Release 5: Akraino CVE Vulnerability Exception Request

1.6.1+dfsg.3-2ubuntu1

Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:

Running at least the minimum OS version required by the Akraino Security Sub-Committee
- Ubuntu
- CentOS
- Debian
- Fedora
- Suse Enterprise Server

Legend

Ubuntu Priority/Score Descriptions

Not Vulnerable	Packages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive.
Pending	A fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package.
Unknown	Open vulnerability where the priority is currently unknown and needs to be triaged.
Negligible	Open vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update.
Low	Open vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up.
Medium	Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.
High	Open vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft.
Critical	Open vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft.

CVE #	Blueprint	Blueprint OS/Ver	URL Showing OS Patch Not Available	Contact Name	Contact Email	Vendor CVSS Score	Vendor Patch Available	Exception Status
CVE-2016-1585	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2017-18342	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2017-8283	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Negligible	No	Approved
CVE-2018-20839	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2019-17041	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-17042	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-19814	EALT-Edge	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2016-1585	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2017-18342	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2017-8283	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Negligible	No	Approved
CVE-2018-20839	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2019-17041	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-17042	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-19814	ELIOT IOT Gateway	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2016-1585	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2017-18342	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2017-8283	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Negligible	No	Approved
CVE-2018-20839	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Medium	No	Approved
CVE-2019-17041	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-17042	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2019-19814	ELIOT SD-WAN/WAN Edge/uCPE	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	Srinivasan Selvam	srinivasanselvam2014@gmail.com	Low	No	Approved
CVE-2016-1585	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Medium	No	Approved
CVE-2017-18342	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Low	No	Approved
CVE-2017-8283	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Negligible	18.04 Not vulnerable 1.18..24ubuntu1	Approved
CVE-2018-20839	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Medium	No	Approved
CVE-2019-19814	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Low	No	Approved
CVE-2019-17041	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Low	No	Approved
CVE-2019-17042	ICN	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	@Kuralamdhan Ramakrishnan	kuralamudhan.ramakrishnan@intel.com	Low	No	Approved
CVE-2016-1585	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Oleg Berzin	oberzin@equinix.com	Medium	No	Approved
CVE-2017-18342	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	Oleg Berzin	oberzin@equinix.com	Low	No	Approved
CVE-2017-8283	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	Oleg Berzin	oberzin@equinix.com	Negligible	No	Approved
CVE-2018-20839	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	Oleg Berzin	oberzin@equinix.com	Medium	No	Approved
CVE-2019-17041	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Oleg Berzin	oberzin@equinix.com	Low	No	Approved
CVE-2019-17042	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Oleg Berzin	oberzin@equinix.com	Low	No	Approved
CVE-2019-19814	Public Cloud Edge Interface (PCEI)	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	Oleg Berzin	oberzin@equinix.com	Low	No	Approved
CVE-2016-1585	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2016-1585	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Medium	No	Approved
CVE-2017-18342	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-18342	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Low	No	Approved
CVE-2017-8283	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2017-8283	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Negligible	No	Approved
CVE-2018-20839	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2018-20839	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Medium	No	Approved
CVE-2019-17041	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17041	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Low	No	Approved
CVE-2019-17042	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-17042	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Low	No	Approved
CVE-2019-19814	ICN - Multi-Tenant Secure Cloud Native Platform	Ubuntu 18.04	https://ubuntu.com/security/CVE-2019-19814	Salvador Fuentes (Deactivated)	salvador.fuentes@intel.com	Low	No	Approved
CVE-2019-12900	The AI Edge: Federated ML application at edge	CentOS 7.9	https://access.redhat.com/security/cve/cve-2019-12900	rolandwu	wuzifan0817@gmail.com	Low	No	Approved
CVE-2017-12652	AI Edge: School/Education Video Security	CentOS 7.9	https://access.redhat.com/security/cve/cve-2017-12652	Yu, Liya	yulia@baidu.com	Low	Yes, however, patch has been installed (see below) however, vuls still reporting CVE.	Approved
CVE-2019-5482	AI Edge: School/Education Video Security	CentOS 7.9	https://access.redhat.com/security/cve/cve-2019-5482	Yu, Liya	yulia@baidu.com	Medium	Yes, however, patch has been installed (see below) however, vuls still reporting CVE.	Approved
CVE-2016-1585	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2016-1585	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-20236	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-20236	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-31870	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-31870	Colin Peters	colin.peters@fujitsu.com	Low	No
CVE-2021-31872	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-31872	Colin Peters	colin.peters@fujitsu.com	Low	No
CVE-2021-31873	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-31873	Colin Peters	colin.peters@fujitsu.com	Low	No
CVE-2021-33574	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-33574	Colin Peters	colin.peters@fujitsu.com	Low	No
CVE-2021-45951	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45951	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45952	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45952	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45953	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45953	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45954	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45954	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45955	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45955	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45956	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45956	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2021-45957	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-45957	Colin Peters	colin.peters@fujitsu.com	Medium	No
CVE-2022-23218	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-23218	Colin Peters	colin.peters@fujitsu.com	Low	Reported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.
CVE-2022-23219	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2022-23219	Colin Peters	colin.peters@fujitsu.com	Low	Reported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.
CVE-2016-9180	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2016-9180	Colin Peters	colin.peters@fujitsu.com	Low	No
CVE-2021-35942	Smart Data Transaction for CPS	Ubuntu 20.04	https://ubuntu.com/security/CVE-2021-35942	Colin Peters	colin.peters@fujitsu.com	Low	Reported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.
CVE-2016-1585	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)		inoue	inoue.reo@fujitsu.com
CVE-2017-18201	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2017-7827	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2018-5090	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2018-5126	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2018-5145	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2018-5151	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2019-17041	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2019-17042	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2021-31870	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2021-31872	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2021-31873	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2021-39713	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-22822	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-22823	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-22824	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-23852	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-23990	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-25235	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-25236	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2022-25315	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2016-9180	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com
CVE-2019-20433	Robot basic architecture based on SSES	Raspberry Pi OS(Debian 11)			inoue.reo@fujitsu.com

CVE-2005-2541	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2014-2830	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2016-1585	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2017-17479	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2017-9117	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2018-13410	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2019-1010022	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2019-8341	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2020-27619	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-29462	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-29921	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-30473	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-30474	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-30475	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-30498	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-30499	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-3756	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-42377	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45951	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45952	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45953	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45954	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45955	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-45956	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2022-23303	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2022-23304	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-4048	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com
CVE-2021-43400	Robot basic architecture based on SSES	Ubuntu 18.04			inoue.reo@fujitsu.com