Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:

  • Running at least the minimum OS version required by the Akraino Security Sub-Committee
    • Ubuntu
    • CentOS
    • Debian
    • Fedora
    • Suse Enterprise Server

Legend

Priority/Score Descriptions

Not VulnerablePackages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive.
PendingA fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package.
UnknownOpen vulnerability where the priority is currently unknown and needs to be triaged.
NegligibleOpen vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update.
LowOpen vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up.
MediumOpen vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges.
HighOpen vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft.
CriticalOpen vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft.
CVE/KHV #BlueprintBlueprint OS/VerURL Showing OS Patch Not AvailableContact NameContact EmailCommentVendor CVSS ScoreVendor Patch AvailableException Status

CVE-2016-1585

Robot basic architecture based on SSES

Raspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2016-1585inoue.reo@fujitsu.com

NoApproved

CVE-2017-18201

Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2017-17479inoue.reo@fujitsu.com

NoApproved
CVE-2019-17041 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2019-17041inoueinoue.reo@fujitsu.com

Please add to the "Vendor Patch Available" column output from the following commands:

lsb_release -a
dpkg -l | grep <package name associated with CVE>


I installed a later version of the software than the version that has been fixed for CVE.


$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

$ dpkg -l |grep rsyslog
ii  rsyslog                              8.2102.0-2+deb11u1               arm64        reliable system and kernel logging daemon

Pending
CVE-2019-17042 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2019-17042inoueinoue.reo@fujitsu.com

Please add to the "Vendor Patch Available" column output from the following commands:

lsb_release -a
dpkg -l | grep <package name associated with CVE>


I installed a later version of the software than the version that has been fixed for CVE.


$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 11 (bullseye)
Release:        11
Codename:       bullseye

$ dpkg -l |grep rsyslog
ii  rsyslog                              8.2102.0-2+deb11u1               arm64        reliable system and kernel logging daemon

Pending
CVE-2022-3649 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-3649inoueinoue.reo@fujitsu.com

NoApproved
CVE-2019-20433 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2019-20433inoueinoue.reo@fujitsu.com

NoApproved
CVE-2022-24303 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-24303inoueinoue.reo@fujitsu.com

NoApproved
CVE-2022-39319 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-39319inoue.reo@fujitsu.com

No
CVE-2022-41877 Robot basic architecture based on SSESRaspberry Pi OS(Debian 11)https://security-tracker.debian.org/tracker/CVE-2022-41877inoueinoue.reo@fujitsu.com

NoApproved

CVE-2016-1585

Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2016-1585inoue.reo@fujitsu.com
MediumNoApproved
CVE-2017-18201Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2017-18201inoue.reo@fujitsu.com
LowNoApproved
CVE-2017-7827Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2017-7827inoue.reo@fujitsu.com
MediumNoApproved
CVE-2018-5090Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5090inoue.reo@fujitsu.com
MediumNoApproved
CVE-2018-5126Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5126inoue.reo@fujitsu.com
MediumNoApproved
CVE-2018-5145Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5145inoue.reo@fujitsu.com
MediumNoApproved
CVE-2018-5151Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2018-5151inoue.reo@fujitsu.com
MediumNoApproved
CVE-2019-17041Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-17041inoue.reo@fujitsu.com
LowNoApproved
CVE-2019-17042Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-17042inoue.reo@fujitsu.com
LowNoApproved
CVE-2022-0318Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-0318inoue.reo@fujitsu.com
MediumNoApproved
CVE-2022-3649Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-3649inoue.reo@fujitsu.com
MediumNoApproved
CVE-2022-3890Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-3890inoue.reo@fujitsu.com
MediumNoApproved
CVE-2022-4135Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-4135inoue.reo@fujitsu.com
MediumNoApproved
CVE-2016-9180Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2016-9180inoue.reo@fujitsu.com
LowNoApproved
CVE-2019-20433Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2019-20433inoue.reo@fujitsu.com
LowNoApproved
CVE-2022-24303Robot basic architecture based on SSESUbuntu 18.04https://ubuntu.com/security/CVE-2022-24303inoue.reo@fujitsu.com
LowNoApproved
CVE-2016-1585Robot basic architecture based on SSESUbuntu 22.04https://ubuntu.com/security/CVE-2016-1585inoue.reo@fujitsu.com
MediumNoApproved
CVE-2022-3649Robot basic architecture based on SSESUbuntu 22.04https://ubuntu.com/security/CVE-2022-3649inoue.reo@fujitsu.com
MediumNoApproved
CVE-2016-1585Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2016-1585colin.peters@fujitsu.com
MediumNo
CVE-2022-0318Smart Data Transaction for CPSUbuntu 20.04https://ubuntu.com/security/CVE-2022-0318colin.peters@fujitsu.com
MediumNo


  • No labels