# Running vulnpkg against NetBSD/amd64 8.99.25 of Sep 22 2018, please note that
# ntp entries are incorrect due ntp-*p* (pkgsrc) vs ntp-*pl* (NetBSD).
# All other entries not investigated.
% ./vulnpkg.sh `sys_info -P /bin:/sbin:/usr/bin:/usr/sbin:/usr/X11R7/bin`
gcc{,34,44,45,46,47}-[0-9]* denial-of-service https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601
gcc{,34,44,45,46,47}-[0-9]* memory-corruption https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61582
grep<2.11 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667
ntp<4.2.8p1 multiple-vulnerabilities http://www.kb.cert.org/vuls/id/852879
ntp<4.2.8p2 spoofing-attacks http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1798
ntp<4.2.8p2 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1799
ntp<4.2.8p3 multiple-vulnerabilities http://bugs.ntp.org/show_bug.cgi?id=2853
ntp<4.2.8p4 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
ntp<4.2.8p6 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
ntp<4.2.8p7 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
ntp<4.2.8p8 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
ntp<4.2.8p9 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#November_2016_ntp_4_2_8p9_NTP_Se
ntp<4.2.8p10 multiple-vulnerabilities http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu
ntp<4.2.8p5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2015-5300
ntp<4.2.8p2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2015-3405
ntp<4.2.8p3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2015-5146
ntp<4.2.8p7 spoofing https://nvd.nist.gov/vuln/detail/CVE-2018-7170
ntp<4.2.8p11 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2018-7182
ntp<4.2.8p11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-7184
ntp<4.2.8p11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-7185
ntp<4.2.8p12 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2018-12327
ntp<4.2.8p10 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2016-9042
ntp<4.2.8p11 timing-attack https://nvd.nist.gov/vuln/detail/CVE-2018-15605
openssh-[0-9]* oracle-attack https://nvd.nist.gov/vuln/detail/CVE-2018-15919
openssl>=1.1.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2017-3735
openssl>=1.1.0<1.1.0j timing-attack https://nvd.nist.gov/vuln/detail/CVE-2018-0735
openssl>=1.1.0<1.1.0j timing-attack https://nvd.nist.gov/vuln/detail/CVE-2018-0734
sqlite3<3.20.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-10989
sqlite3<3.21.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-13685
sqlite3<3.21.0 null-dereference https://nvd.nist.gov/vuln/detail/CVE-2017-15286
sqlite3<3.23.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2018-8740
tcpdump-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-16808
wpa_supplicant<2.6nb1 weak-cryptography http://seclists.org/oss-sec/2017/q4/83
wpa_supplicant-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2018-14526