-2016-2568       |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-2568    |
| CVE-2016-9318       |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9318    |
| CVE-2017-11164      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-11164   |
| CVE-2017-11695      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-11695   |
| CVE-2017-11696      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-11696   |
| CVE-2017-11697      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-11697   |
| CVE-2017-11698      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-11698   |
| CVE-2017-15131      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-15131   |
| CVE-2017-7245       |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-7245    |
| CVE-2017-7246       |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-7246    |
| CVE-2018-20196      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20196   |
| CVE-2018-20669      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20669   |
| CVE-2018-7738       |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-7738    |
| CVE-2019-12456      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12456   |
| CVE-2019-12615      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12615   |
| CVE-2019-16905      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16905   |
| CVE-2019-18276      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18276   |
| CVE-2019-18862      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18862   |
| CVE-2019-19061      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19061   |
| CVE-2019-19064      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19064   |
| CVE-2019-19070      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19070   |
| CVE-2019-19074      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19074   |
| CVE-2019-19377      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19377   |
| CVE-2019-19378      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19378   |
| CVE-2019-19448      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19448   |
| CVE-2019-19449      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19449   |
| CVE-2019-19601      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19601   |
| CVE-2019-19882      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19882   |
| CVE-2019-6956       |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6956    |
| CVE-2020-11725      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11725   |
| CVE-2020-12695      |  7.8 |  AV:N  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12695   |
| CVE-2020-12762      |  7.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12762   |
| CVE-2020-13428      |  7.8 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13428   |
| CVE-2020-13974      |  7.8 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13974   |
| CVE-2011-4116       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2011-4116    |
| CVE-2012-2663       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2012-2663    |
| CVE-2014-8166       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-8166    |
| CVE-2014-8501       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-8501    |
| CVE-2016-9113       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9113    |
| CVE-2016-9114       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9114    |
| CVE-2017-16232      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-16232   |
| CVE-2017-16932      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-16932   |
| CVE-2018-11813      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-11813   |
| CVE-2018-14404      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14404   |
| CVE-2018-14553      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14553   |
| CVE-2018-5709       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-5709    |
| CVE-2018-6829       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-6829    |
| CVE-2018-6951       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-6951    |
| CVE-2018-6952       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-6952    |
| CVE-2019-11324      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11324   |
| CVE-2019-12290      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12290   |
| CVE-2019-12760      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12760   |
| CVE-2019-12761      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12761   |
| CVE-2019-14494      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14494   |
| CVE-2019-15847      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15847   |
| CVE-2019-18804      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18804   |
| CVE-2019-18874      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18874   |
| CVE-2019-19232      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19232   |
| CVE-2019-19234      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19234   |
| CVE-2019-19244      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19244   |
| CVE-2019-19274      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19274   |
| CVE-2019-19275      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19275   |
| CVE-2019-19603      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19603   |
| CVE-2019-19923      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19923   |
| CVE-2019-19925      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19925   |
| CVE-2019-19956      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19956   |
| CVE-2019-19959      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19959   |
| CVE-2019-20218      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20218   |
| CVE-2019-20388      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20388   |
| CVE-2019-20454      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20454   |
| CVE-2019-20907      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20907   |
| CVE-2019-7732       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-7732    |
| CVE-2019-7733       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-7733    |
| CVE-2019-9674       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9674    |
| CVE-2019-9923       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9923    |
| CVE-2020-0198       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-0198    |
| CVE-2020-11655      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11655   |
| CVE-2020-12062      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12062   |
| CVE-2020-12723      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12723   |
| CVE-2020-13114      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13114   |
| CVE-2020-13848      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13848   |
| CVE-2020-13871      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13871   |
| CVE-2020-15890      |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15890   |
| CVE-2020-6851       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-6851    |
| CVE-2020-7595       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-7595    |
| CVE-2020-9327       |  7.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9327    |
| CVE-2019-14866      |  7.3 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14866   |
| CVE-2019-18934      |  7.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18934   |
| CVE-2008-4108       |  7.2 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-4108    |
| CVE-2019-15794      |  7.2 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15794   |
| CVE-2020-15780      |  7.2 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15780   |
| CVE-2008-4609       |  7.1 |  AV:N  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-4609    |
| CVE-2017-0641       |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-0641    |
| CVE-2017-8871       |  7.1 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-8871    |
| CVE-2018-1000654    |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1000654 |
| CVE-2019-19813      |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19813   |
| CVE-2019-19815      |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19815   |
| CVE-2020-12825      |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12825   |
| CVE-2020-8492       |  7.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8492    |
| CVE-2020-13630      |  7.0 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13630   |
| CVE-2008-4996       |  6.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-4996    |
| CVE-2013-0340       |  6.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2013-0340    |
| CVE-2017-13084      |  6.8 |  AV:A  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-13084   |
| CVE-2019-6110       |  6.8 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6110    |
| CVE-2019-20795      |  6.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20795   |
| CVE-2008-3234       |  6.5 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-3234    |
| CVE-2014-8130       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-8130    |
| CVE-2016-10505      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-10505   |
| CVE-2016-10506      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-10506   |
| CVE-2016-2781       |  6.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-2781    |
| CVE-2016-9115       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9115    |
| CVE-2016-9116       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9116    |
| CVE-2016-9117       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-9117    |
| CVE-2017-15232      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-15232   |
| CVE-2017-18258      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-18258   |
| CVE-2017-8834       |  6.5 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-8834    |
| CVE-2017-9083       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9083    |
| CVE-2017-9114       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9114    |
| CVE-2017-9937       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9937    |
| CVE-2018-10126      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-10126   |
| CVE-2018-1152       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1152    |
| CVE-2018-14048      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14048   |
| CVE-2018-14498      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14498   |
| CVE-2018-14567      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-14567   |
| CVE-2018-18897      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18897   |
| CVE-2018-19058      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-19058   |
| CVE-2018-19059      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-19059   |
| CVE-2018-19060      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-19060   |
| CVE-2018-19149      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-19149   |
| CVE-2018-20650      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20650   |
| CVE-2018-20845      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20845   |
| CVE-2018-20846      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20846   |
| CVE-2018-5727       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-5727    |
| CVE-2019-10871      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-10871   |
| CVE-2019-11026      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11026   |
| CVE-2019-14380      |  6.5 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-14380   |
| CVE-2019-15133      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15133   |
| CVE-2019-15142      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15142   |
| CVE-2019-15143      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15143   |
| CVE-2019-15144      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15144   |
| CVE-2019-15145      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15145   |
| CVE-2019-16168      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16168   |
| CVE-2019-16707      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16707   |
| CVE-2019-17023      |  6.5 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17023   |
| CVE-2019-20016      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20016   |
| CVE-2019-3874       |  6.5 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-3874    |
| CVE-2019-5061       |  6.5 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5061    |
| CVE-2019-5062       |  6.5 |  AV:A  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-5062    |
| CVE-2019-6129       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6129    |
| CVE-2019-6988       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6988    |
| CVE-2019-9903       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9903    |
| CVE-2019-9959       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-9959    |
| CVE-2020-0182       |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-0182    |
| CVE-2020-10730      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10730   |
| CVE-2020-12402      |  6.5 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12402   |
| CVE-2020-13645      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13645   |
| CVE-2020-15389      |  6.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15389   |
| CVE-2019-13627      |  6.3 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-13627   |
| CVE-2018-18405      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18405   |
| CVE-2019-11236      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11236   |
| CVE-2019-16935      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16935   |
| CVE-2019-18348      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18348   |
| CVE-2020-11022      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11022   |
| CVE-2020-11023      |  6.1 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11023   |
| CVE-2020-9805       |  6.1 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9805    |
| CVE-2020-9843       |  6.1 |  AV:N  |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2020-9843    |
| CVE-2018-1121       |  5.9 |  AV:N  | POC |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-1121    |
| CVE-2019-12904      |  5.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12904   |
| CVE-2019-19242      |  5.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19242   |
| CVE-2020-14145      |  5.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14145   |
| CVE-2020-14422      |  5.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14422   |
| CVE-2010-4651       |  5.8 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2010-4651    |
| CVE-2018-3693       |  5.6 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-3693    |
| CVE-2011-4915       |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2011-4915    |
| CVE-2014-9892       |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-9892    |
| CVE-2014-9900       |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2014-9900    |
| CVE-2015-3243       |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2015-3243    |
| CVE-2016-10723      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-10723   |
| CVE-2016-8660       |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2016-8660    |
| CVE-2017-1000382    |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-1000382 |
| CVE-2017-13693      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-13693   |
| CVE-2017-13694      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-13694   |
| CVE-2017-14988      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-14988   |
| CVE-2017-16231      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-16231   |
| CVE-2017-9778       |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-9778    |
| CVE-2018-12928      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-12928   |
| CVE-2018-20199      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20199   |
| CVE-2018-20360      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-20360   |
| CVE-2018-8043       |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-8043    |
| CVE-2019-1010317    |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1010317 |
| CVE-2019-1010319    |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-1010319 |
| CVE-2019-11360      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11360   |
| CVE-2019-12378      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12378   |
| CVE-2019-12379      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12379   |
| CVE-2019-12380      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12380   |
| CVE-2019-12381      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12381   |
| CVE-2019-12382      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12382   |
| CVE-2019-12455      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12455   |
| CVE-2019-12973      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-12973   |
| CVE-2019-18808      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18808   |
| CVE-2019-18885      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-18885   |
| CVE-2019-19036      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19036   |
| CVE-2019-19039      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19039   |
| CVE-2019-19221      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19221   |
| CVE-2019-19645      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19645   |
| CVE-2019-20794      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20794   |
| CVE-2019-20810      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20810   |
| CVE-2019-6293       |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-6293    |
| CVE-2020-10177      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10177   |
| CVE-2020-10378      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10378   |
| CVE-2020-10994      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10994   |
| CVE-2020-11758      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11758   |
| CVE-2020-11759      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11759   |
| CVE-2020-11760      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11760   |
| CVE-2020-11761      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11761   |
| CVE-2020-11762      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11762   |
| CVE-2020-11763      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11763   |
| CVE-2020-11764      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11764   |
| CVE-2020-11765      |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-11765   |
| CVE-2020-12049      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12049   |
| CVE-2020-12655      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12655   |
| CVE-2020-12656      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12656   |
| CVE-2020-12767      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12767   |
| CVE-2020-12771      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12771   |
| CVE-2020-13434      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13434   |
| CVE-2020-13435      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13435   |
| CVE-2020-13631      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13631   |
| CVE-2020-13632      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-13632   |
| CVE-2020-15304      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15304   |
| CVE-2020-15305      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15305   |
| CVE-2020-15306      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15306   |
| CVE-2020-15358      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15358   |
| CVE-2020-15393      |  5.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15393   |
| CVE-2020-2760       |  5.5 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-2760    |
| CVE-2015-9019       |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2015-9019    |
| CVE-2018-15919      |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-15919   |
| CVE-2018-7169       |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-7169    |
| CVE-2019-19924      |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19924   |
| CVE-2019-20807      |  5.3 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20807   |
| CVE-2020-12888      |  5.3 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-12888   |
| CVE-2020-14155      |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14155   |
| CVE-2020-2752       |  5.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-2752    |
| CVE-2004-0230       |  5.0 |  AV:N  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2004-0230    |
| CVE-2007-2243       |  5.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2007-2243    |
| CVE-2007-2379       |  5.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2007-2379    |
| CVE-2010-4563       |  5.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2010-4563    |
| CVE-2012-0039       |  5.0 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2012-0039    |
| CVE-2020-0093       |  5.0 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-0093    |
| CVE-2005-3660       |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2005-3660    |
| CVE-2007-5686       |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2007-5686    |
| CVE-2010-5321       |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2010-5321    |
| CVE-2018-17977      |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-17977   |
| CVE-2019-15213      |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-15213   |
| CVE-2019-19067      |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19067   |
| CVE-2019-19072      |  4.9 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19072   |
| CVE-2020-2812       |  4.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-2812    |
| CVE-2020-2814       |  4.9 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-2814    |
| CVE-2013-4235       |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2013-4235    |
| CVE-2017-0630       |  4.7 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-0630    |
| CVE-2017-18018      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2017-18018   |
| CVE-2019-16089      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16089   |
| CVE-2019-16229      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16229   |
| CVE-2019-16230      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16230   |
| CVE-2019-16231      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16231   |
| CVE-2019-16232      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16232   |
| CVE-2019-16233      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16233   |
| CVE-2019-16234      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-16234   |
| CVE-2019-19054      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19054   |
| CVE-2019-19082      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19082   |
| CVE-2019-19083      |  4.7 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19083   |
| CVE-2012-4542       |  4.6 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2012-4542    |
| CVE-2019-19318      |  4.4 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19318   |
| CVE-2007-2768       |  4.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2007-2768    |
| CVE-2008-4677       |  4.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-4677    |
| CVE-2011-3374       |  4.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2011-3374    |
| CVE-2011-3389       |  4.3 |  AV:N  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2011-3389    |
| CVE-2013-7040       |  4.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2013-7040    |
| CVE-2018-18443      |  4.3 |  AV:N  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2018-18443   |
| CVE-2019-19073      |  4.0 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-19073   |
| CVE-2013-4472       |  3.3 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2013-4472    |
| CVE-2015-2877       |  3.3 |  AV:L  |     | USCERT | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2015-2877    |
| CVE-2019-11191      |  2.5 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-11191   |
| CVE-2002-1976       |  2.1 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2002-1976    |
| CVE-2004-0971       |  2.1 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2004-0971    |
| CVE-2005-1119       |  2.1 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2005-1119    |
| CVE-2007-3719       |  2.1 |  AV:L  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2007-3719    |
| CVE-2008-2544       |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2008-2544    |
| CVE-2011-4917       |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2011-4917    |
| CVE-2019-17006      |  0.0 |        |     |        |   fixed | https://nvd.nist.gov/vuln/detail/CVE-2019-17006   |
| CVE-2019-20908      |  0.0 | local  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2019-20908   |
| CVE-2020-10766      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10766   |
| CVE-2020-10767      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10767   |
| CVE-2020-10768      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10768   |
| CVE-2020-10781      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-10781   |
| CVE-2020-14304      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14304   |
| CVE-2020-14314      |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-14314   |
| CVE-2020-15778      |  0.0 | local  |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-15778   |
| CVE-2020-8169       |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8169    |
| CVE-2020-8177       |  0.0 |        |     |        | unfixed | https://nvd.nist.gov/vuln/detail/CVE-2020-8177    |
| TEMP-0000000-A4EF31 |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0000000-F7A20F |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0290435-0B57B5 |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0517018-A83CE6 |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0560108-565B70 |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0628843-DBAD28 |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0772585-D41D8C |  0.0 |        |     |        | unfixed |                                                   |
| TEMP-0841856-B18BAF |  0.0 |        |     |        | unfixed |                                                   |
+---------------------+------+--------+-----+--------+---------+---------------------------------------------------+

OVAL DB

image

Debian Security Tracker

image

Changelog

image

example detect CVEs

Scan Mode fast fast-root deep
v0.11.0 (deep scan) (deep scan) 0(bug)
v0.12.0 377 386 387

Scan Time

fast scan

  • first time: 2.15 secs

fast-root scan

  • first time: 211.37 secs
  • second time: 61.03 secs (x3.46 faster)

deep scan

  • first time: 252.80 secs
  • second time: 76.95 secs (x3.28 faster)

Checklist:

You don't have to satisfy all of the following.

  • Write tests
  • Write documentation
  • Check that there aren't other open pull requests for the same issue/feature
  • Format your source code by make fmt
  • Pass the test by make test
  • Provide verification config / commands
  • Enable "Allow edits from maintainers" for this PR
  • Update the messages below

Is this ready for review?: YES

Reference

@MaineK00n MaineK00n self-assigned this Jul 14, 2020
@MaineK00n MaineK00n changed the title [WIP] Raspberry Pi OS(Raspbian) scanning using OVAL DB Raspberry Pi OS(Raspbian) scanning using OVAL DB Aug 18, 2020
@MaineK00n MaineK00n changed the title Raspberry Pi OS(Raspbian) scanning using OVAL DB [WIP] Raspberry Pi OS(Raspbian) scanning using OVAL DB Aug 18, 2020
@MaineK00n
Copy link
Collaborator Author

@kotakanbe
To complete this PR, you need to merge the goval-dictionary PR.
vulsio/goval-dictionary#101

@MaineK00n MaineK00n requested a review from kotakanbe August 20, 2020 04:45
@MaineK00n MaineK00n changed the title [WIP] Raspberry Pi OS(Raspbian) scanning using OVAL DB Raspberry Pi OS(Raspbian) scanning using OVAL DB Aug 20, 2020
@MaineK00n MaineK00n requested a review from kotakanbe August 20, 2020 12:48
@kotakanbe kotakanbe merged commit 7969b34 into future-architect:master Aug 25, 2020
@MaineK00n MaineK00n deleted the raspberrypi-oval branch August 25, 2020 05:12
kotakanbe pushed a commit that referenced this pull request Jun 21, 2021
* fix (bug) : using ScanResults refs #1019

* feat(gost): WIP change priority of CVE Info in Debian

* feat(report): change priority of CVE Info in Debian

* refactor: move RemoveRaspbianPackFromResult

* style: remove comment

* fix: lint error

* style: change coding style

* feat(report): support reporting with gost alone

* fix: merge error

* refactor(debian): change code to be simple
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Raspbian Pi OS scanning using OVAL DB
2 participants