[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core] OE-core CVE metrics for nanbield on Sun 28 Jan 2024 04:00:01 AM HST
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2024-01-28 14:18:53
Message-ID: 20240128141853.9623D106956 () builder ! sakoman ! com
[Download RAW message or body]
Branch: nanbield
New this week: 16 CVEs
CVE-2023-4001 (CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-6129 \
(CVSS3: 6.5 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6129 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 * CVE-2023-6683 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 * CVE-2023-6816 \
(CVSS3: 9.8 CRITICAL): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2023-6915 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6915 * CVE-2024-0232 \
(CVSS3: 5.5 MEDIUM): sqlite3:sqlite3-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0232 * CVE-2024-0553 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0553 * CVE-2024-0565 \
(CVSS3: 8.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0565 * CVE-2024-0567 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0567 * CVE-2024-0582 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0582 * CVE-2024-0584 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584 * CVE-2024-0607 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0607 * CVE-2024-0641 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0641 * CVE-2024-0646 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0646 *
Removed this week: 4 CVEs
CVE-2023-42465 (CVSS3: 7.0 HIGH): sudo \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42465 * CVE-2023-46219 \
(CVSS3: 5.3 MEDIUM): curl:curl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46219 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 *
Full list: Found 84 unpatched CVEs
CVE-2019-14899 (CVSS3: 7.4 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 * CVE-2021-3714 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 * CVE-2021-3864 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 * CVE-2022-0400 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 * CVE-2022-1247 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 * CVE-2022-3219 \
(CVSS3: 3.3 LOW): gnupg:gnupg-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * CVE-2022-36402 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 * CVE-2022-38096 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 * CVE-2022-4543 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 * CVE-2022-46456 \
(CVSS3: 6.1 MEDIUM): nasm:nasm-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * CVE-2023-0687 \
(CVSS3: 9.8 CRITICAL): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * CVE-2023-1386 \
(CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 * CVE-2023-25584 \
(CVSS3: 7.1 HIGH): binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25584 * CVE-2023-3019 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 * CVE-2023-3397 \
(CVSS3: 6.3 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 * CVE-2023-3640 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 * CVE-2023-38559 \
(CVSS3: 5.5 MEDIUM): ghostscript \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38559 * CVE-2023-39189 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39189 * CVE-2023-39192 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39192 * CVE-2023-39193 \
(CVSS3: 6.0 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39193 * CVE-2023-39928 \
(CVSS3: 8.8 HIGH): webkitgtk \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39928 * CVE-2023-4001 \
(CVSS3: 6.8 MEDIUM): grub:grub-efi:grub-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4001 * CVE-2023-4010 \
(CVSS3: 4.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 * CVE-2023-4039 \
(CVSS3: 4.8 MEDIUM): \
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4039 * CVE-2023-42363 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42363 * CVE-2023-42364 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42364 * CVE-2023-42365 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42365 * CVE-2023-42366 \
(CVSS3: 5.5 MEDIUM): busybox \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42366 * CVE-2023-42753 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42753 * CVE-2023-42754 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42754 * CVE-2023-42756 \
(CVSS3: 4.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42756 * CVE-2023-4623 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4623 * CVE-2023-46407 \
(CVSS3: 5.5 MEDIUM): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 * CVE-2023-47470 \
(CVSS3: 7.8 HIGH): ffmpeg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47470 * CVE-2023-48795 \
(CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 * CVE-2023-4921 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4921 * CVE-2023-49292 \
(CVSS3: 4.8 MEDIUM): go:go-binary-native:go-cross-core2-64:go-runtime \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-49292 * CVE-2023-50431 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50431 * CVE-2023-5088 \
(CVSS3: 7.0 HIGH): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088 * CVE-2023-51384 \
(CVSS3: 5.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51384 * CVE-2023-51385 \
(CVSS3: 6.5 MEDIUM): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51385 * CVE-2023-5156 \
(CVSS3: 7.5 HIGH): glibc \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5156 * CVE-2023-51767 \
(CVSS3: 7.0 HIGH): openssh \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51767 * CVE-2023-5178 \
(CVSS3: 9.8 CRITICAL): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178 * CVE-2023-51780 \
(CVSS3: 8.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51780 * CVE-2023-51781 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51781 * CVE-2023-51782 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-51782 * CVE-2023-5197 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5197 * CVE-2023-5345 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5345 * CVE-2023-5574 \
(CVSS3: 7.0 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5574 * CVE-2023-5633 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5633 * CVE-2023-5678 \
(CVSS3: 5.3 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678 * CVE-2023-5717 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5717 * CVE-2023-6129 \
(CVSS3: 6.5 MEDIUM): openssl:openssl-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6129 * CVE-2023-6228 \
(CVSS3: 5.5 MEDIUM): tiff \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 * CVE-2023-6238 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6238 * CVE-2023-6270 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6270 * CVE-2023-6377 \
(CVSS3: 7.8 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6377 * CVE-2023-6478 \
(CVSS3: 7.5 HIGH): xserver-xorg \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6478 * CVE-2023-6560 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6560 * CVE-2023-6606 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6606 * CVE-2023-6610 \
(CVSS3: 7.1 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6610 * CVE-2023-6622 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6622 * CVE-2023-6679 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6679 * CVE-2023-6683 \
(CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6683 * CVE-2023-6693 \
(CVSS3: 5.3 MEDIUM): qemu:qemu-native:qemu-system-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6693 * CVE-2023-6816 \
(CVSS3: 9.8 CRITICAL): xserver-xorg:xwayland \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6816 * CVE-2023-6817 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6817 * CVE-2023-6915 \
(CVSS3: 7.5 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6915 * CVE-2023-6931 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6931 * CVE-2023-6932 \
(CVSS3: 7.0 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6932 * CVE-2023-6992 \
(CVSS3: 5.5 MEDIUM): zlib:zlib-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6992 * CVE-2023-7042 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-7042 * CVE-2024-0193 \
(CVSS3: 6.7 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0193 * CVE-2024-0232 \
(CVSS3: 5.5 MEDIUM): sqlite3:sqlite3-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0232 * CVE-2024-0553 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0553 * CVE-2024-0565 \
(CVSS3: 8.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0565 * CVE-2024-0567 \
(CVSS3: 7.5 HIGH): gnutls:gnutls-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0567 * CVE-2024-0582 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0582 * CVE-2024-0584 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0584 * CVE-2024-0607 \
(CVSS3: 6.6 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0607 * CVE-2024-0641 \
(CVSS3: 5.5 MEDIUM): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0641 * CVE-2024-0646 \
(CVSS3: 7.8 HIGH): linux-yocto \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0646 * CVE-2024-22195 \
(CVSS3: 6.1 MEDIUM): python3-jinja2:python3-jinja2-native \
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22195 *
Summary of CVE counts by recipe:
linux-yocto: 47
qemu:qemu-native:qemu-system-native: 5
busybox: 4
openssh: 3
xserver-xorg: 3
ffmpeg: 2
glibc: 2
gnutls:gnutls-native: 2
openssl:openssl-native: 2
binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native: 1
gcc:gcc-cross-x86_64:gcc-runtime:gcc-sanitizers:libgcc:libgcc-initial: 1
ghostscript: 1
gnupg:gnupg-native: 1
go:go-binary-native:go-cross-core2-64:go-runtime: 1
grub:grub-efi:grub-native: 1
libssh2:libssh2-native:openssh: 1
nasm:nasm-native: 1
python3-jinja2:python3-jinja2-native: 1
sqlite3:sqlite3-native: 1
tiff: 1
webkitgtk: 1
xserver-xorg:xwayland: 1
zlib:zlib-native: 1
For further information see: \
https://autobuilder.yocto.io/pub/non-release/patchmetrics/
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#194442): https://lists.openembedded.org/g/openembedded-core/message/194442
Mute This Topic: https://lists.openembedded.org/mt/104012230/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic