'[OE-core] OE-core CVE metrics for master on Sun 30 Apr 2023 01:00:01 AM HST'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] OE-core CVE metrics for master on Sun 30 Apr 2023 01:00:01 AM HST
From:       "Steve Sakoman" <steve () sakoman ! com>
Date:       2023-04-30 11:32:15
Message-ID: 20230430113215.6BDD49603C8 () nuc ! router0800d9 ! com
[Download RAW message or body]

Branch: master

New this week: 3 CVEs
CVE-2023-2162 (CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2162 * CVE-2023-2194 \
(CVSS3: 6.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2194 * CVE-2023-28328 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28328 *

Removed this week: 3 CVEs
CVE-2023-1393 (CVSS3: 7.8 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-1579 \
(CVSS3: 7.8 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64 \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1579 * CVE-2023-1652 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1652 *

Full list:  Found 41 unpatched CVEs
CVE-2021-3714 (CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 \
(CVSS3: 5.5 MEDIUM): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3533 \
(CVSS3: 5.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3533 * CVE-2022-3606 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3606 * CVE-2022-36402 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-44370 \
(CVSS3: 7.8 HIGH): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 * CVE-2022-4543 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 \
(CVSS3: 6.1 MEDIUM): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2022-48425 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48425 * CVE-2023-0330 \
(CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0330 * CVE-2023-0465 \
(CVSS3: 5.3 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0465 * CVE-2023-0466 \
(CVSS3: 5.3 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0466 * CVE-2023-0615 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0615 * CVE-2023-0664 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0664 * CVE-2023-1380 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1380 * CVE-2023-1544 \
(CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 * CVE-2023-1611 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1611 * CVE-2023-1855 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1855 * CVE-2023-1916 \
(CVSS3: 6.1 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-1989 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1989 * CVE-2023-1990 \
(CVSS3: 4.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1990 * CVE-2023-2162 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2162 * CVE-2023-2194 \
(CVSS3: 6.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2194 * CVE-2023-23039 \
(CVSS3: 5.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23039 * CVE-2023-24532 \
(CVSS3: 5.3 MEDIUM): go-binary-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-24534 \
(CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24534 * CVE-2023-24536 \
(CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 * CVE-2023-24537 \
(CVSS3: 7.5 HIGH): go-binary-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 * CVE-2023-24538 \
(CVSS3: 9.8 CRITICAL): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24538 * CVE-2023-28328 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28328 * CVE-2023-28464 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28464 * CVE-2023-28488 \
(CVSS3: 6.5 MEDIUM): connman \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28488 * CVE-2023-28866 \
(CVSS3: 5.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28866 * CVE-2023-28879 \
(CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28879 * CVE-2023-30456 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30456 * CVE-2023-30630 \
(CVSS3: 7.8 HIGH): dmidecode \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30630 * CVE-2023-30772 \
(CVSS3: 6.4 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30772 *

For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180568): https://lists.openembedded.org/g/openembedded-core/message/180568
Mute This Topic: https://lists.openembedded.org/mt/98592267/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic