[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] OE-core CVE metrics for nanbield on Sun 31 Dec 2023 04:00:01 AM HST
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2023-12-31 14:19:51
Message-ID: 20231231141951.0C7BB1069C4 () builder ! sakoman ! com
[Download RAW message or body]
Branch: nanbield
New this week: 4 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6931 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6931 * CVE-2023-6932 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6932 *
Removed this week: 0 CVEs
Full list: Found 67 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 \
(CVSS3: 3.3 LOW): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 \
(CVSS3: 6.1 MEDIUM): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 \
(CVSS3: 9.8 CRITICAL): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 \
(CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38559 \
(CVSS3: 5.5 MEDIUM): ghostscript \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-39189 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 * CVE-2023-39192 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 * CVE-2023-39193 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 * CVE-2023-39326 \
(CVSS3: 5.3 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39326 * CVE-2023-39928 \
(CVSS3: 8.8 HIGH): webkitgtk \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 * CVE-2023-40030 \
(CVSS3: 6.1 MEDIUM): rust:rust-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40030 * CVE-2023-4010 \
(CVSS3: 4.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-4039 \
(CVSS3: 4.8 MEDIUM): \
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-42363 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * CVE-2023-42365 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * CVE-2023-42366 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * CVE-2023-42753 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42753 * CVE-2023-42754 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42754 * CVE-2023-42756 \
(CVSS3: 4.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42756 * CVE-2023-45283 \
(CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45283 * CVE-2023-45284 \
(CVSS3: 5.3 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45284 * CVE-2023-45285 \
(CVSS3: 7.5 HIGH): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45285 * CVE-2023-46219 \
(CVSS3: 5.3 MEDIUM): curl:curl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46219 * CVE-2023-4623 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4623 * CVE-2023-46407 \
(CVSS3: 5.5 MEDIUM): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-47470 \
(CVSS3: 7.8 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-4921 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4921 * CVE-2023-49292 \
(CVSS3: 4.8 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 * CVE-2023-50431 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50431 * CVE-2023-5088 \
(CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 * CVE-2023-51384 \
(CVSS3: 5.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * CVE-2023-51385 \
(CVSS3: 9.8 CRITICAL): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * CVE-2023-5156 \
(CVSS3: 7.5 HIGH): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5156 * CVE-2023-5178 \
(CVSS3: 8.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178 * CVE-2023-5197 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5197 * CVE-2023-5345 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5345 * CVE-2023-5574 \
(CVSS3: 7.0 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-5633 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5633 * CVE-2023-5678 \
(CVSS3: 5.3 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678 * CVE-2023-5717 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5717 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6238 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 * CVE-2023-6277 \
(CVSS3: 6.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6277 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 * CVE-2023-6560 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6560 * CVE-2023-6606 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6606 * CVE-2023-6610 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6610 * CVE-2023-6622 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6622 * CVE-2023-6679 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6679 * CVE-2023-6817 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6817 * CVE-2023-6931 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6931 * CVE-2023-6932 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6932 *
For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#193091): https://lists.openembedded.org/g/openembedded-core/message/193091
Mute This Topic: https://lists.openembedded.org/mt/103446832/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic