There are two entries for the same problem. Is it intentional? I think it would be better to update original entry and add FreeBSD SA reference. The newer has wrong CVE name. The original was added 2016-12-25 Database fetched: Wed Jan 11 23:57:12 CET 2017 0 problem(s) in the installed packages found. FreeBSD-10.3_15 is vulnerable: FreeBSD -- OpenSSH multiple vulnerabilities CVE: CVE-2016-1001 CVE: CVE-2016-1000 WWW: https://vuxml.FreeBSD.org/freebsd/2c948527-d823-11e6-9171-14dae9d210b8.html FreeBSD-10.3_15 is vulnerable: openssh -- multiple vulnerabilities CVE: CVE-2016-10010 CVE: CVE-2016-10009 WWW: https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html Miroslav Lachman