@christopherkunz AFAIK Linux kernel CVE’s are being assigned to old vulns as a result of recently becoming a CNA.
Also CC @thezdi about the Foxit case.