There is a false positive for Adobe Acrobat 2019.0.
It is detected in 2009/secpod_adobe_prdts_bof_vuln_win.nasl (1.3.6.1.4.1.25623.1.0.900320) by this:
if(version_in_range(version:acrobatVer, test_version:"7.0", test_version2:"7.1.0")||
version_in_range(version:acrobatVer, test_version:"8.0", test_version2:"8.1.3")||
acrobatVer =~ "9.0")
{
security_message( port: 0, data: "The target host was found to be vulnerable" );
exit(0);
}
This false positive can be prevented by wrapping it in:
if(readerVer =~ “^(7|8|9)”) { … }
This is consitsent with the section directly above it, dealing with Adobe Reader.
We routinely patch NVTs where we find issues, can we submit them to you in any way?
It kind of feels right for there to be a GitHub repository containing NVTs, to which members of the community could submit PRs. I’d really like to contribute to the community!
The access to the SCM for the VTs was restricted not that long ago as announced here and we are not aware of any plans to change this again.
Unfortunately the only way to contribute to the feed is currently to submit posts (maybe including a git diff / patch) here in this community portal / category.