github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-01-17 09:06:55 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
e9e7f095be2f3be6fc0d94d3b28b9799255f6d28
DependencyCheck/dependency-check-core/src/main/resources/dependencycheck-base-suppression.xml
Jeremy Long e8088c2bda resolve merge conflict
2017-12-29 05:46:48 -05:00

2056 lines
71 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
<suppress base="true">
<notes><![CDATA[
This suppresses false positives for Microsoft.VisualStudio.QualityTools.UnitTestFramework.dll.
]]></notes>
<filePath regex="true">.*Microsoft\.VisualStudio\.QualityTools\.UnitTestFramework*\.dll</filePath>
<cve>CVE-2014-3802</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives for EntityFramework.SqlServer.dll.
]]></notes>
<filePath regex="true">.*EntityFramework\.SqlServer*\.dll</filePath>
<cpe>cpe:/a:microsoft:server:6.0.0.0</cpe>
<cpe>cpe:/a:microsoft:sql_server:6.0</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on spring security.
]]></notes>
<gav regex="true">org\.springframework\.security:spring.*</gav>
<cpe>cpe:/a:mod_security:mod_security</cpe>
<cpe>cpe:/a:springsource:spring_framework</cpe>
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on spring security.
]]></notes>
<filePath regex="true">.*spring-security-[^\\/]*\.jar$</filePath>
<cpe>cpe:/a:mod_security:mod_security</cpe>
<cpe>cpe:/a:springsource:spring_framework</cpe>
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppreses additional false positives for the xstream library that occur because spring has a copy of this library.
com.springsource.com.thoughtworks.xstream-1.3.1.jar
]]></notes>
<gav regex="true">com\.thoughtworks\.xstream:xstream:.*</gav>
<cpe>cpe:/a:springsource:spring_framework</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on velocity tools.
]]></notes>
<gav regex="true">org\.apache\.velocity:velocity-tools:.*</gav>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
1. Sandbox is a php blog platform and should not be flagged as a CPE for java or .net dependencies.
2. Open media is php and won't be in a jar, dll, etc. See issue #814.
3. file and file_project are not assembiles or java libraries
4. Shim is *nix and is not an assembly or java lib.
5. date_project is a drupal library
6. net dns is a php module
7. Even if a node.js package exists - we aren't flagging the entire node.js
8. Context project is drupal plugin
9. mail_project is ruby library
10. ldap_project is part of type3 written in php
11. user import project is used in drupal (i.e. php)
12. root is a c++ project https://github.com/root-project/root/
13. xml_sec is a C library for XML security
]]></notes>
<filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec)|pom\.xml|package.json)$</filePath>
<cpe>cpe:/a:sandbox:sandbox</cpe>
<cpe>cpe:/a:openmedia:openmedia</cpe>
<cpe>cpe:/a:file_project:file</cpe>
<cpe>cpe:/a:file:file</cpe>
<cpe>cpe:/a:shim:shim</cpe>
<cpe>cpe:/a:shim_project:shim</cpe>
<cpe>cpe:/a:date_project:date</cpe>
<cpe>cpe:/a:net_dns:net_dns</cpe>
<cpe>cpe:/a:nodejs:node.js</cpe>
<cpe>cpe:/a:nodejs:nodejs</cpe>
<cpe>cpe:/a:context_project:context</cpe>
<cpe>cpe:/a:mail_project:mail</cpe>
<cpe>cpe:/a:ldap_project:ldap</cpe>
<cpe>cpe:/a:user_import_project:user_import</cpe>
<cpe>cpe:/a:root:root</cpe>
<cpe>cpe:/a:xmlsec_project:xmlsec</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppress false positives around dash.
]]></notes>
<filePath regex="true">.*(\.(jar|ear|war|pom)|pom\.xml)$</filePath>
<cpe>cpe:/a:dash:dash</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on Jersey core client.
]]></notes>
<gav regex="true">(com\.sun\.jersey|org\.glassfish\.jersey\.core):jersey-(client|common):.*</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
<cpe>cpe:/a:oracle:oracle_client</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Supresses false positives on jersey-apache-client4
]]></notes>
<gav regex="true">com\.sun\.jersey\.contribs:jersey-apache-client.*</gav>
<cpe>cpe:/a:apache:httpclient</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on glassfish and grizzly. Updated per issue #672.
]]></notes>
<gav regex="true">org\.glassfish(\.(web|grizzly)):.*(json|faces|jstl|grizzly).*</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
<cpe>cpe:/a:oracle:glassfish_server</cpe>
</suppress>
<!--suppress base="true">
<notes><![CDATA[
This was added to a broader suppression ruleg
Suppresses false positives on ldap_project (issue #165).
]]></notes>
<gav regex="true">org\.forgerock\.opendj:opendj-ldap-sdk:.*</gav>
<cpe>cpe:/a:ldap_project:ldap</cpe>
</suppress-->
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on the org.opensaml:xmltooling
FP per issue #945
]]></notes>
<gav regex="true">org\.opensaml:xmltooling:.*</gav>
<cpe>cpe:/a:shibboleth:opensaml</cpe>
<cpe>cpe:/a:internet2:opensaml</cpe>
<cve>CVE-2015-0851</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives on the org.opensaml:openws
]]></notes>
<gav regex="true">org\.opensaml:openws:.*</gav>
<cpe>cpe:/a:internet2:opensaml</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives for python:python.
]]></notes>
<filePath regex="true">.*(\.(whl|egg)|\b(site|dist)-packages\b.*)</filePath>
<cpe>cpe:/a:python:python</cpe>
<cpe>cpe:/a:python_software_foundation:python</cpe>
<cpe>cpe:/a:class:class</cpe>
<cpe>cpe:/a:file:file</cpe>
<cpe>cpe:/a:gnupg:gnupg</cpe>
<cpe>cpe:/a:mongodb:mongodb</cpe>
<cpe>cpe:/a:mozilla:mozilla</cpe>
<cpe>cpe:/a:openssl:openssl</cpe>
<cpe>cpe:/a:sendfile:sendfile</cpe>
<cpe>cpe:/a:sendmail:sendmail</cpe>
<cpe>cpe:/a:yacc:yacc</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives for com.google:.*
]]></notes>
<gav regex="true">com\.google(\.[a-zA-Z0-9_-]+)?:.*:.*</gav>
<cpe>cpe:/a:google:desktop</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives for non-android JARs from google.
]]></notes>
<gav regex="true">com\.google\.((?!android).)*:.*</gav>
<cpe>cpe:/a:google:android</cpe>
<cpe>cpe:/a:google:android_api</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses false positives for android JARs in g:com.google.android
]]></notes>
<gav regex="true">com\.google\.android\..*:.*</gav>
<cpe>cpe:/a:google:android</cpe>
<cpe>cpe:/a:google:android_api</cpe>
<cpe>cpe:/a:google:google</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Suppresses incorrect identification for bing ads.
]]></notes>
<gav regex="true">com.microsoft.bingads:microsoft.bingads:.*</gav>
<cpe>cpe:/a:microsoft:bing</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Oracle Jersey is flagged as glassfish.
]]></notes>
<gav regex="true">.*jersey.*</gav>
<cpe>cpe:/a:oracle:glassfish_server</cpe>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Oracle HK2 is flagged as glassfish.
]]></notes>
<gav regex="true">.*\bhk2\b.*</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
HK2-utils is flagged as glassfish.
]]></notes>
<filePath regex="true">.*\bhk2-utils.*\.jar</filePath>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: petals-se-camel-1.0.0.jar - false positive for apache camel.
]]></notes>
<gav regex="true">org.ow2.petals:petals-se-camel:.*</gav>
<cpe>cpe:/a:apache:camel</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Mina gets flagged as apache-ssl
]]></notes>
<gav regex="true">org.apache.mina:mina.*</gav>
<cpe>cpe:/a:apache-ssl:apache-ssl</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Woden gets flagged as apache-ssl
]]></notes>
<gav regex="true">org.apache.woden:woden.*</gav>
<cpe>cpe:/a:apache-ssl:apache-ssl</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
spec gets flagged as the implementation.
]]></notes>
<gav regex="true">org.apache.geronimo.specs:.*</gav>
<cpe>cpe:/a:apache:geronimo</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on tomcat-embed-el.
]]></notes>
<gav regex="true">org\.apache\.tomcat\.embed:tomcat-embed-el:.*</gav>
<cpe>cpe:/a:apache:tomcat</cpe>
<cpe>cpe:/a:apache_tomcat:apache_tomcat</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on tomcat-jdbc.
]]></notes>
<gav regex="true">org\.apache\.tomcat:tomcat-jdbc:.*</gav>
<cpe>cpe:/a:apache:tomcat</cpe>
<cpe>cpe:/a:apache_tomcat:apache_tomcat</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This suppresses false positives identified on tomcat-juli.
]]></notes>
<gav regex="true">org\.apache\.tomcat:tomcat-juli:.*</gav>
<cpe>cpe:/a:apache:tomcat</cpe>
<cpe>cpe:/a:apache_tomcat:apache_tomcat</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
suppress false positive per issue #433
]]></notes>
<gav regex="true">com\.google\.javascript:closure-compiler:.*</gav>
<cpe>cpe:/a:google:google_apps:-</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
suppress false positives per issue #437
]]></notes>
<gav regex="true">.*mongodb.*:.*:.*</gav>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
suppress false positives per issue #438
Note, there will be more false positives for Netty. Trying to figure out a better suppression.
]]></notes>
<gav regex="true">com.typesafe.netty:netty-http-pipelining:.*</gav>
<cpe>cpe:/a:netty_project:netty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
JVM instrumentation to Ganglia
]]></notes>
<gav regex="true">info\.ganglia\.gmetric4j:gmetric4j:.*</gav>
<cpe>cpe:/a:ganglia:ganglia</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
A reporter for Metrics which announces measurements to a Ganglia cluster
]]></notes>
<gav regex="true">io\.dropwizard\.metrics:metrics-ganglia:.*</gav>
<cpe>cpe:/a:ganglia:ganglia</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives
]]></notes>
<gav regex="true">io\.dropwizard:dropwizard-jetty:.*</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives
]]></notes>
<gav regex="true">io\.dropwizard\.metrics:metrics-jetty:.*</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives. Updated per issue #796.
]]></notes>
<gav regex="true">org\.eclipse\.jetty\.toolchain\.setuid:jetty-setuid-java:.*</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
<cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #796
]]></notes>
<gav regex="true">^org\.eclipse\.jetty:jetty-io:.*$</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
<cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives
]]></notes>
<gav regex="true">org\.eclipse\.jetty:jetty-io:.*</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives
]]></notes>
<gav regex="true">org\.eclipse\.jetty\.http2:http2-hpack:.*</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
drop wizard false positives
]]></notes>
<gav regex="true">io\.dropwizard\.metrics:metrics-httpclient:.*</gav>
<cpe>cpe:/a:apache:httpclient</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
javax.transaction false positives
]]></notes>
<gav regex="true">javax\.transaction:javax\.transaction-api:.*</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive in drop wizard
]]></notes>
<filePath regex="true">.*(\.(jar|ear|war|pom)|pom\.xml)</filePath>
<cpe>cpe:/a:tiger:tiger</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
php cpe
]]></notes>
<filePath regex="true">.*(\.(dll|jar|ear|war|pom)|pom\.xml)</filePath>
<cpe>cpe:/a:class:class</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Linux ssh False Positives
]]></notes>
<filePath regex="true">.*(\.(jar|ear|war|pom)|pom\.xml)</filePath>
<cpe>cpe:/a:pam:pam</cpe>
<cpe>cpe:/a:pam_ssh:pam_ssh</cpe>
<cpe>cpe:/a:sun:linux</cpe>
<cpe>cpe:/a:sun:sunos</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
elastic search false postivies
]]></notes>
<gav regex="true">org\.elasticsearch:securesm:.*</gav>
<cpe>cpe:/a:elasticsearch:elasticsearch</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Glassfish false positives.
]]></notes>
<gav regex="true">^javax\.servlet:javax\.servlet-api:.*$</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Glassfish false positives.
]]></notes>
<gav regex="true">org\.glassfish:javax.el:.*</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Struts false positives.
]]></notes>
<gav regex="true">sslext:sslext:.*</gav>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
ACtiveMQ false positives.
]]></notes>
<gav regex="true">org\.apache\.activemq:activemq-pool.*</gav>
<cpe>cpe:/a:apache:activemq</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
ACtiveMQ false positives.
]]></notes>
<gav regex="true">org\.apache\.activemq:artemis.*</gav>
<cpe>cpe:/a:apache:activemq</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Spring data mongodb false positives.
]]></notes>
<gav regex="true">org\.springframework\.data:spring-data-mongodb.*</gav>
<cpe>cpe:/a:mongodb:mongodb</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Spring data neo4j false positives.
]]></notes>
<gav regex="true">org\.springframework\.data:spring-data-neo4j:.*</gav>
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:neo4j:neo4j</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Spring data solr false positives.
]]></notes>
<gav regex="true">org\.springframework\.data:spring-data-solr:.*</gav>
<cpe>cpe:/a:apache:solr</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Spring social facebook false positive.
]]></notes>
<gav regex="true">org\.springframework\.social:spring-social-facebook:.*</gav>
<cpe>cpe:/a:facebook:facebook</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Spring Security JWT false positive.
]]></notes>
<gav regex="true">org\.springframework\.security:spring-security-jwt.*</gav>
<cpe>cpe:/a:vmware:springsource_spring_security</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Aether false positive.
]]></notes>
<gav regex="true">org\.eclipse\.aether:aether.*</gav>
<cpe>cpe:/a:eclipse:eclipse_ide</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Drupal services false positive.
]]></notes>
<filePath regex="true">.*(\.(jar|ear|war|pom)|pom\.xml)</filePath>
<cpe>cpe:/a:services_project:services</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
jenkins-client false positives
]]></notes>
<gav regex="true">com\.offbytwo\.jenkins:jenkins-client:.*</gav>
<cpe>cpe:/a:jenkins:jenkins</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
xstream false positives
]]></notes>
<gav regex="true">^(?!com.thoughtworks).*xstream.*$</gav>
<cpe>cpe:/a:x-stream:xstream</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #582
]]></notes>
<gav regex="true">^org\.glassfish\.jersey\.ext:jersey-proxy-client:.*$</gav>
<cpe>cpe:/a:oracle:oracle_client</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #777
]]></notes>
<gav regex="true">^org\.glassfish\.jersey\.ext:jersey-metainf-services:.*$</gav>
<cpe>cpe:/a:services_project:services:</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: smiley-http-proxy-servlet-1.7.jar
]]></notes>
<gav regex="true">^org\.mitre\.dsmiley\.httpproxy:smiley-http-proxy-servlet:.*$</gav>
<cpe>cpe:/a:shttp:shttp</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
This CVE is disputed by the vendor and is not considered an issue.
]]></notes>
<filePath regex="true">.*</filePath>
<cve>CVE-2007-6059</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
These CVEs only affect jackson-dataformat-xml. See issue #517, #751, and #792.
]]></notes>
<gav regex="true">(org\.codehaus\.jackson|com\.fasterxml\.jackson\.(core|module|datatype|jaxrs)):jackson.*</gav>
<cve>CVE-2016-3720</cve>
<cve>CVE-2016-7051</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
These CVE only affects jackson-dataformat-xml. See issue #517.
]]></notes>
<gav regex="true">com\.fasterxml\.jackson\.dataformat:jackson(?!\-dataformat\-xml).*</gav>
<cve>CVE-2016-3720</cve>
<cve>CVE-2016-7051</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positives per issue #642
]]></notes>
<gav regex="true">^org\.springframework\.boot:spring-boot.*$</gav>
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:vmware:springsource_spring_framework</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positives per issue #642
]]></notes>
<gav regex="true">^org\.springframework:spring-context:.*$</gav>
<cpe>cpe:/a:context_project:context</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Node.js false positives per issues #512 and #510
]]></notes>
<filePath regex="true">.*package\.json$</filePath>
<cpe>cpe:/a:file_project:file</cpe>
<cpe>cpe:/a:file:file</cpe>
<cpe>cpe:/a:shim:shim</cpe>
<cpe>cpe:/a:shim_project:shim</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positives on python.
]]></notes>
<filePath regex="true">.*__init__\.py$</filePath>
<cpe>cpe:/a:shim:shim</cpe>
<cpe>cpe:/a:python:python</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
checkpoint firewall is not at the application layer.
]]></notes>
<filePath regex="true">.*</filePath>
<cpe>cpe:/a:checkpoint:check_point</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Bouncy Castle Time Stamp Protocol is not related to openpgp.
]]></notes>
<gav regex="true">^org\.bouncycastle:bctsp.*$</gav>
<cpe>cpe:/a:openpgp:openpgp</cpe>
<cpe>cpe:/a:pgp:openpgp</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
Apache XML Graphics is used by Batik - but should not be identified as batik.
]]></notes>
<gav regex="true">^org\.apache\.xmlgraphics:xmlgraphics-commons:.*$</gav>
<cpe>cpe:/a:apache:batik</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive suppression per issue #664 for JJWT - A Java and Android JSON Web Token library
]]></notes>
<gav regex="true">^io\.jsonwebtoken:jjwt:.*$</gav>
<cpe>cpe:/a:sonatype:nexus</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive suppresion per issue #679 - jcore is a php wbe cms.
]]></notes>
<gav regex="true">^org\.apache\.james:apache-mime4j-core:.*$</gav>
<cpe>cpe:/a:jcore:jcore</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive
]]></notes>
<gav regex="true">^javax\.servlet:servlet-api:.*$</gav>
<cpe>cpe:/a:sun:one_application_server</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positives per issue #684.
]]></notes>
<gav regex="true">^org\.apache\.tomcat\.embed:tomcat-embed.*$</gav>
<cve>CVE-2017-6056</cve>
<cve>CVE-2016-6325</cve>
<cve>CVE-2016-5425</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #691
]]></notes>
<gav regex="true">^org\.springframework\.boot:spring-boot-starter-data-jpa:.*$</gav>
<cve>CVE-2016-6652</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #699
]]></notes>
<gav regex="true">^com\.splunk:splunk:.*$</gav>
<cpe>cpe:/a:splunk:splunk</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #713
]]></notes>
<gav regex="true">^org\.openid4java:openid4java:.*$</gav>
<cpe>cpe:/a:openid:openid</cpe>
<cpe>cpe:/a:openid:openid4java</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #700
]]></notes>
<gav regex="true">^org\.springframework\.cloud:spring-cloud-netflix-core:.*$</gav>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #700
]]></notes>
<gav regex="true">^org\.springframework\.cloud:spring-cloud-.*$</gav>
<cpe>cpe:/a:pivotal:spring_framework</cpe>
<cpe>cpe:/a:pivotal_software:spring_framework</cpe>
<cpe>cpe:/a:context_project:context</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False Positive per issue #746
]]></notes>
<gav regex="true">^com\.artofsolving:jodconverter:.*$</gav>
<cpe>cpe:/a:openoffice:openoffice.org</cpe>
<cpe>cpe:/a:openoffice:openoffice</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False Positive per issue #743
]]></notes>
<gav regex="true">^org\.xerial:sqlite-jdbc:.*$</gav>
<cve>CVE-2015-3717</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
newrelic-agent false positives due to the instrumentation package (see issue #781)
]]></notes>
<filePath regex="true">.*newrelic-?agent.*\.jar[\\\/]instrumentation.*\.jar</filePath>
<cpe regex="true">.*</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False Positices per issue #823
]]></notes>
<gav regex="true">^io\.swagger:.*$</gav>
<cpe>cpe:/a:sonatype:nexus</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #838
]]></notes>
<gav regex="true">^org\.springframework\.boot:.*$</gav>
<cpe>cpe:/a:pivotal_software:spring_data_jpa</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #851
]]></notes>
<gav regex="true">^com\.ibm\.icu:icu4j:.*$</gav>
<cpe>cpe:/a:icu_project:international_components_for_unicode</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #854
]]></notes>
<gav regex="true">^com\.vaadin\.external\.google:android-json:.*$</gav>
<cpe>cpe:/a:google:android</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
json library is not glassfish server.
]]></notes>
<gav regex="true">^org\.glassfish:javax\.json:.*$</gav>
<cpe>cpe:/a:oracle:glassfish</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: activerecord-oracle_enhanced-adapter-1.1.7.gemspec
]]></notes>
<filePath regex="true">.*activerecord.*oracle.*\.gemspec</filePath>
<cpe>cpe:/a:ruby-i18n:i18n</cpe>
<cpe>cpe:/a:mikel_lindsaar:mail</cpe>
<cpe>cpe:/a:rest-client_project:rest-client</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per issue #915
]]></notes>
<gav regex="true">^net\.thisptr:jackson-jq:.*$</gav>
<cpe>cpe:/a:jq_project:jq</cpe>
<cpe>cpe:/a:id:id-software</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per issue #915
]]></notes>
<gav regex="true">^org\.jruby\.jcodings:jcodings:.*$</gav>
<cpe>cpe:/a:jruby:jruby</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per issue #915
]]></notes>
<gav regex="true">^org\.jruby\.joni:joni:.*$</gav>
<cpe>cpe:/a:jruby:jruby</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per issue #915
]]></notes>
<gav regex="true">^org\.apache\.cxf\.xjc-utils:cxf-xjc-runtime:.*$</gav>
<cpe>cpe:/a:apache:cxf</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positives per issue #915
]]></notes>
<gav regex="true">^javax\.validation:validation-api:.*$</gav>
<cpe>cpe:/a:bean_project:bean</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #914
]]></notes>
<gav regex="true">^org\.apache\.struts\.xwork:xwork-core:.*$</gav>
<cpe>cpe:/a:apache:struts</cpe>
</suppress>
<!--suppress base="true">
<notes><![CDATA[
This was added to a broader suppression.
false positive per issue #908
]]></notes>
<gav regex="true">^com\.unboundid:unboundid-ldapsdk:.*$</gav>
<cpe>cpe:/a:ldap_project:ldap</cpe>
</suppress-->
<suppress base="true">
<notes><![CDATA[
false positive per issue #894
]]></notes>
<gav regex="true">^org\.apache\.pdfbox:fontbox:.*$</gav>
<cpe>cpe:/a:font_project:font</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #859
]]></notes>
<gav regex="true">^org\.kohsuke:github-api:.*$</gav>
<cpe>cpe:/a:git:git</cpe>
<cpe>cpe:/a:git_project:git</cpe>
<cpe>cpe:/a:hub_project:hub</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: hystrix-rx-netty-metrics-stream-1.5.12.jar
]]></notes>
<gav regex="true">^com\.netflix\.hystrix:hystrix-rx-netty-metrics-stream:.*$</gav>
<cpe>cpe:/a:netty_project:netty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: cassandra-thrift-1.2.11.jar
]]></notes>
<gav regex="true">^org\.apache\.cassandra:cassandra-thrift:.*$</gav>
<cpe>cpe:/a:apache:thrift</cpe>
<cpe>cpe:/a:apache:cassandra</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: xbean-bundleutils-3.11.1.jar
]]></notes>
<gav regex="true">^org\.apache\.xbean:xbean-bundleutils:.*$</gav>
<cpe>cpe:/a:apache:geronimo</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: xbean-finder-3.11.1.jar
]]></notes>
<gav regex="true">^org\.apache\.xbean:xbean-finder:.*$</gav>
<cpe>cpe:/a:finder_project:finder</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: annotation-indexer-1.4.jar
]]></notes>
<gav regex="true">^org\.jenkins-ci:annotation-indexer:.*$</gav>
<cpe>cpe:/a:jenkins:jenkins</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive per issue #871
]]></notes>
<gav regex="true">^org\.sonatype\..*$</gav>
<cpe>cpe:/a:spice_project:spice</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: avro-1.4.0-cassandra-1.jar
]]></notes>
<gav regex="true">^org\.apache\.cassandra\.deps:avro:.*$</gav>
<cpe>cpe:/a:apache:cassandra</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: hystrix-request-servlet-1.5.12.jar
]]></notes>
<gav regex="true">^com\.netflix\.hystrix:hystrix-request-servlet:.*$</gav>
<cpe>cpe:/a:request_it:request_it</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: jersey-core-1.11.jar
]]></notes>
<gav regex="true">^com\.sun\.jersey:jersey-core:.*$</gav>
<cpe>cpe:/a:restful_web_services_project:restful_web_services</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
file name: unboundid-ldapsdk-2.3.8.jar
]]></notes>
<gav regex="true">^com\.unboundid:unboundid-ldapsdk:.*$</gav>
<cpe>cpe:/a:id:id-software</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
jaxb-xerces and jaxb-xerces2 are completely different dependencies.
]]></notes>
<gav regex="true">^activesoap:jaxb-xercesImpl:[01].*$</gav>
<cpe>cpe:/a:apache:xerces2_java</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
jaxb-xerces and jaxb-xerces2 are completely different dependencies - the sha1
is primarily for testing.
]]></notes>
<sha1>73a51faadb407dccdbd77234e0d5a0a648665692</sha1>
<cpe>cpe:/a:apache:xerces2_java</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #965
]]></notes>
<gav regex="true">^com\.typesafe\.play:play-akka-http-server_2\.\d+:.*$</gav>
<cpe>cpe:/a:akka:akka</cpe>
<cpe>cpe:/a:akka:http_server</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
False positive per issue #964
]]></notes>
<gav regex="true">^org\.mongodb\.morphia:.*$</gav>
<cpe>cpe:/a:git:git</cpe>
<cpe>cpe:/a:git_project:git</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #942
]]></notes>
<gav regex="true">^org\.apache\.chemistry\.opencmis:chemistry-opencmis.*$</gav>
<cpe>cpe:/a:apache:apache_http_server</cpe>
<cpe>cpe:/a:apache:http_server</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #942
]]></notes>
<gav regex="true">^org\.alfresco\.cmis\.client:alfresco-opencmis-extension:.*$</gav>
<cpe>cpe:/a:alfresco:alfresco</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #949
]]></notes>
<gav regex="true">^com\.github\.waffle:waffle-jna:.*$</gav>
<cpe>cpe:/a:git_for_windows_project:git_for_windows</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #944 - just suppressing the single CVE instead of the entire match
as a future CVE could be meaningful to this library.
]]></notes>
<gav regex="true">^com\.evernote:evernote-api:.*$</gav>
<cve>CVE-2016-4900</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #951
]]></notes>
<gav regex="true">^org\.apache\.portals\.pluto:pluto-portal-driver:.*$</gav>
<cpe>cpe:/a:in-portal:in-portal</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP on ldap studio
]]></notes>
<gav regex="true">^org\.apache\.directory\.api:api-ldap.*$</gav>
<cpe>cpe:/a:apache:apache_ldap_studio</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #1003
]]></notes>
<gav regex="true">^org\.mapstruct:mapstruct:.*$</gav>
<cpe>cpe:/a:bean_project:bean</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #1004 - ldap.java is not in the JAR.
]]></notes>
<gav regex="true">^org\.codehaus\.groovy:groovy:.*$</gav>
<cve>CVE-2016-6497</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #1010 - ldap.java is not in the JAR.
]]></notes>
<gav regex="true">^org\.codehaus\.groovy:groovy-all:.*$</gav>
<cve>CVE-2016-6497</cve>
</suppress>
<!--suppress base="true">
<notes><![CDATA[
FP per issue #997 - actual fix was in DependencyVersionUtils
]]></notes>
<gav regex="true">^com\.typesafe\.play:play-netty-utils:.*$</gav>
<cpe>cpe:/a:playframework:play_framework</cpe>
</suppress-->
<suppress base="true">
<notes><![CDATA[
FP per issue #1022
]]></notes>
<gav regex="true">^org\.eclipse\.persistence:org\.eclipse\.persistence.*$</gav>
<cpe>cpe:/a:git:git</cpe>
<cpe>cpe:/a:git_project:git</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<filePath regex="true">.*winstone-?(\d*\.?){0,3}\.jar</filePath>
<cpe>cpe:/a:jetty:jetty</cpe>
<cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.apache\.maven\.wagon:wagon-webdav-jackrabbit:.*$</gav>
<cpe>cpe:/a:apache:jackrabbit</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.apache\.xbean:xbean-reflect:.*$</gav>
<cpe>cpe:/a:apache:geronimo</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.eclipse\.jetty\.orbit:javax\.annotation:.*$</gav>
<cpe>cpe:/a:eclipse:jetty</cpe>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.eclipse\.jetty\.websocket:websocket-api:.*$</gav>
<cpe>cpe:/a:eclipse:jetty</cpe>
<cpe>cpe:/a:jetty:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup: com.amazonaws is a drupal project
]]></notes>
<gav regex="true">^com\.amazonaws:jmespath-java:.*$</gav>
<cpe>cpe:/a:amazon_aws_project:amazon_aws</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup: apache_test CPE is referencing Perl code.
]]></notes>
<gav regex="true">^org\.apache\.ant:ant-testutil:.*$</gav>
<cpe>cpe:/a:apache:apache_test</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup: CPE is for git, not the git provider
]]></notes>
<gav regex="true">^org\.apache\.maven\.scm:maven-scm-provider-git-commons:.*$</gav>
<cpe>cpe:/a:git-scm:git</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.eclipse\.jetty\.orbit:org\.apache\.taglibs\.standard\.glassfish:.*$</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
<cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.eclipse\.jetty\.orbit:com\.sun\.el:.*$</gav>
<cpe>cpe:/a:jetty:jetty</cpe>
<cpe>cpe:/a:eclipse:jetty</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup: client vs. server mismatch
]]></notes>
<gav regex="true">^org\.samba\.jcifs:jcifs:.*$</gav>
<cpe>cpe:/a:samba:samba</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
general FP cleanup
]]></notes>
<gav regex="true">^org\.codehaus\.plexus:plexus-utils:.*$</gav>
<cpe>cpe:/a:spice_project:spice</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #952 - instead of suppressing the whole thing, we will just
suppress specific CVE that are for the server
]]></notes>
<gav regex="true">^mysql:mysql-connector-java:.*$</gav>
<cve>CVE-2017-3331</cve>
<cve>CVE-2017-3452</cve>
<cve>CVE-2007-6304</cve>
<cve>CVE-2016-5442</cve>
<cve>CVE-2014-6555</cve>
<cve>CVE-2015-4861</cve>
<cve>CVE-2013-3796</cve>
<cve>CVE-2012-0553</cve>
<cve>CVE-2016-0659</cve>
<cve>CVE-2002-1923</cve>
<cve>CVE-2012-0119</cve>
<cve>CVE-2015-0508</cve>
<cve>CVE-2016-8283</cve>
<cve>CVE-2017-3463</cve>
<cve>CVE-2016-6663</cve>
<cve>CVE-2013-5881</cve>
<cve>CVE-2015-2573</cve>
<cve>CVE-2016-5436</cve>
<cve>CVE-2002-1376</cve>
<cve>CVE-2015-0432</cve>
<cve>CVE-2005-2558</cve>
<cve>CVE-2017-3308</cve>
<cve>CVE-2014-0402</cve>
<cve>CVE-2015-0499</cve>
<cve>CVE-2009-0819</cve>
<cve>CVE-2012-1757</cve>
<cve>CVE-2010-3838</cve>
<cve>CVE-2006-4031</cve>
<cve>CVE-2012-3180</cve>
<cve>CVE-2015-3152</cve>
<cve>CVE-2014-0393</cve>
<cve>CVE-2012-3163</cve>
<cve>CVE-2016-0594</cve>
<cve>CVE-2014-2450</cve>
<cve>CVE-2014-0430</cve>
<cve>CVE-2017-3457</cve>
<cve>CVE-2015-2567</cve>
<cve>CVE-2017-3319</cve>
<cve>CVE-2015-4866</cve>
<cve>CVE-2010-1621</cve>
<cve>CVE-2015-0409</cve>
<cve>CVE-2016-8288</cve>
<cve>CVE-2014-6484</cve>
<cve>CVE-2017-3243</cve>
<cve>CVE-2016-5633</cve>
<cve>CVE-2017-3468</cve>
<cve>CVE-2012-2122</cve>
<cve>CVE-2014-2444</cve>
<cve>CVE-2016-0642</cve>
<cve>CVE-2012-0882</cve>
<cve>CVE-2012-0102</cve>
<cve>CVE-2012-5614</cve>
<cve>CVE-2013-1567</cve>
<cve>CVE-2016-0504</cve>
<cve>CVE-2017-3643</cve>
<cve>CVE-2010-2008</cve>
<cve>CVE-2016-0608</cve>
<cve>CVE-2015-4756</cve>
<cve>CVE-2017-10284</cve>
<cve>CVE-2014-6495</cve>
<cve>CVE-2013-5793</cve>
<cve>CVE-2014-4233</cve>
<cve>CVE-2010-3680</cve>
<cve>CVE-2012-0493</cve>
<cve>CVE-2001-1275</cve>
<cve>CVE-2013-0385</cve>
<cve>CVE-2016-0599</cve>
<cve>CVE-2016-5627</cve>
<cve>CVE-2012-0113</cve>
<cve>CVE-2013-0368</cve>
<cve>CVE-2014-2438</cve>
<cve>CVE-2013-1511</cve>
<cve>CVE-2014-6478</cve>
<cve>CVE-2017-3637</cve>
<cve>CVE-2004-0837</cve>
<cve>CVE-2016-0653</cve>
<cve>CVE-2010-1626</cve>
<cve>CVE-2013-3810</cve>
<cve>CVE-2015-2643</cve>
<cve>CVE-2015-4767</cve>
<cve>CVE-2017-3265</cve>
<cve>CVE-2009-4019</cve>
<cve>CVE-2014-6489</cve>
<cve>CVE-2017-3302</cve>
<cve>CVE-2012-0087</cve>
<cve>CVE-2016-3477</cve>
<cve>CVE-2017-3648</cve>
<cve>CVE-2012-1697</cve>
<cve>CVE-2012-0487</cve>
<cve>CVE-2016-0647</cve>
<cve>CVE-2015-4815</cve>
<cve>CVE-2012-1734</cve>
<cve>CVE-2013-3804</cve>
<cve>CVE-2013-5807</cve>
<cve>CVE-2008-7247</cve>
<cve>CVE-2016-5441</cve>
<cve>CVE-2007-6303</cve>
<cve>CVE-2014-2494</cve>
<cve>CVE-2017-3313</cve>
<cve>CVE-2013-3795</cve>
<cve>CVE-2014-4238</cve>
<cve>CVE-2015-4826</cve>
<cve>CVE-2016-0658</cve>
<cve>CVE-2012-0118</cve>
<cve>CVE-2015-0507</cve>
<cve>CVE-2015-2648</cve>
<cve>CVE-2006-7232</cve>
<cve>CVE-2009-5026</cve>
<cve>CVE-2017-3462</cve>
<cve>CVE-2016-6662</cve>
<cve>CVE-2016-2047</cve>
<cve>CVE-2006-4227</cve>
<cve>CVE-2014-0001</cve>
<cve>CVE-2002-1375</cve>
<cve>CVE-2015-0498</cve>
<cve>CVE-2017-10365</cve>
<cve>CVE-2014-0401</cve>
<cve>CVE-2013-1544</cve>
<cve>CVE-2006-1518</cve>
<cve>CVE-2010-3679</cve>
<cve>CVE-2012-1756</cve>
<cve>CVE-2004-0628</cve>
<cve>CVE-2017-10227</cve>
<cve>CVE-2010-3837</cve>
<cve>CVE-2013-3809</cve>
<cve>CVE-2016-5584</cve>
<cve>CVE-2008-4456</cve>
<cve>CVE-2013-5891</cve>
<cve>CVE-2015-4761</cve>
<cve>CVE-2013-5770</cve>
<cve>CVE-2017-3456</cve>
<cve>CVE-2014-2432</cve>
<cve>CVE-2015-2566</cve>
<cve>CVE-2014-6559</cve>
<cve>CVE-2012-0574</cve>
<cve>CVE-2014-0412</cve>
<cve>CVE-2013-1555</cve>
<cve>CVE-2017-3318</cve>
<cve>CVE-2015-2620</cve>
<cve>CVE-2009-4030</cve>
<cve>CVE-2016-8287</cve>
<cve>CVE-2016-3471</cve>
<cve>CVE-2007-2693</cve>
<cve>CVE-2003-0150</cve>
<cve>CVE-2012-3173</cve>
<cve>CVE-2014-6520</cve>
<cve>CVE-2017-10283</cve>
<cve>CVE-2017-3467</cve>
<cve>CVE-2014-0386</cve>
<cve>CVE-2004-0388</cve>
<cve>CVE-2004-2149</cve>
<cve>CVE-2012-0101</cve>
<cve>CVE-2012-5613</cve>
<cve>CVE-2013-1566</cve>
<cve>CVE-2013-2376</cve>
<cve>CVE-2016-5632</cve>
<cve>CVE-2016-0503</cve>
<cve>CVE-2017-3329</cve>
<cve>CVE-2016-0607</cve>
<cve>CVE-2015-4913</cve>
<cve>CVE-2017-3642</cve>
<cve>CVE-2012-3156</cve>
<cve>CVE-2015-4772</cve>
<cve>CVE-2016-0641</cve>
<cve>CVE-2017-10320</cve>
<cve>CVE-2014-6494</cve>
<cve>CVE-2007-2583</cve>
<cve>CVE-2017-3653</cve>
<cve>CVE-2012-0492</cve>
<cve>CVE-2001-1274</cve>
<cve>CVE-2012-0075</cve>
<cve>CVE-2012-3167</cve>
<cve>CVE-2017-3636</cve>
<cve>CVE-2012-0112</cve>
<cve>CVE-2013-0367</cve>
<cve>CVE-2013-0384</cve>
<cve>CVE-2016-0652</cve>
<cve>CVE-2012-4414</cve>
<cve>CVE-2017-10294</cve>
<cve>CVE-2004-0957</cve>
<cve>CVE-2004-0836</cve>
<cve>CVE-2016-0598</cve>
<cve>CVE-2012-1705</cve>
<cve>CVE-2017-10314</cve>
<cve>CVE-2016-8318</cve>
<cve>CVE-2015-4766</cve>
<cve>CVE-2016-5626</cve>
<cve>CVE-2017-3599</cve>
<cve>CVE-2016-5609</cve>
<cve>CVE-2014-4260</cve>
<cve>CVE-2015-0501</cve>
<cve>CVE-2014-4243</cve>
<cve>CVE-2013-3783</cve>
<cve>CVE-2013-5786</cve>
<cve>CVE-2016-0663</cve>
<cve>CVE-2012-0540</cve>
<cve>CVE-2012-1696</cve>
<cve>CVE-2000-0045</cve>
<cve>CVE-2006-0369</cve>
<cve>CVE-2013-1521</cve>
<cve>CVE-2016-3459</cve>
<cve>CVE-2012-0486</cve>
<cve>CVE-2016-0646</cve>
<cve>CVE-2017-3647</cve>
<cve>CVE-2017-10167</cve>
<cve>CVE-2017-3450</cve>
<cve>CVE-2016-5440</cve>
<cve>CVE-2015-0382</cve>
<cve>CVE-2017-3312</cve>
<cve>CVE-2011-2262</cve>
<cve>CVE-2013-3794</cve>
<cve>CVE-2005-0004</cve>
<cve>CVE-2001-1454</cve>
<cve>CVE-2013-0389</cve>
<cve>CVE-2016-0657</cve>
<cve>CVE-2013-1532</cve>
<cve>CVE-2002-1921</cve>
<cve>CVE-2012-0117</cve>
<cve>CVE-2015-0506</cve>
<cve>CVE-2017-3258</cve>
<cve>CVE-2017-3461</cve>
<cve>CVE-2012-3150</cve>
<cve>CVE-2003-0073</cve>
<cve>CVE-2005-2573</cve>
<cve>CVE-2014-6564</cve>
<cve>CVE-2006-4226</cve>
<cve>CVE-2002-1374</cve>
<cve>CVE-2015-4870</cve>
<cve>CVE-2005-0711</cve>
<cve>CVE-2010-1850</cve>
<cve>CVE-2006-1517</cve>
<cve>CVE-2010-3678</cve>
<cve>CVE-2013-1526</cve>
<cve>CVE-2004-0627</cve>
<cve>CVE-2016-0705</cve>
<cve>CVE-2010-3836</cve>
<cve>CVE-2016-3518</cve>
<cve>CVE-2013-3808</cve>
<cve>CVE-2016-0601</cve>
<cve>CVE-2015-4836</cve>
<cve>CVE-2015-2571</cve>
<cve>CVE-2016-0668</cve>
<cve>CVE-2012-5060</cve>
<cve>CVE-2015-4819</cve>
<cve>CVE-2013-2381</cve>
<cve>CVE-2015-2582</cve>
<cve>CVE-2017-3455</cve>
<cve>CVE-2003-0780</cve>
<cve>CVE-2014-2431</cve>
<cve>CVE-2003-1331</cve>
<cve>CVE-2015-4864</cve>
<cve>CVE-2012-3144</cve>
<cve>CVE-2017-3317</cve>
<cve>CVE-2005-1636</cve>
<cve>CVE-2015-0441</cve>
<cve>CVE-2001-0407</cve>
<cve>CVE-2016-8286</cve>
<cve>CVE-2007-2692</cve>
<cve>CVE-2003-1480</cve>
<cve>CVE-2013-2392</cve>
<cve>CVE-2017-3641</cve>
<cve>CVE-2016-5631</cve>
<cve>CVE-2012-1690</cve>
<cve>CVE-2007-5646</cve>
<cve>CVE-2013-2375</cve>
<cve>CVE-2016-2105</cve>
<cve>CVE-2007-5925</cve>
<cve>CVE-2012-5612</cve>
<cve>CVE-2016-0502</cve>
<cve>CVE-2014-2442</cve>
<cve>CVE-2015-4858</cve>
<cve>CVE-2013-1548</cve>
<cve>CVE-2016-0606</cve>
<cve>CVE-2015-2576</cve>
<cve>CVE-2014-4287</cve>
<cve>CVE-2002-0969</cve>
<cve>CVE-2016-0640</cve>
<cve>CVE-2015-4737</cve>
<cve>CVE-2015-4771</cve>
<cve>CVE-2016-5439</cve>
<cve>CVE-1999-1188</cve>
<cve>CVE-2007-5970</cve>
<cve>CVE-2014-6530</cve>
<cve>CVE-2017-3652</cve>
<cve>CVE-2008-3963</cve>
<cve>CVE-2013-0383</cve>
<cve>CVE-2012-3166</cve>
<cve>CVE-2012-0491</cve>
<cve>CVE-2014-4214</cve>
<cve>CVE-2016-5625</cve>
<cve>CVE-2014-0433</cve>
<cve>CVE-2012-3149</cve>
<cve>CVE-2014-2436</cve>
<cve>CVE-2016-3501</cve>
<cve>CVE-2012-0578</cve>
<cve>CVE-2004-0956</cve>
<cve>CVE-2004-0835</cve>
<cve>CVE-2014-2419</cve>
<cve>CVE-2017-3635</cve>
<cve>CVE-2017-10155</cve>
<cve>CVE-2015-0500</cve>
<cve>CVE-2016-0651</cve>
<cve>CVE-2010-1849</cve>
<cve>CVE-2017-10313</cve>
<cve>CVE-2017-10276</cve>
<cve>CVE-2015-4802</cve>
<cve>CVE-2015-2641</cve>
<cve>CVE-2016-0597</cve>
<cve>CVE-2016-3492</cve>
<cve>CVE-2007-1420</cve>
<cve>CVE-2012-3177</cve>
<cve>CVE-2016-0662</cve>
<cve>CVE-2017-3646</cve>
<cve>CVE-2012-0485</cve>
<cve>CVE-2015-0511</cve>
<cve>CVE-2014-6507</cve>
<cve>CVE-2000-0148</cve>
<cve>CVE-2013-3802</cve>
<cve>CVE-2014-0427</cve>
<cve>CVE-2015-4830</cve>
<cve>CVE-2017-3291</cve>
<cve>CVE-2015-3194</cve>
<cve>CVE-2008-2079</cve>
<cve>CVE-2009-4028</cve>
<cve>CVE-2016-3486</cve>
<cve>CVE-2012-5383</cve>
<cve>CVE-2013-3793</cve>
<cve>CVE-2012-4452</cve>
<cve>CVE-2017-3257</cve>
<cve>CVE-2010-3683</cve>
<cve>CVE-2001-1453</cve>
<cve>CVE-2012-0496</cve>
<cve>CVE-2004-0457</cve>
<cve>CVE-2013-1531</cve>
<cve>CVE-2012-0116</cve>
<cve>CVE-2012-1689</cve>
<cve>CVE-2016-0639</cve>
<cve>CVE-2015-4807</cve>
<cve>CVE-2015-0505</cve>
<cve>CVE-2016-0656</cve>
<cve>CVE-2015-0381</cve>
<cve>CVE-2006-4380</cve>
<cve>CVE-2017-3460</cve>
<cve>CVE-2004-0381</cve>
<cve>CVE-2005-2572</cve>
<cve>CVE-2002-1373</cve>
<cve>CVE-2017-3305</cve>
<cve>CVE-2005-0710</cve>
<cve>CVE-2016-0667</cve>
<cve>CVE-2006-1516</cve>
<cve>CVE-2010-3677</cve>
<cve>CVE-2016-0546</cve>
<cve>CVE-2016-0600</cve>
<cve>CVE-2010-3835</cve>
<cve>CVE-2013-3807</cve>
<cve>CVE-2009-4484</cve>
<cve>CVE-2012-3160</cve>
<cve>CVE-2017-3454</cve>
<cve>CVE-2013-1570</cve>
<cve>CVE-2014-2430</cve>
<cve>CVE-2016-5444</cve>
<cve>CVE-2014-4258</cve>
<cve>CVE-2012-0572</cve>
<cve>CVE-2012-2750</cve>
<cve>CVE-2013-3798</cve>
<cve>CVE-2016-0611</cve>
<cve>CVE-2016-3424</cve>
<cve>CVE-2015-0423</cve>
<cve>CVE-2007-2691</cve>
<cve>CVE-2013-2391</cve>
<cve>CVE-2014-6464</cve>
<cve>CVE-2017-3465</cve>
<cve>CVE-2013-0371</cve>
<cve>CVE-2014-0384</cve>
<cve>CVE-2015-2575</cve>
<cve>CVE-2014-6568</cve>
<cve>CVE-2012-0583</cve>
<cve>CVE-2012-2102</cve>
<cve>CVE-2012-5611</cve>
<cve>CVE-2005-0799</cve>
<cve>CVE-2016-5630</cve>
<cve>CVE-2006-0903</cve>
<cve>CVE-2016-0605</cve>
<cve>CVE-2017-3640</cve>
<cve>CVE-2016-3452</cve>
<cve>CVE-2017-3251</cve>
<cve>CVE-2017-3651</cve>
<cve>CVE-2012-0490</cve>
<cve>CVE-2013-5894</cve>
<cve>CVE-2016-0596</cve>
<cve>CVE-2017-3634</cve>
<cve>CVE-2017-3459</cve>
<cve>CVE-2001-1255</cve>
<cve>CVE-2014-2435</cve>
<cve>CVE-2016-0650</cve>
<cve>CVE-2017-10379</cve>
<cve>CVE-2016-0616</cve>
<cve>CVE-2015-4905</cve>
<cve>CVE-2012-1703</cve>
<cve>CVE-2005-0709</cve>
<cve>CVE-2010-1848</cve>
<cve>CVE-2016-5624</cve>
<cve>CVE-2002-1809</cve>
<cve>CVE-2015-4792</cve>
<cve>CVE-2016-8327</cve>
<cve>CVE-2016-0661</cve>
<cve>CVE-2014-6469</cve>
<cve>CVE-2012-0484</cve>
<cve>CVE-2017-10286</cve>
<cve>CVE-2016-5635</cve>
<cve>CVE-2000-0981</cve>
<cve>CVE-2014-4207</cve>
<cve>CVE-2013-3801</cve>
<cve>CVE-2013-1502</cve>
<cve>CVE-2015-0439</cve>
<cve>CVE-2013-5767</cve>
<cve>CVE-2016-3615</cve>
<cve>CVE-2012-2749</cve>
<cve>CVE-2013-5908</cve>
<cve>CVE-2016-0644</cve>
<cve>CVE-2015-2617</cve>
<cve>CVE-2017-3645</cve>
<cve>CVE-2017-10165</cve>
<cve>CVE-2015-4879</cve>
<cve>CVE-2008-4098</cve>
<cve>CVE-2017-3273</cve>
<cve>CVE-2014-6551</cve>
<cve>CVE-2017-3256</cve>
<cve>CVE-2010-3682</cve>
<cve>CVE-2012-0495</cve>
<cve>CVE-2016-0655</cve>
<cve>CVE-2010-3840</cve>
<cve>CVE-2016-5629</cve>
<cve>CVE-2012-0115</cve>
<cve>CVE-2012-1688</cve>
<cve>CVE-2014-0437</cve>
<cve>CVE-2013-3812</cve>
<cve>CVE-2012-5627</cve>
<cve>CVE-2017-3639</cve>
<cve>CVE-2015-4769</cve>
<cve>CVE-2015-0391</cve>
<cve>CVE-2013-5860</cve>
<cve>CVE-2015-4730</cve>
<cve>CVE-2017-3600</cve>
<cve>CVE-2015-0374</cve>
<cve>CVE-2015-0411</cve>
<cve>CVE-2016-0666</cve>
<cve>CVE-2010-3676</cve>
<cve>CVE-2012-0489</cve>
<cve>CVE-2017-3529</cve>
<cve>CVE-2010-3834</cve>
<cve>CVE-2013-3806</cve>
<cve>CVE-2016-8290</cve>
<cve>CVE-2016-0649</cve>
<cve>CVE-2015-2639</cve>
<cve>CVE-2014-4274</cve>
<cve>CVE-2017-3453</cve>
<cve>CVE-2016-5443</cve>
<cve>CVE-2009-2446</cve>
<cve>CVE-2015-0385</cve>
<cve>CVE-2006-2753</cve>
<cve>CVE-2016-3440</cve>
<cve>CVE-2013-1552</cve>
<cve>CVE-2016-0610</cve>
<cve>CVE-2015-4862</cve>
<cve>CVE-2015-0405</cve>
<cve>CVE-2016-8284</cve>
<cve>CVE-2015-4890</cve>
<cve>CVE-2014-6463</cve>
<cve>CVE-2017-3464</cve>
<cve>CVE-2016-6664</cve>
<cve>CVE-2014-2440</cve>
<cve>CVE-2014-6500</cve>
<cve>CVE-2016-5612</cve>
<cve>CVE-2017-10384</cve>
<cve>CVE-2014-0420</cve>
<cve>CVE-2015-4910</cve>
<cve>CVE-2013-5882</cve>
<cve>CVE-2015-4752</cve>
<cve>CVE-2017-3309</cve>
<cve>CVE-2016-5437</cve>
<cve>CVE-2015-0433</cve>
<cve>CVE-2015-2611</cve>
<cve>CVE-2010-3839</cve>
<cve>CVE-2006-3081</cve>
<cve>CVE-2014-6491</cve>
<cve>CVE-2014-6474</cve>
<cve>CVE-2017-3650</cve>
<cve>CVE-2014-2451</cve>
<cve>CVE-2016-0595</cve>
<cve>CVE-2017-3633</cve>
<cve>CVE-2017-3458</cve>
<cve>CVE-2014-0431</cve>
<cve>CVE-2012-3147</cve>
<cve>CVE-2014-2434</cve>
<cve>CVE-2015-2568</cve>
<cve>CVE-2017-10378</cve>
<cve>CVE-2015-4904</cve>
<cve>CVE-2015-4800</cve>
<cve>CVE-2012-1702</cve>
<cve>CVE-2017-10311</cve>
<cve>CVE-2013-3839</cve>
<cve>CVE-2016-8289</cve>
<cve>CVE-2014-4240</cve>
<cve>CVE-2015-4791</cve>
<cve>CVE-2017-3244</cve>
<cve>CVE-2013-2395</cve>
<cve>CVE-2015-4895</cve>
<cve>CVE-2016-5634</cve>
<cve>CVE-2012-0120</cve>
<cve>CVE-2013-0375</cve>
<cve>CVE-2013-2378</cve>
<cve>CVE-2012-3158</cve>
<cve>CVE-2014-6505</cve>
<cve>CVE-2017-10268</cve>
<cve>CVE-2012-5615</cve>
<cve>CVE-2016-0505</cve>
<cve>CVE-2016-0643</cve>
<cve>CVE-2016-3614</cve>
<cve>CVE-2015-0438</cve>
<cve>CVE-2016-0609</cve>
<cve>CVE-2015-4757</cve>
<cve>CVE-2017-3644</cve>
<cve>CVE-2008-4097</cve>
<cve>CVE-2016-7440</cve>
<cve>CVE-2014-6496</cve>
<cve>CVE-2006-3486</cve>
<cve>CVE-2013-1492</cve>
<cve>CVE-2015-2661</cve>
<cve>CVE-2016-3521</cve>
<cve>CVE-2010-3681</cve>
<cve>CVE-2017-10296</cve>
<cve>CVE-2006-3469</cve>
<cve>CVE-2013-2389</cve>
<cve>CVE-2012-0494</cve>
<cve>CVE-2016-5628</cve>
<cve>CVE-2017-3638</cve>
<cve>CVE-2012-0114</cve>
<cve>CVE-2013-0386</cve>
<cve>CVE-2013-1512</cve>
<cve>CVE-2016-3588</cve>
<cve>CVE-2017-3238</cve>
<cve>CVE-2013-3811</cve>
<cve>CVE-2016-0654</cve>
<cve>CVE-2016-5507</cve>
<cve>CVE-2017-10279</cve>
<cve>CVE-2015-0503</cve>
<cve>CVE-2012-5096</cve>
<cve>CVE-2016-3495</cve>
<cve>CVE-2017-3320</cve>
<cve>CVE-2012-3197</cve>
<cve>CVE-2014-2484</cve>
<cve>CVE-2008-0226</cve>
<cve>CVE-2011-5049</cve>
<cve>CVE-2016-0665</cve>
<cve>CVE-2017-3649</cve>
<cve>CVE-2012-0488</cve>
<cve>CVE-2013-1523</cve>
<cve>CVE-2016-0648</cve>
<cve>CVE-2010-3833</cve>
<cve>CVE-2012-1735</cve>
<cve>CVE-2013-3805</cve>
<cve>CVE-2013-1506</cve>
<cve>CVE-2015-4833</cve>
<cve>CVE-2015-4816</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #946 - instead of suppressing the whole thing, we will just
suppress specific CVE that are for the server
]]></notes>
<gav regex="true">^postgresql:postgresql:.*$</gav>
<cve>CVE-2006-5540</cve>
<cve>CVE-2006-5542</cve>
<cve>CVE-2007-6600</cve>
<cve>CVE-2007-3279</cve>
<cve>CVE-2016-5423</cve>
<cve>CVE-2005-0244</cve>
<cve>CVE-2006-2314</cve>
<cve>CVE-2005-0246</cve>
<cve>CVE-2005-1410</cve>
<cve>CVE-2006-0678</cve>
<cve>CVE-2002-0972</cve>
<cve>CVE-2005-0227</cve>
<cve>CVE-2002-1402</cve>
<cve>CVE-2004-0977</cve>
<cve>CVE-2013-1899</cve>
<cve>CVE-2003-0901</cve>
<cve>CVE-2010-0733</cve>
<cve>CVE-2010-1447</cve>
<cve>CVE-2002-1642</cve>
<cve>CVE-2006-0553</cve>
<cve>CVE-2002-1400</cve>
<cve>CVE-2007-3280</cve>
<cve>CVE-2017-7484</cve>
<cve>CVE-2009-4034</cve>
<cve>CVE-2017-7486</cve>
<cve>CVE-2012-3489</cve>
<cve>CVE-2009-4136</cve>
<cve>CVE-2014-0061</cve>
<cve>CVE-2015-5288</cve>
<cve>CVE-1999-0862</cve>
<cve>CVE-2014-0063</cve>
<cve>CVE-2014-0065</cve>
<cve>CVE-2007-2138</cve>
<cve>CVE-2002-1397</cve>
<cve>CVE-2007-0556</cve>
<cve>CVE-2002-1399</cve>
<cve>CVE-2006-0105</cve>
<cve>CVE-2016-0766</cve>
<cve>CVE-2010-0442</cve>
<cve>CVE-2014-0067</cve>
<cve>CVE-2002-1657</cve>
<cve>CVE-2017-7548</cve>
<cve>CVE-2010-1975</cve>
<cve>CVE-2012-0866</cve>
<cve>CVE-2012-0868</cve>
<cve>CVE-2013-1903</cve>
<cve>CVE-2013-1901</cve>
<cve>CVE-2016-0768</cve>
<cve>CVE-2017-7546</cve>
<cve>CVE-2009-3231</cve>
<cve>CVE-2016-2193</cve>
<cve>CVE-2006-5541</cve>
<cve>CVE-2016-3065</cve>
<cve>CVE-2007-3278</cve>
<cve>CVE-2007-6601</cve>
<cve>CVE-2016-5424</cve>
<cve>CVE-2006-2313</cve>
<cve>CVE-2005-0245</cve>
<cve>CVE-2007-4769</cve>
<cve>CVE-2005-0247</cve>
<cve>CVE-2009-0922</cve>
<cve>CVE-2002-1401</cve>
<cve>CVE-2012-2655</cve>
<cve>CVE-2010-1169</cve>
<cve>CVE-2012-3488</cve>
<cve>CVE-2010-4015</cve>
<cve>CVE-2016-0773</cve>
<!--cve>CVE-2017-7485</cve> This affects the client -->
<cve>CVE-2007-4772</cve>
<cve>CVE-2014-0060</cve>
<cve>CVE-2014-0062</cve>
<cve>CVE-2010-1170</cve>
<cve>CVE-2014-0064</cve>
<cve>CVE-2015-3165</cve>
<cve>CVE-2009-3229</cve>
<cve>CVE-2007-0555</cve>
<cve>CVE-2002-1398</cve>
<cve>CVE-2000-1199</cve>
<cve>CVE-2013-0255</cve>
<cve>CVE-2010-3433</cve>
<cve>CVE-2014-0066</cve>
<cve>CVE-2004-0547</cve>
<cve>CVE-2014-2669</cve>
<cve>CVE-2013-1900</cve>
<cve>CVE-2005-1409</cve>
<cve>CVE-2002-0802</cve>
<cve>CVE-2013-1902</cve>
<cve>CVE-2017-7547</cve>
<cve>CVE-2012-0867</cve>
<cve>CVE-2012-2143</cve>
<!--cve>CVE-2012-1618</cve> this affects the JDBC -->
<cve>CVE-2015-5289</cve>
<cve>CVE-2009-3230</cve>
<cve>CVE-2007-6067</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #947 - instead of suppressing the whole thing, we will just
suppress specific CVE that are for the server
]]></notes>
<gav regex="true">^com\.microsoft\.sqlserver:sqljdbc4:.*$</gav>
<cve>CVE-2000-1081</cve>
<cve>CVE-2004-1560</cve>
<cve>CVE-2000-1083</cve>
<cve>CVE-2000-1085</cve>
<cve>CVE-2009-2503</cve>
<cve>CVE-2000-1087</cve>
<cve>CVE-2002-1123</cve>
<cve>CVE-2002-0057</cve>
<cve>CVE-2009-2501</cve>
<cve>CVE-2001-0542</cve>
<cve>CVE-2001-0344</cve>
<cve>CVE-2000-0654</cve>
<cve>CVE-2009-2528</cve>
<cve>CVE-2014-1820</cve>
<cve>CVE-1999-0999</cve>
<cve>CVE-2002-0859</cve>
<cve>CVE-2012-2552</cve>
<cve>CVE-2016-7249</cve>
<cve>CVE-2016-7250</cve>
<cve>CVE-2016-7252</cve>
<cve>CVE-2014-4061</cve>
<cve>CVE-2016-7254</cve>
<cve>CVE-2008-0086</cve>
<cve>CVE-2008-3013</cve>
<cve>CVE-2009-3126</cve>
<cve>CVE-2008-3015</cve>
<cve>CVE-2008-5416</cve>
<cve>CVE-2003-0231</cve>
<cve>CVE-2002-0187</cve>
<cve>CVE-2008-0106</cve>
<cve>CVE-2002-1872</cve>
<cve>CVE-2002-0641</cve>
<cve>CVE-2002-0224</cve>
<cve>CVE-2002-1138</cve>
<cve>CVE-2002-0643</cve>
<cve>CVE-2000-0202</cve>
<cve>CVE-2000-0402</cve>
<cve>CVE-2002-0624</cve>
<cve>CVE-2002-0645</cve>
<cve>CVE-2002-0649</cve>
<cve>CVE-2007-4814</cve>
<cve>CVE-2007-5090</cve>
<cve>CVE-2015-1761</cve>
<cve>CVE-2011-1280</cve>
<cve>CVE-2017-8516</cve>
<cve>CVE-2015-1763</cve>
<cve>CVE-2000-1082</cve>
<cve>CVE-2009-2500</cve>
<cve>CVE-2000-1084</cve>
<cve>CVE-2009-2502</cve>
<cve>CVE-2000-1086</cve>
<cve>CVE-2002-0154</cve>
<cve>CVE-2002-1145</cve>
<cve>CVE-2000-1088</cve>
<cve>CVE-2000-0199</cve>
<cve>CVE-2002-0056</cve>
<cve>CVE-2012-0158</cve>
<cve>CVE-2009-2504</cve>
<cve>CVE-2002-0650</cve>
<cve>CVE-2002-1981</cve>
<cve>CVE-2001-0509</cve>
<cve>CVE-2016-7251</cve>
<cve>CVE-2016-7253</cve>
<cve>CVE-2008-0085</cve>
<cve>CVE-2008-3012</cve>
<cve>CVE-2008-3014</cve>
<cve>CVE-1999-1556</cve>
<cve>CVE-2003-0230</cve>
<cve>CVE-2002-0186</cve>
<cve>CVE-2003-0232</cve>
<cve>CVE-2015-1762</cve>
<cve>CVE-2008-0107</cve>
<cve>CVE-2002-0982</cve>
<cve>CVE-2002-1137</cve>
<cve>CVE-2002-0642</cve>
<cve>CVE-2002-0721</cve>
<cve>CVE-2002-0644</cve>
<cve>CVE-2000-0485</cve>
<cve>CVE-2012-1856</cve>
<cve>CVE-2000-0603</cve>
<cve>CVE-2001-0879</cve>
<cve>CVE-2002-0729</cve>
<cve>CVE-2007-5348</cve>
<cve>CVE-2008-4110</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #999 - instead of suppressing the whole thing, we will just
suppress specific CVE that are for the server
]]></notes>
<gav regex="true">^org\.mariadb\.jdbc:mariadb-java-client:.*$</gav>
<cve>CVE-2016-5440</cve>
<cve>CVE-2016-5584</cve>
<cve>CVE-2014-6500</cve>
<cve>CVE-2016-5444</cve>
<cve>CVE-2014-6555</cve>
<cve>CVE-2016-0597</cve>
<cve>CVE-2016-5625</cve>
<cve>CVE-2014-6559</cve>
<cve>CVE-2016-0655</cve>
<cve>CVE-2016-5627</cve>
<cve>CVE-2016-5629</cve>
<cve>CVE-2012-5627</cve>
<cve>CVE-2016-3492</cve>
<cve>CVE-2016-6663</cve>
<cve>CVE-2016-3452</cve>
<cve>CVE-2016-5630</cve>
<cve>CVE-2016-5632</cve>
<cve>CVE-2017-3302</cve>
<cve>CVE-2016-3477</cve>
<cve>CVE-2016-0641</cve>
<cve>CVE-2014-6464</cve>
<cve>CVE-2012-5611</cve>
<cve>CVE-2016-0666</cve>
<cve>CVE-2012-5613</cve>
<cve>CVE-2016-0668</cve>
<cve>CVE-2012-5615</cve>
<cve>CVE-2016-0505</cve>
<cve>CVE-2016-0649</cve>
<cve>CVE-2016-0647</cve>
<cve>CVE-2014-6507</cve>
<cve>CVE-2016-0609</cve>
<cve>CVE-2016-5634</cve>
<cve>CVE-2016-0643</cve>
<cve>CVE-2016-7440</cve>
<cve>CVE-2014-6494</cve>
<cve>CVE-2015-3152</cve>
<cve>CVE-2014-6496</cve>
<cve>CVE-2016-0650</cve>
<cve>CVE-2016-0596</cve>
<cve>CVE-2016-0598</cve>
<cve>CVE-2016-0610</cve>
<cve>CVE-2016-5626</cve>
<cve>CVE-2012-4414</cve>
<cve>CVE-2016-5507</cve>
<cve>CVE-2016-5609</cve>
<cve>CVE-2016-0616</cve>
<cve>CVE-2016-5628</cve>
<cve>CVE-2016-3521</cve>
<cve>CVE-2016-6662</cve>
<cve>CVE-2016-3495</cve>
<cve>CVE-2016-6664</cve>
<cve>CVE-2016-5631</cve>
<cve>CVE-2016-2047</cve>
<cve>CVE-2016-5612</cve>
<cve>CVE-2016-0640</cve>
<cve>CVE-2012-2122</cve>
<cve>CVE-2016-3459</cve>
<cve>CVE-2012-5612</cve>
<cve>CVE-2016-0644</cve>
<cve>CVE-2012-5614</cve>
<cve>CVE-2014-0001</cve>
<cve>CVE-2016-0546</cve>
<cve>CVE-2013-1861</cve>
<cve>CVE-2016-0600</cve>
<cve>CVE-2016-0606</cve>
<cve>CVE-2016-0646</cve>
<cve>CVE-2016-0608</cve>
<cve>CVE-2016-0648</cve>
<cve>CVE-2016-3615</cve>
<cve>CVE-2016-5635</cve>
<cve>CVE-2016-5633</cve>
<cve>CVE-2014-6469</cve>
<cve>CVE-2014-6491</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #943
]]></notes>
<gav regex="true">^cn\.guoyukun\.jdbc:db2jcc_license_cu:.*$</gav>
<cpe>cpe:/a:ibm:db2</cpe>
</suppress>
<suppress base="true">
<notes><![CDATA[
FP per issue #943 - instead of suppressing the whole thing, we will just
suppress specific CVE that are for the server
]]></notes>
<gav regex="true">^cn\.guoyukun\.jdbc:db2jcc:.*$</gav>
<cve>CVE-2007-2582</cve>
<cve>CVE-2012-2194</cve>
<cve>CVE-2008-0696</cve>
<cve>CVE-2009-4327</cve>
<cve>CVE-2013-3475</cve>
<cve>CVE-2009-1239</cve>
<cve>CVE-2014-6159</cve>
<cve>CVE-2010-3740</cve>
<cve>CVE-2012-3324</cve>
<cve>CVE-2012-0711</cve>
<cve>CVE-2017-1519</cve>
<cve>CVE-2015-1935</cve>
<cve>CVE-2009-4330</cve>
<cve>CVE-2014-3095</cve>
<cve>CVE-2009-4334</cve>
<cve>CVE-2005-4870</cve>
<cve>CVE-2010-3193</cve>
<cve>CVE-2013-4033</cve>
<cve>CVE-2008-6820</cve>
<cve>CVE-2016-5995</cve>
<cve>CVE-2009-4438</cve>
<cve>CVE-2010-3197</cve>
<cve>CVE-2015-0157</cve>
<cve>CVE-2007-1228</cve>
<cve>CVE-2017-1105</cve>
<cve>CVE-2012-2180</cve>
<cve>CVE-2010-3734</cve>
<cve>CVE-2010-3738</cve>
<cve>CVE-2012-0709</cve>
<cve>CVE-2008-4691</cve>
<cve>CVE-2009-3473</cve>
<cve>CVE-2017-1150</cve>
<cve>CVE-2008-2154</cve>
<cve>CVE-2014-6210</cve>
<cve>CVE-2007-3676</cve>
<cve>CVE-2008-0697</cve>
<cve>CVE-2009-4328</cve>
<cve>CVE-2012-0712</cve>
<cve>CVE-2009-4331</cve>
<cve>CVE-2009-4335</cve>
<cve>CVE-2005-4871</cve>
<cve>CVE-2010-3194</cve>
<cve>CVE-2008-6821</cve>
<cve>CVE-2009-4439</cve>
<cve>CVE-2008-3958</cve>
<cve>CVE-2012-1796</cve>
<cve>CVE-2010-3731</cve>
<cve>CVE-2009-1905</cve>
<cve>CVE-2011-0731</cve>
<cve>CVE-2014-4805</cve>
<cve>CVE-2010-3735</cve>
<cve>CVE-2015-1922</cve>
<cve>CVE-2014-0907</cve>
<cve>CVE-2008-4692</cve>
<cve>CVE-2009-2860</cve>
<cve>CVE-2003-1051</cve>
<cve>CVE-2009-4325</cve>
<cve>CVE-2006-4257</cve>
<cve>CVE-2012-2196</cve>
<cve>CVE-2017-1451</cve>
<cve>CVE-2008-0698</cve>
<cve>CVE-2009-4329</cve>
<cve>CVE-2013-6744</cve>
<cve>CVE-2008-1966</cve>
<cve>CVE-2011-1373</cve>
<cve>CVE-2005-4869</cve>
<cve>CVE-2016-0211</cve>
<cve>CVE-2017-1434</cve>
<cve>CVE-2010-1560</cve>
<cve>CVE-2011-4061</cve>
<cve>CVE-2014-8910</cve>
<cve>CVE-2012-0713</cve>
<cve>CVE-2017-1438</cve>
<cve>CVE-2017-1297</cve>
<cve>CVE-2009-4332</cve>
<cve>CVE-2005-2073</cve>
<cve>CVE-2010-3195</cve>
<cve>CVE-2017-1520</cve>
<cve>CVE-2013-5466</cve>
<cve>CVE-2008-1998</cve>
<cve>CVE-2009-2858</cve>
<cve>CVE-2008-3959</cve>
<cve>CVE-2012-1797</cve>
<cve>CVE-2010-3732</cve>
<cve>CVE-2014-6209</cve>
<cve>CVE-2009-1906</cve>
<cve>CVE-2012-4826</cve>
<cve>CVE-2010-3736</cve>
<cve>CVE-2011-0757</cve>
<cve>CVE-2011-1846</cve>
<cve>CVE-2007-5090</cve>
<cve>CVE-2010-3474</cve>
<cve>CVE-2013-6717</cve>
<cve>CVE-2009-3471</cve>
<cve>CVE-2008-4693</cve>
<cve>CVE-2007-5652</cve>
<cve>CVE-2003-1052</cve>
<cve>CVE-2009-4326</cve>
<cve>CVE-2017-1452</cve>
<cve>CVE-2012-2197</cve>
<cve>CVE-2008-0699</cve>
<cve>CVE-2010-0472</cve>
<cve>CVE-2017-1439</cve>
<cve>CVE-2012-0710</cve>
<cve>CVE-2014-0919</cve>
<cve>CVE-2009-4150</cve>
<cve>CVE-2014-3094</cve>
<cve>CVE-2009-4333</cve>
<cve>CVE-2013-4032</cve>
<cve>CVE-2010-3196</cve>
<cve>CVE-2007-1027</cve>
<cve>CVE-2015-1883</cve>
<cve>CVE-2014-8901</cve>
<cve>CVE-2010-3475</cve>
<cve>CVE-2010-0462</cve>
<cve>CVE-2009-2859</cve>
<cve>CVE-2010-3733</cve>
<cve>CVE-2010-3737</cve>
<cve>CVE-2011-1847</cve>
<cve>CVE-2009-3472</cve>
<cve>CVE-2014-6097</cve>
</suppress>
<suppress base="true">
<notes><![CDATA[
false positive in io.vertx:vertx-config-kubernetes-configmap
]]></notes>
<gav regex="true">^io\.vertx:vertx-config-kubernetes-configmap:.*$</gav>
<cpe>cpe:/a:kubernetes:kubernetes</cpe>
</suppress>
</suppressions>
Reference in New Issue View Git Blame Copy Permalink