* Re: [OE-core] OE-core CVE metrics for master on Sun 10 Apr 2022 02:00:01 AM HST
[not found] <16E4875446E67B89.16763@lists.openembedded.org>
@ 2022-04-10 13:13 ` Steve Sakoman
0 siblings, 0 replies; only message in thread
From: Steve Sakoman @ 2022-04-10 13:13 UTC (permalink / raw)
To: Steve Sakoman
Cc: Patches and discussions about the oe-core layer, yocto-security
[-- Attachment #1: Type: text/plain, Size: 2960 bytes --]
On Sun, Apr 10, 2022, 2:02 AM Steve Sakoman via lists.openembedded.org
<steve=sakoman.com@lists.openembedded.org> wrote:
> Branch: master
>
> New this week: 4 CVEs
> CVE-2019-1010238 (CVSS3: 9.8 CRITICAL): pango:pango-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010238 *
>
This seems to be an error in the database due to a recent update for this
CVE entry. I requested a fix on Friday so hopefully this will disappear
next week.
Steve
CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 *
> CVE-2022-1056 (CVSS3: 5.5 MEDIUM): tiff
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1056 *
> CVE-2022-26280 (CVSS3: 9.1 CRITICAL): libarchive:libarchive-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26280 *
>
> Removed this week: 1 CVEs
> CVE-2022-0943 (CVSS3: 7.8 HIGH): vim
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0943 *
>
> Full list: Found 12 unpatched CVEs
> CVE-2019-1010238 (CVSS3: 9.8 CRITICAL): pango:pango-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010238 *
> CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
> CVE-2020-18974 (CVSS3: 3.3 LOW): nasm:nasm-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
> CVE-2021-20255 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
> CVE-2021-44647 (CVSS3: 5.5 MEDIUM): lua:lua-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44647 *
> CVE-2022-0529 (CVSS3: 7.8 HIGH): unzip:unzip-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
> CVE-2022-0530 (CVSS3: 7.8 HIGH): unzip:unzip-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
> CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 *
> CVE-2022-1056 (CVSS3: 5.5 MEDIUM): tiff
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1056 *
> CVE-2022-24975 (CVSS3: 7.5 HIGH): git
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24975 *
> CVE-2022-26280 (CVSS3: 9.1 CRITICAL): libarchive:libarchive-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26280 *
> CVE-2022-27191 (CVSS3: 7.5 HIGH): go
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27191 *
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#164197):
> https://lists.openembedded.org/g/openembedded-core/message/164197
> Mute This Topic: https://lists.openembedded.org/mt/90372797/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>
[-- Attachment #2: Type: text/html, Size: 6247 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-04-11 17:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <16E4875446E67B89.16763@lists.openembedded.org>
2022-04-10 13:13 ` [OE-core] OE-core CVE metrics for master on Sun 10 Apr 2022 02:00:01 AM HST Steve Sakoman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.