Re: [OE-core] OE-core CVE metrics for kirkstone on Sun 22 May 2022 03:30:01 AM HST

Mon, 23 May 2022 08:52:16 -0700 

On Sun, May 22, 2022 at 3:32 AM Steve Sakoman via
lists.openembedded.org <[email protected]>
wrote:
>
> Branch: kirkstone
>
> New this week: 7 CVEs
> CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
> CVE-2021-3750 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3750 *
> CVE-2022-1621 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1621 *
> CVE-2022-1622 (CVSS3: 5.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1622 *
> CVE-2022-1623 (CVSS3: 5.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1623 *
> CVE-2022-1629 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1629 *
> CVE-2022-29824 (CVSS3: 6.5 MEDIUM): libxslt:libxslt-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29824 *
>
> Removed this week: 11 CVEs
> CVE-2021-4206 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4206 *
> CVE-2021-4207 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4207 *
> CVE-2022-1381 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1381 *
> CVE-2022-1420 (CVSS3: 5.5 MEDIUM): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1420 *
> CVE-2022-27404 (CVSS3: 9.8 CRITICAL): freetype:freetype-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27404 *
> CVE-2022-27405 (CVSS3: 7.5 HIGH): freetype:freetype-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27405 *
> CVE-2022-27406 (CVSS3: 7.5 HIGH): freetype:freetype-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27406 *
> CVE-2022-29536 (CVSS3: 7.5 HIGH): epiphany 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29536 *
> CVE-2022-29824 (CVSS3: 6.5 MEDIUM): 
> libxml2:libxml2-native:libxslt:libxslt-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29824 *
> CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30293 *
> CVE-2022-30294 (CVSS3: 9.8 CRITICAL): webkitgtk 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30294 *
>
> Full list:  Found 16 unpatched CVEs
> CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
> CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
> CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
> CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 *
> CVE-2021-3750 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3750 *
> CVE-2022-0529 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
> CVE-2022-0530 (CVSS3: 5.5 MEDIUM): unzip:unzip-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
> CVE-2022-1210 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1210 *
> CVE-2022-1621 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1621 *
> CVE-2022-1622 (CVSS3: 5.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1622 *
> CVE-2022-1623 (CVSS3: 5.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1623 *
> CVE-2022-1629 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1629 *
> CVE-2022-24675 (CVSS3: 7.5 HIGH): go 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24675 *
> CVE-2022-28327 (CVSS3: 7.5 HIGH): go 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28327 *

I'm working on the above go CVEs

Steve

> CVE-2022-29458 (CVSS3: 7.1 HIGH): ncurses:ncurses-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29458 *
> CVE-2022-29824 (CVSS3: 6.5 MEDIUM): libxslt:libxslt-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29824 *
>
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166038): 
https://lists.openembedded.org/g/openembedded-core/message/166038
Mute This Topic: https://lists.openembedded.org/mt/91268527/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to