I’ve added my plugins and OpenVAS ran them appropriately. So, in report page I’ve seen some of my plugins are shown in CVE tab and most of them are shown in CVE Closed tab. I want to know what the difference is between both of them and why is that happened ?
The ‘Closed CVEs’-report will produce a list of hosts and CVEs for which the respective test returned a ‘not vulnerable’ exit code, i.e. vulnerabilities/exposures that are fixed and don’t pose a threat on the reported hosts.
The ‘CVEs’-report on the other hand lists the detected CVEs and hosts that are actually vulnerable/exposed.