A recent Qualys scan is showing the two CVE findings listed below in Security Analytics appliances.
CVE-2004-0230 - TCP Sequence Number Approximation Based Denial of Service
CVE-2019-16905 - OpenSSH Integer overflow Vulnerability
Release : 8.2.x
Security Analytics 8.2.x releases are not vulnerable to CVE-2019-16905. SA. 8.2.x uses OpenSSH 8.0 (openssh-8.0p1-4.atpsa1.x86_64). However, the XMSS is not enabled in the OpenSSH build.
CVE-2004-0230 is not fixed in Linux because it is not viewed as a problem. Red Hat's explanation is found at
These are both false positives and can be ignored.