Re: [OE-core] [yocto-security] OE-core CVE metrics for hardknott on Sun 08 May 2022 03:00:01 AM HST

Sun, 08 May 2022 07:50:40 -0700 

On Sun, May 8, 2022 at 4:35 AM Mittal, Anuj <[email protected]> wrote:
>
> Should we stop tracking numbers for hardknott since it's no longer
> maintained?

Yes, this will be the last one.

Steve

> On Sun, 2022-05-08 at 03:05 -1000, Steve Sakoman wrote:
> > Branch: hardknott
> >
> > New this week: 5 CVEs
> > CVE-2022-0908 (CVSS3: 5.5 MEDIUM): tiff
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0908 *
> > CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 *
> > CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 *
> > CVE-2022-27406 (CVSS3: 7.5 HIGH): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27406 *
> > CVE-2022-29536 (CVSS3: 7.5 HIGH): epiphany
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29536 *
> >
> > Removed this week: 0 CVEs
> >
> > Full list:  Found 68 unpatched CVEs
> > CVE-2013-0340 (CVSS3: N/A): expat:expat-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0340 *
> > CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 *
> > CVE-2016-20012 (CVSS3: 5.3 MEDIUM): openssh
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-20012 *
> > CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
> > CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
> > CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
> > CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
> > CVE-2021-25220 (CVSS3: 8.6 HIGH): bind
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25220 *
> > CVE-2021-27645 (CVSS3: 2.5 LOW): glibc
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27645 *
> > CVE-2021-28544 (CVSS3: 4.3 MEDIUM): subversion
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28544 *
> > CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
> > CVE-2021-33574 (CVSS3: 9.8 CRITICAL): glibc
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33574 *
> > CVE-2021-33657 (CVSS3: 8.8 HIGH): libsdl2:libsdl2-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33657 *
> > CVE-2021-33833 (CVSS3: 9.8 CRITICAL): connman
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33833 *
> > CVE-2021-33928 (CVSS3: 7.5 HIGH): libsolv
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33928 *
> > CVE-2021-33929 (CVSS3: 7.5 HIGH): libsolv
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33929 *
> > CVE-2021-33930 (CVSS3: 7.5 HIGH): libsolv
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33930 *
> > CVE-2021-33938 (CVSS3: 7.5 HIGH): libsolv
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33938 *
> > CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
> > CVE-2021-3507 (CVSS3: 6.1 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *
> > CVE-2021-36368 (CVSS3: 3.7 LOW): openssh
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36368 *
> > CVE-2021-3638 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3638 *
> > CVE-2021-38604 (CVSS3: 7.5 HIGH): glibc
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38604 *
> > CVE-2021-3947 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-
> > native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
> > CVE-2021-42376 (CVSS3: 5.5 MEDIUM): busybox
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42376 *
> > CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
> > CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
> > CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
> > CVE-2021-45944 (CVSS3: 5.5 MEDIUM): ghostscript:ghostscript-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45944 *
> > CVE-2021-46705 (CVSS3: 5.5 MEDIUM): grub:grub-efi:grub-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46705 *
> > CVE-2022-0204 (CVSS3: 8.8 HIGH): bluez5
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0204 *
> > CVE-2022-0396 (CVSS3: 5.3 MEDIUM): bind
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0396 *
> > CVE-2022-0529 (CVSS3: 5.5 MEDIUM): unzip:unzip-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
> > CVE-2022-0530 (CVSS3: 5.5 MEDIUM): unzip:unzip-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
> > CVE-2022-0561 (CVSS3: 5.5 MEDIUM): tiff
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0561 *
> > CVE-2022-0562 (CVSS3: 5.5 MEDIUM): tiff
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0562 *
> > CVE-2022-0563 (CVSS3: 5.5 MEDIUM): util-linux:util-linux-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0563 *
> > CVE-2022-0891 (CVSS3: 7.1 HIGH): tiff
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0891 *
> > CVE-2022-0908 (CVSS3: 5.5 MEDIUM): tiff
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0908 *
> > CVE-2022-0943 (CVSS3: 7.8 HIGH): vim
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0943 *
> > CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 *
> > CVE-2022-1154 (CVSS3: 9.8 CRITICAL): vim
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1154 *
> > CVE-2022-1160 (CVSS3: 7.8 HIGH): vim
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1160 *
> > CVE-2022-1381 (CVSS3: 7.8 HIGH): vim
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1381 *
> > CVE-2022-1420 (CVSS3: 5.5 MEDIUM): vim
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1420 *
> > CVE-2022-23096 (CVSS3: 9.1 CRITICAL): connman
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23096 *
> > CVE-2022-23097 (CVSS3: 9.1 CRITICAL): connman
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23097 *
> > CVE-2022-23098 (CVSS3: 7.5 HIGH): connman
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23098 *
> > CVE-2022-23218 (CVSS3: 9.8 CRITICAL): glibc
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23218 *
> > CVE-2022-23219 (CVSS3: 9.8 CRITICAL): glibc
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23219 *
> > CVE-2022-23303 (CVSS3: 9.8 CRITICAL): wpa-supplicant
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23303 *
> > CVE-2022-23304 (CVSS3: 9.8 CRITICAL): wpa-supplicant
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23304 *
> > CVE-2022-24070 (CVSS3: 7.5 HIGH): subversion
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24070 *
> > CVE-2022-24675 (CVSS3: 7.5 HIGH): go
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24675 *
> > CVE-2022-24765 (CVSS3: 7.8 HIGH): git
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 *
> > CVE-2022-24975 (CVSS3: 7.5 HIGH): git
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24975 *
> > CVE-2022-25313 (CVSS3: 6.5 MEDIUM): expat:expat-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25313 *
> > CVE-2022-25314 (CVSS3: 7.5 HIGH): expat:expat-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25314 *
> > CVE-2022-25315 (CVSS3: 9.8 CRITICAL): expat:expat-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25315 *
> > CVE-2022-26354 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26354 *
> > CVE-2022-26488 (CVSS3: 7.0 HIGH): python3:python3-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26488 *
> > CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 *
> > CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 *
> > CVE-2022-27406 (CVSS3: 7.5 HIGH): freetype:freetype-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27406 *
> > CVE-2022-28327 (CVSS3: 7.5 HIGH): go
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28327 *
> > CVE-2022-28391 (CVSS3: 9.8 CRITICAL): busybox
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28391 *
> > CVE-2022-29458 (CVSS3: 7.1 HIGH): ncurses:ncurses-native
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29458 *
> > CVE-2022-29536 (CVSS3: 7.5 HIGH): epiphany
> > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29536 *
> >
> >
> > 
> >
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#165379): 
https://lists.openembedded.org/g/openembedded-core/message/165379
Mute This Topic: https://lists.openembedded.org/mt/90971077/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to