Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

1.6.1+dfsg.3-2ubuntu1

Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:

  • Running at least the minimum OS version required by the Akraino Security Sub-Committee
    • Ubuntu
    • CentOS
    • Debian
    • Fedora
    • Suse Enterprise Server

Legend

Ubuntu Priority/Score Descriptions

Not VulnerablePackages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive.
PendingA fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package.
UnknownOpen vulnerability where the priority is currently unknown and needs to be triaged.
NegligibleOpen vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update.
LowOpen vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up.
MediumOpen vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.
HighOpen vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft.
CriticalOpen vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft.
CVE/KHV #BlueprintBlueprint OS/VerURL Showing OS Patch Not AvailableContact NameContact EmailCommentVendor CVSS ScoreVendor Patch AvailableException Status
CVE-2016-1585Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2016-1585Colin Peterscolin.peters@fujitsu.com
MediumNoApproved
CVE-2021-20236Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-20236colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-31870Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-31870colin.peters@fujitsu.com
LowNoApproved
CVE-2021-31872Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-31872colin.peters@fujitsu.com
LowNoApproved
CVE-2021-31873Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-31873colin.peters@fujitsu.com
LowNoApproved
CVE-2021-33574Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-33574colin.peters@fujitsu.com
LowNoApproved
CVE-2021-45951Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45951colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45952Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45952colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45953Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45953colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45954Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45954colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45955Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45955colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45956Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45956colin.peters@fujitsu.com
MediumNoApproved
CVE-2021-45957Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-45957colin.peters@fujitsu.com
MediumNoApproved
CVE-2022-23218Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2022-23218colin.peters@fujitsu.com
LowReported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.Approved
CVE-2022-23219Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2022-23219colin.peters@fujitsu.com
LowReported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.Approved
CVE-2016-9180Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2016-9180colin.peters@fujitsu.com
LowNoApproved
CVE-2021-35942Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2021-35942colin.peters@fujitsu.com

LowReported fixed in 2.31-0ubuntu9.7 (installed), but still reported by Vuls.Approved

CVE-2016-1585

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2016-1585

inoue.reo@fujitsu.com



MediumNoApproved

CVE-2017-18201

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2017-18201

inoue.reo@fujitsu.com



LowNoApproved

CVE-2017-7827

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2017-7827

inoue.reo@fujitsu.com


MediumNoApproved

CVE-2018-5090

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5090inoue.reo@fujitsu.com
Medium

Reported fixed in 58 and later version (installed), but still reported by Vuls

Approved

CVE-2018-5126

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5126inoue.reo@fujitsu.com
Medium

Reported fixed in 58 and later version (installed), but still reported by Vuls

Approved

CVE-2018-5145

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5145inoue.reo@fujitsu.com
Medium

Reported fixed in 1:52.7.0 and later version (installed), but still reported by Vuls

Approved

CVE-2018-5151

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5151inoue.reo@fujitsu.com
Medium

Reported fixed in 60 and later version (installed), but still reported by Vuls

Approved

CVE-2019-17041

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-17041inoue.reo@fujitsu.com
LowNoApproved

CVE-2019-17042

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-17042inoue.reo@fujitsu.com
LowNoApproved

CVE-2021-31870

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2021-31870inoue.reo@fujitsu.com
LowNoApproved

CVE-2021-31872

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2021-31872inoue.reo@fujitsu.com
LowNoApproved

CVE-2021-31873

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2021-31873inoue.reo@fujitsu.com
LowNoApproved

CVE-2021-39713

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2021-39713inoue.reo@fujitsu.com
LowNoApproved

CVE-2022-23852

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-23852inoue.reo@fujitsu.com
MediumNoApproved

CVE-2022-23990

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-23990inoue.reo@fujitsu.com
MediumNoApproved

CVE-2022-25235

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-25235inoue.reo@fujitsu.com
HighNoApproved

CVE-2022-25236

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-25236inoue.reo@fujitsu.com
HighNoApproved

CVE-2022-25315

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-25315inoue.reo@fujitsu.com
MediumNoApproved

CVE-2016-9180

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2016-9180inoue.reo@fujitsu.com
LowNoApproved

CVE-2019-20433

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-20433inoue.reo@fujitsu.com
LowNoApproved

CVE-2005-2541

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2005-2541inoue.reo@fujitsu.com
HighNoApproved

CVE-2014-2830

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2014-2830inoue.reo@fujitsu.com
HighNoApproved

CVE-2016-1585

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2016-1585inoue.reo@fujitsu.com
HighNoApproved

CVE-2017-17479

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2017-17479inoue.reo@fujitsu.com
HighNoApproved

CVE-2017-9117

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2017-9117inoue.reo@fujitsu.com
HighNoApproved

CVE-2018-13410

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2018-13410inoue.reo@fujitsu.com
HighNoApproved

CVE-2019-1010022

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2019-1010022inoue.reo@fujitsu.com
HighNoApproved

CVE-2019-8341

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2019-8341inoue.reo@fujitsu.com
HighNoApproved

CVE-2020-27619

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2020-27619inoue.reo@fujitsu.com
High
Approved

CVE-2021-29462

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-29462inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-29921

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-29921inoue.reo@fujitsu.com
HighReported fixed in python3.9 (installed), but still reported by VulsApproved

CVE-2021-30473

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-30473inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-30474

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-30474inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-30475

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-30475inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-30498

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-30498inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-30499

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-30499inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-42377

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-42377inoue.reo@fujitsu.com
MediumNoApproved

CVE-2021-45951

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45951inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-45952

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45952inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-45953

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45953inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-45954

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45954inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-45955

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45955inoue.reo@fujitsu.com
HighNoApproved

CVE-2021-45956

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-45956inoue.reo@fujitsu.com
HighNoApproved

CVE-2022-23303

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-23303inoue.reo@fujitsu.com
MediumNoApproved

CVE-2022-23304

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-23304inoue.reo@fujitsu.com
MediumNoApproved

CVE-2021-4048

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-4048inoue.reo@fujitsu.com
MediumNoApproved

CVE-2021-43400

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2021-43400inoue.reo@fujitsu.com
MediumNoApproved
CVE-2021-33574ICNUbuntu 20.04https://ubuntu.com/security/CVE-2021-33574Kuralamudhan Ramakrishnan (Deactivated)kuralamudhan.ramakrishnan@intel.com
LowNoApproved
CVE-2019-19814ICNUbuntu 20.04https://ubuntu.com/security/CVE-2019-19814kuralamudhan.ramakrishnan@intel.com
LowNoApproved

CVE-2021-35942

ICNUbuntu 20.04https://ubuntu.com/security/CVE-2021-35942kuralamudhan.ramakrishnan@intel.com

Vendor status is "Released" and ICN is using the referenced glibc version, however vuls is still reporting this.  lsb_release -a; dpkg -l libc6 output:

Distributor ID:	Ubuntu
Description:	Ubuntu 20.04.4 LTS
Release:	20.04
Codename:	focal
No LSB modules are available.
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version         Architecture Description
+++-==============-===============-============-=================================
ii  libc6:amd64    2.31-0ubuntu9.7 amd64        GNU C Library: Shared libraries
LowYesApproved
KHV044ELIOT - IOTGateway


khemendra.kumar@huawei.com

KHV044 - Privileged Container
Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.

Calico pod is running in privileged Mode. 


Exception Reason: Calico deployed by manifest file, can not be set to non privileged mode.

Here is a link regarding the Calico Privilege Mode issue.
Replace Kubernetes privileged=true with more precise permissions

It seems after long time they have make option to disable recently but only if calico deployed with Calic Operator.
And there is a doc about non-priviledged use of running Calico node for operator only.

In our ELIOT IOT Gateway BP, it is deployed by calico.yaml file.
and with manifest file, they don't support to disable it.

So due to Calico limitation, and our ustream project dependency on calico.yaml manifest file, we can not fix it.

IN future, we can ask the upstream EdgeGallery community to use calico operator for deployment and if they use operator, then it will be able to fix in our BPs,



Approved
KHV044EALTEdge - Enterprise application on 5G light weight telco edge


khemendra.kumar@huawei.com

KHV044 - Privileged Container
Minimize the use of privileged containers. Use Pod Security Policies to enforce using privileged: false policy.

Calico pod is running in privileged Mode. 


Exception Reason: Calico deployed by manifest file, can not be set to non privileged mode.

Here is a link regarding the Calico Privilege Mode issue.
Replace Kubernetes privileged=true with more precise permissions

It seems after long time they have make option to disable recently but only if calico deployed with Calic Operator.
And there is a doc about non-priviledged use of running Calico node for operator only.

In our EALTEdge BP, it is deployed by calico.yaml file.
and with manifest file, they don't support to disable it.

So due to Calico limitation, and our ustream project dependency on calico.yaml manifest file, we can not fix it.

IN future, we can ask the upstream EdgeGallery community to use calico operator for deployment and if they use operator, then it will be able to fix in our BPs,



Approved
CAP_NET_RAWEALTEdge - Enterprise application on 5G light weight telco edge


khemendra.kumar@huawei.com

CAP_NET_RAW Enabled
CAP_NET_RAW is used to open a raw socket and is used by ping. If this is not required CAP_NET_RAW MUST be removed.
https://www.suse.com/c/demystifying-containers-part-iv-container-security/


For this BP, execption is approved in last release. plz refer last release exeception list

Release 5 Blueprint Scanning Status



Approved
CVE-2017-12194IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint FamilyUbuntu 18.04https://ubuntu.com/security/cve-2017-12194Ysemird-sw@ysemi.cn
MediumNo
CVE-2018-12892IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint FamilyUbuntu 18.04https://ubuntu.com/security/cve-2018-12892rd-sw@ysemi.cn
MediumNoApproved
CVE-2019-17113IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint FamilyUbuntu 18.04https://ubuntu.com/security/cve-2019-17113Ysemird-sw@ysemi.cn
MediumNoApproved
CVE-2019-19948IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint FamilyUbuntu 18.04https://ubuntu.com/security/cve-2019-19948rd-sw@ysemi.cn
LowNo
CVE-2019-19949IEC Type 3: Android cloud native applications on Arm servers in edge for Integrated Edge Cloud (IEC) Blueprint FamilyUbuntu 18.04https://ubuntu.com/security/cve-2019-19949Ysemird-sw@ysemi.cn
LowNo


  • No labels