'[OE-core] OE-core CVE metrics for kirkstone on Sun 31 Dec 2023 03:00:01 AM HST'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    [OE-core] OE-core CVE metrics for kirkstone on Sun 31 Dec 2023 03:00:01 AM HST
From:       "Steve Sakoman" <steve () sakoman ! com>
Date:       2023-12-31 13:18:35
Message-ID: 20231231131835.54180106987 () builder ! sakoman ! com
[Download RAW message or body]

Branch: kirkstone

New this week: 2 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): dropbear:libssh2:libssh2-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *

Removed this week: 0 CVEs

Full list:  Found 37 unpatched CVEs
CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * CVE-2021-35938 \
(CVSS3: 6.7 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * CVE-2021-35939 \
(CVSS3: 6.7 MEDIUM): rpm:rpm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * CVE-2022-3219 \
(CVSS3: 3.3 LOW): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-3515 \
(CVSS3: 9.8 CRITICAL): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 * CVE-2022-36648 \
(CVSS3: 10.0 CRITICAL): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36648 * CVE-2022-3872 \
(CVSS3: 8.6 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3872 * CVE-2023-1386 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-24532 \
(CVSS3: 5.3 MEDIUM): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-24532 * CVE-2023-27043 \
(CVSS3: 5.3 MEDIUM): python3:python3-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27043 * CVE-2023-2731 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2731 * CVE-2023-28198 \
(CVSS3: 8.8 HIGH): webkitgtk \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28198 * CVE-2023-29403 \
(CVSS3: 7.8 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29403 \
* CVE-2023-3019 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-32370 \
(CVSS3: 5.3 MEDIUM): webkitgtk \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32370 * CVE-2023-37769 \
(CVSS3: 6.5 MEDIUM): pixman:pixman-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37769 * CVE-2023-39323 \
(CVSS3: 9.8 CRITICAL): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39323 * CVE-2023-4039 \
(CVSS3: 4.8 MEDIUM): \
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-40397 \
(CVSS3: 9.8 CRITICAL): webkitgtk \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40397 * CVE-2023-42467 \
(CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42467 * CVE-2023-44487 \
(CVSS3: 7.5 HIGH): go:nghttp2 \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44487 * CVE-2023-45285 \
(CVSS3: 7.5 HIGH): go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45285 \
* CVE-2023-45287 (CVSS3: 7.5 HIGH): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45287 * CVE-2023-45803 \
(CVSS3: 4.2 MEDIUM): python3-urllib3 \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45803 * CVE-2023-46407 \
(CVSS3: 5.5 MEDIUM): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-47100 \
(CVSS3: 9.8 CRITICAL): perl:perl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47100 * CVE-2023-47470 \
(CVSS3: 7.8 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): dropbear:libssh2:libssh2-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-49292 \
(CVSS3: 4.8 MEDIUM): go \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 * CVE-2023-51384 \
(CVSS3: 5.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * CVE-2023-51385 \
(CVSS3: 9.8 CRITICAL): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * CVE-2023-5380 \
(CVSS3: 4.7 MEDIUM): xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5380 * CVE-2023-5574 \
(CVSS3: 7.0 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6277 \
(CVSS3: 6.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6277 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 *

For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193090): https://lists.openembedded.org/g/openembedded-core/message/193090
Mute This Topic: https://lists.openembedded.org/mt/103446178/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic