I’d like to understand the importance of choosing the OpenVAS default scanner versus the CVE scanner.
If I run the two scanners agains the same target, I see three significant differences:
- CVE scanner runs for just a second or so.
- The CVE report document contains just a table indicating the hits, but the report is otherwise empty. (Navigating to the reports, there I can find the referenced CVE hits, but they don’t appear in the document.)
- The CVE hits are of higher severity than the most severe one in the OpenVAS default scan.
Could you please advise on these items? Thank you.