'[OE-core] OE-core CVE metrics for master on Sun 31 Dec 2023 01:00:01 AM HST'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] OE-core CVE metrics for master on Sun 31 Dec 2023 01:00:01 AM HST
From:       "Steve Sakoman" <steve () sakoman ! com>
Date:       2023-12-31 11:18:40
Message-ID: 20231231111840.9B38D1069D3 () builder ! sakoman ! com
[Download RAW message or body]

Branch: master

New this week: 4 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6931 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6931 * CVE-2023-6932 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6932 *

Removed this week: 1 CVEs
CVE-2023-40030 (CVSS3: 6.1 MEDIUM): rust:rust-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40030 *

Full list:  Found 43 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 \
(CVSS3: 3.3 LOW): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 \
(CVSS3: 6.1 MEDIUM): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 \
(CVSS3: 9.8 CRITICAL): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 \
(CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38559 \
(CVSS3: 5.5 MEDIUM): ghostscript \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-4010 \
(CVSS3: 4.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-4039 \
(CVSS3: 4.8 MEDIUM): \
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-42363 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * CVE-2023-42365 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * CVE-2023-42366 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * CVE-2023-46407 \
(CVSS3: 5.5 MEDIUM): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-50431 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50431 * CVE-2023-5088 \
(CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 * CVE-2023-51384 \
(CVSS3: 5.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * CVE-2023-51385 \
(CVSS3: 9.8 CRITICAL): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * CVE-2023-5156 \
(CVSS3: 7.5 HIGH): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5156 * CVE-2023-5574 \
(CVSS3: 7.0 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6238 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 * CVE-2023-6560 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6560 * CVE-2023-6606 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6606 * CVE-2023-6610 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6610 * CVE-2023-6622 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6622 * CVE-2023-6679 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6679 * CVE-2023-6817 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6817 * CVE-2023-6931 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6931 * CVE-2023-6932 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6932 *

For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193087): https://lists.openembedded.org/g/openembedded-core/message/193087
Mute This Topic: https://lists.openembedded.org/mt/103444969/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic