fix for Spurious linux_kernel CVEs, cpe string handling

[m-1-k-3]

• What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Bug fix

• What is the current behavior? (You can also link to an open issue here)

see https://github.com/e-m-b-a/emba/issues/1080

• What is the new behavior (if this is a feature change)? If possible add a screenshot.

closes https://github.com/e-m-b-a/emba/issues/1080

[m-1-k-3]

@gluesmith2021 could you give it a try

[gluesmith2021]

@gluesmith2021 could you give it a try

Fix works perfectly. Diff between CVE results from before-fix and after-fix on my sample also reveals that other software was affected, i.e. not only linux_kernel as is the original issue. For example, "lua:5.1.2" would incorrectly match those two CVEs for the same reason:

• https://nvd.nist.gov/vuln/detail/CVE-2020-36661
• https://nvd.nist.gov/vuln/detail/CVE-2023-4540

The fix prevents such incorrect matches. Thank you.