# Tab-separated list of CVE, CWE, test case
# The 3 Tomcat CVEs that appear in C code are commented out
CVE-2010-1773	CWE-189	chrome
CVE-2010-1772	CWE-399	chrome
# More specifically, use-after-free
CVE-2010-2302	CWE-399	chrome
CVE-2010-2301	CWE-79	chrome
CVE-2010-2300	CWE-399	chrome
# The following 2 are in conflict with the NVD information:
# CVE-2010-2299	CWE-94
# Observed example for CWE. see http://cwe.mitre.org/data/definitions/822.html
# Also CWE-668
CVE-2010-2299	CWE-822	chrome
# More specific probably
CVE-2010-2298	CWE-20	chrome
# This is marked as CWE-94 in NVD, but really out of bounds
CVE-2010-2297	CWE-119	chrome
# Maybe CWE-668 Exposure of Resource to Wrong Sphere (child of CWE-361 Time and State)?
CVE-2010-2295	CWE-Unknown	chrome
CVE-2009-3548	CWE-255	tomcat
CVE-2009-2902	CWE-22	tomcat
CVE-2009-2901	CWE-264	tomcat
CVE-2009-2693	CWE-22	tomcat
# May be different
CVE-2009-0783	CWE-200	tomcat
CVE-2009-0580	CWE-200	tomcat
CVE-2009-0033	CWE-20	tomcat
# Not relevant for us, because C code only
#CVE-2008-5519	CWE-200
CVE-2008-5515	CWE-22	tomcat
CVE-2008-4308	CWE-200	tomcat
CVE-2008-2938	CWE-22	tomcat
CVE-2008-2370	CWE-22	tomcat
CVE-2008-1947	CWE-79	tomcat
CVE-2008-1232	CWE-79	tomcat
# Observed example for CWE. See http://cwe.mitre.org/data/definitions/614.html
# In conflict with NVD:
# CVE-2008-0128	CWE-16
CVE-2008-0128	CWE-614	tomcat
# design error in NVD. Not relevant for us, because C code only
#CVE-2007-6286	Unknown
CVE-2007-5461	CWE-22	tomcat
CVE-2007-5342	CWE-264	tomcat
CVE-2007-5333	CWE-200	tomcat
CVE-2007-3385	CWE-200	tomcat
CVE-2007-3382	CWE-200	tomcat
CVE-2007-2450 and CVE-2007-3386	CWE-79	tomcat
CVE-2007-2449	CWE-79	tomcat
CVE-2007-1858	CWE-327	tomcat
CVE-2007-1355	CWE-79	tomcat
CVE-2007-0450	CWE-22	tomcat
# Probably a buffer overflow, but not relevant for us, because C code only
#CVE-2006-7197	Unknown
CVE-2006-7196 and CVE-2009-0781	CWE-79	tomcat
CVE-2006-7195	CWE-79	tomcat
CVE-2010-2287	CWE-119	wireshark
CVE-2010-2286	CWE-399	wireshark
CVE-2010-2285	CWE-476	wireshark
CVE-2010-2284	CWE-119	wireshark
CVE-2010-2283	CWE-476	wireshark
CVE-2010-1455	CWE-20	wireshark
CVE-2010-0304	CWE-119	wireshark
# strftime issue. Chose CWE-474 - inconsistent implementations.
# But could be CWE-633 - Memory issue or something else
CVE-2009-4378	CWE-474	wireshark
CVE-2009-4377 (1)	CWE-476	wireshark
CVE-2009-4377 (2)	CWE-476	wireshark
# More specifically, CWE-120: sscanf with %s
CVE-2009-4376	CWE-119	wireshark
CVE-2009-3829	CWE-189	wireshark
CVE-2009-3551	CWE-189	wireshark
CVE-2009-3550	CWE-476	wireshark
CVE-2009-3549	CWE-20	wireshark
# Unchecked return value from gcry_md_open leads to crash. What CWE-252?
# Or is it a buffer overrun really?
CVE-2009-3243	CWE-119	wireshark
# Uninitialized data handle ? Some other CWEs might also qualify
CVE-2009-3242	CWE-457	wireshark
# No certainty here
CVE-2009-3241	CWE-401	wireshark
# Either null pointer dereference or double free
# Chose null pointer because of the description in redhat bug report
CVE-2009-2563	CWE-476	wireshark
# Integer overflow leading to buffer overflow?
# Chain: CWE-680, leads to CWE-119
CVE-2009-2562	CWE-190	wireshark
# Maybe also chain to buffer overflow?
CVE-2009-2561	CWE-190	wireshark
CVE-2009-2560 (1)	CWE-119	wireshark
CVE-2009-2560 (2)	CWE-119	wireshark
CVE-2009-2559	CWE-119	wireshark
