search

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/
https://public.vulnerablecode.io
Apache License 2.0
540 stars 202 forks source link

Interesting / misleading advisories #1064

Open Hritik14 opened 1 year ago

Hritik14 commented 1 year ago

This thread contains advisories which were found to be interesting/misleading/conflicting/difficult to process in any manner whatsoever while developing VulnerableCode.

Hritik14 commented 1 year ago

CVE-2008-2938 Although Tomcat says: Not a vulnerability in Tomcat

Reported-By: John M. Horan <johnmhoran@gmail.com>
armijnhemel commented 1 year ago

https://nvd.nist.gov/vuln/detail/CVE-2013-2596

Although it is a real bug the ranges of what software is vulnerable is not correct and probably too broad (too many kernels reported). Also it very much depends on the configuration used to build the software.

Hritik14 commented 1 year ago

Related: https://github.com/nexB/vulnerablecode/issues/1200

Hritik14 commented 1 year ago

Related: https://github.com/nexB/vulnerablecode/issues/1281