[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] OE-core CVE metrics for master on Sun 28 Jan 2024 01:00:01 AM HST
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2024-01-28 11:18:16
Message-ID: 20240128111816.A9A16106961 () builder ! sakoman ! com
[Download RAW message or body]
Branch: master
New this week: 14 CVEs
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-4692 \
(CVSS3: 7.8 HIGH): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 * CVE-2023-4693 \
(CVSS3: 4.6 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-6129 \
(CVSS3: 6.5 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6129 * CVE-2023-6683 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 * CVE-2023-6816 \
(CVSS3: 9.8 CRITICAL): xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2023-6915 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6915 * CVE-2024-0553 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0553 * CVE-2024-0565 \
(CVSS3: 8.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0565 * CVE-2024-0567 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0567 * CVE-2024-0584 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584 * CVE-2024-0607 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0607 * CVE-2024-0646 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0646 *
Removed this week: 8 CVEs
CVE-2023-4039 (CVSS3: 4.8 MEDIUM): \
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-5574 \
(CVSS3: 7.0 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6606 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6606 * CVE-2023-6679 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6679 * CVE-2023-6992 \
(CVSS3: 5.5 MEDIUM): zlib:zlib-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6992 * CVE-2024-0193 \
(CVSS3: 6.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0193 *
Full list: Found 45 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 \
(CVSS3: 3.3 LOW): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 \
(CVSS3: 6.1 MEDIUM): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-1386 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 \
(CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38559 \
(CVSS3: 5.5 MEDIUM): ghostscript \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-4001 \
(CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-4010 \
(CVSS3: 4.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-42363 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * CVE-2023-42365 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * CVE-2023-42366 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * CVE-2023-46407 \
(CVSS3: 5.5 MEDIUM): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-4692 \
(CVSS3: 7.8 HIGH): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4692 * CVE-2023-4693 \
(CVSS3: 4.6 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4693 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-5088 \
(CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 * CVE-2023-51384 \
(CVSS3: 5.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * CVE-2023-51385 \
(CVSS3: 6.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * CVE-2023-51767 \
(CVSS3: 7.0 HIGH): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 * CVE-2023-6129 \
(CVSS3: 6.5 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6129 * CVE-2023-6238 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 * CVE-2023-6270 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 * CVE-2023-6610 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6610 * CVE-2023-6683 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 * CVE-2023-6693 \
(CVSS3: 5.3 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6693 * CVE-2023-6816 \
(CVSS3: 9.8 CRITICAL): xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2023-6915 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6915 * CVE-2023-7042 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7042 * CVE-2024-0553 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0553 * CVE-2024-0565 \
(CVSS3: 8.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0565 * CVE-2024-0567 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0567 * CVE-2024-0584 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584 * CVE-2024-0607 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0607 * CVE-2024-0646 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0646 *
Summary of CVE counts by recipe:
linux-yocto: 20
qemu:qemu-native:qemu-system-native: 5
busybox: 4
openssh: 4
grub:grub-efi:grub-native: 3
gnutls:gnutls-native: 2
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native: 1
ffmpeg: 1
ghostscript: 1
gnupg:gnupg-native: 1
nasm:nasm-native: 1
openssl:openssl-native: 1
xwayland: 1
For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194439): https://lists.openembedded.org/g/openembedded-core/message/194439
Mute This Topic: https://lists.openembedded.org/mt/104010457/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic