eliasgranderubio
commented
4 years ago Hi @BorjaPintos ,
Both BID and Exploit DB information is not CVE notation based so when Dagda queries to the database, that query is based on suggestion of simility so in this case, the result is the mongoDB suggestion.
If you hhave reviewed and all of these vulnerabilities are false positive, you can use the API for mark this info as false positive and will not shown again. Review the wiki for more info about this false positive API.
Regards.
BorjaPintos
Short description
I'm a researcher from Tegra Cibersecurity Center in Galicia. We have done an analysis of different docker images and we have found that in percona:latest image , for the library "net-tools 2.0", dagda reports vulnerabilities from ".net framework 2.0".