'[OE-core] OE-core CVE metrics for kirkstone on Sun 30 Apr 2023 03:00:01 AM HST'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] OE-core CVE metrics for kirkstone on Sun 30 Apr 2023 03:00:01 AM HST
From:       "Steve Sakoman" <steve () sakoman ! com>
Date:       2023-04-30 13:04:47
Message-ID: 20230430130447.9DDD296061C () nuc ! router0800d9 ! com
[Download RAW message or body]

Branch: kirkstone

New this week: 6 CVEs
CVE-2022-3964 (CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 \
(CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-48434 \
(CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48434 * CVE-2023-2004 \
(CVSS3: 7.5 HIGH): freetype:freetype-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2004 * CVE-2023-27043 \
(CVSS3: 5.3 MEDIUM): python3:python3-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-29491 \
(CVSS3: 7.8 HIGH): ncurses:ncurses-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 *

Removed this week: 7 CVEs
CVE-2022-41716 (CVSS3: 7.5 HIGH): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41716 * CVE-2022-41722 \
(CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41722 \
* CVE-2023-24537 (CVSS3: 7.5 HIGH): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24537 * CVE-2023-24626 \
(CVSS3: 6.5 MEDIUM): screen \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24626 * CVE-2023-27535 \
(CVSS3: 7.5 HIGH): curl:curl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27535 * CVE-2023-27536 \
(CVSS3: 9.8 CRITICAL): curl:curl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27536 * CVE-2023-27538 \
(CVSS3: 5.5 MEDIUM): curl:curl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27538 *

Full list:  Found 35 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 \
(CVSS3: 6.7 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 \
(CVSS3: 6.7 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-3219 \
(CVSS3: 5.5 MEDIUM): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3515 \
(CVSS3: 9.8 CRITICAL): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-3553 \
(CVSS3: 6.5 MEDIUM): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3872 \
(CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2022-3964 \
(CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3964 * CVE-2022-3965 \
(CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3965 * CVE-2022-4055 \
(CVSS3: 7.4 HIGH): xdg-utils \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * CVE-2022-44370 \
(CVSS3: 7.8 HIGH): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 * CVE-2022-44617 \
(CVSS3: 7.5 HIGH): libxpm \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44617 * CVE-2022-46285 \
(CVSS3: 7.5 HIGH): libxpm \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46285 * CVE-2022-48434 \
(CVSS3: 8.1 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48434 * CVE-2022-4883 \
(CVSS3: 8.8 HIGH): libxpm \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4883 * CVE-2023-0664 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0664 * CVE-2023-0795 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0795 * CVE-2023-0796 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0796 * CVE-2023-0797 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0797 * CVE-2023-0798 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0798 * CVE-2023-0799 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0799 * CVE-2023-1393 \
(CVSS3: 7.8 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1393 * CVE-2023-1544 \
(CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1544 * CVE-2023-1916 \
(CVSS3: 6.1 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * CVE-2023-2004 \
(CVSS3: 7.5 HIGH): freetype:freetype-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2004 * CVE-2023-24532 \
(CVSS3: 5.3 MEDIUM): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-24534 \
(CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24534 \
* CVE-2023-24536 (CVSS3: 7.5 HIGH): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24536 * CVE-2023-24538 \
(CVSS3: 9.8 CRITICAL): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24538 * CVE-2023-27043 \
(CVSS3: 5.3 MEDIUM): python3:python3-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-28488 \
(CVSS3: 6.5 MEDIUM): connman \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28488 * CVE-2023-28531 \
(CVSS3: 9.8 CRITICAL): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28531 * CVE-2023-28879 \
(CVSS3: 9.8 CRITICAL): ghostscript:ghostscript-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28879 * CVE-2023-29491 \
(CVSS3: 7.8 HIGH): ncurses:ncurses-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29491 * CVE-2023-30630 \
(CVSS3: 7.8 HIGH): dmidecode \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-30630 *

For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180570): https://lists.openembedded.org/g/openembedded-core/message/180570
Mute This Topic: https://lists.openembedded.org/mt/98593336/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic