Akraino CVE Vulnerability Exception Request
1.6.1+dfsg.3-2ubuntu1
Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:
- Running at least the minimum OS version required by the Akraino Security Sub-Committee
- Ubuntu
- CentOS
- Debian
- Fedora
- Suse Enterprise Server
Legend
Ubuntu Priority/Score Descriptions
Not Vulnerable | Packages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive. |
Pending | A fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package. |
Unknown | Open vulnerability where the priority is currently unknown and needs to be triaged. |
Negligible | Open vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update. |
Low | Open vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up. |
Medium | Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges. |
High | Open vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft. |
Critical | Open vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft. |
CVE # | Blueprint | Blueprint OS/Ver | URL Showing OS Patch Not Available | Contact Name | Contact Email | Comment | Vendor CVSS Score | Vendor Patch Available | Exception Status |
---|---|---|---|---|---|---|---|---|---|
CVE-2016-1585 | KubeEdge Edge Service Blueprint | Ubuntu 20.04 | https://ubuntu.com/security/CVE-2016-1585 | yin.ding@futurewei.com | Medium | No | Approved | ||
CVE-2017-8283 | KubeEdge Edge Service Blueprint | Ubuntu 20.04 | https://ubuntu.com/security/CVE-2017-8283 | yin.ding@futurewei.com | Negligible | No | Approved | ||
CVE-2018-20839 | KubeEdge Edge Service Blueprint | Ubuntu 20.04 | https://ubuntu.com/security/CVE-2018-20839 | yin.ding@futurewei.com | Medium | No | Approved | ||
CVE-2019-19814 | KubeEdge Edge Service Blueprint | Ubuntu 20.04 | https://ubuntu.com/security/CVE-2019-19814 | yin.ding@futurewei.com | Low | No | Approved | ||
CVE-2013-1910 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2013-1910 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Medium | No | Approved | |
CVE-2016-1585 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-1585 | srinivasanselvam2014@gmail.com | Medium | No | Approved | ||
CVE-2016-5407 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-5407 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7944 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7944 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7947 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7947 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7948 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7948 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7949 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7949 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7950 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7950 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-7951 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-7951 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2016-8735 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-8735 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | Released (6.0.45+dfsg-1ubuntu0.1) Explanation: We are using same version of integrated OS package as mentioned as released by ubuntu for Package dfsg. But still issue thrown. It is not an issue from our side. This issue is with Vuls or Ubuntu. Proof: | Approved | |
CVE-2017-10684 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-10684 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-10685 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-10685 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-12424 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-12424 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-12562 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-12562 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-15088 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-15088 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Negligible | No | Approved | |
CVE-2017-18342 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-18342 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-7614 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-7614 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-8283 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-8283 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Negligible | No | Approved | |
CVE-2018-12699 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2018-12699 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2018-20839 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2018-20839 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Medium | No | Approved | |
CVE-2019-17041 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2019-17041 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2019-17042 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2019-17042 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2019-17571 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2019-17571 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Medium | No | Approved | |
CVE-2020-10683 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2020-10683 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Medium | Released (1.6.1+dfsg.3-2ubuntu1.1) Explanation: Proof: | Approved | |
CVE-2020-1938 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2020-1938 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2019-19814 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2019-19814 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2019-19816 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2019-19816 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | Approved | ||
CVE-2016-9584 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2016-9584 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | Package: libical For Ubuntu 16.04, status is Needed for Libical Package. Package not available for ubuntu 16.04 | Approved | |
CVE-2017-5209 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-5209 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Negligible | No | Approved | |
CVE-2017-5545 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-5545 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Negligible | No | Approved | |
CVE-2017-6969 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-6969 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-7226 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-7226 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2017-8872 | ELIOT IOTGateway | Ubuntu 16.04 | https://ubuntu.com/security/CVE-2017-8872 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low | No | Approved | |
CVE-2019-15505 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-15505 | srinivasanselvam2014@gmail.com | Moderate 8.0 | No | Approved | ||
CVE-2014-9939 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2014-9939 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low 1.2 | No | Approved | |
CVE-2017-12652 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2017-12652 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low 3.7 | There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2018-16428 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2018-16428 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low 5.1 | No There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS | Approved | |
CVE-2019-11068 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-11068 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Moderate 6.3 | There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-12450 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-12450 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Moderate 6.6 | There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-12900 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-12900 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Low 4.0 | No There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS | Approved | |
CVE-2019-9169 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-9169 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Moderate 6.5 | No (Will not fix) There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS | Approved | |
CVE-2018-20836 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2018-20836 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Moderate 7.0 | There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-2201 | ELIOT uCPE | CentOS 7.8 | https://access.redhat.com/security/cve/CVE-2019-2201 | Srinivasan Selvam | srinivasanselvam2014@gmail.com | Moderate 7.8 | No (Will not fix) There is no proper documents from CENTOS for unfixed vulnerabilities. We cannot compare/refer RHEL 7 docs with CENTOS 7.8 since, RHEL is completely different OS | Approved | |
CVE-2018-18439 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2018-18439 | srinivasanselvam2014@gmail.com | Negligible | Not vulnerable (2019.07+dfsg-1ubuntu4~18.04.1) Screenshot: | Approved | ||
CVE-2020-8432 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2020-8432 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2016-1585 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2016-1585 | srinivasanselvam2014@gmail.com | Medium | No | Approved | ||
CVE-2017-18342 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2017-18342 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2017-8283 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2017-8283 | srinivasanselvam2014@gmail.com | Negligible | 18.04 Not vulnerable 1.18..24ubuntu1 | Approved | ||
CVE-2018-11236 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2018-11236 | srinivasanselvam2014@gmail.com | Medium | glibc: Fix 2.27-3ubuntu1.2 Explanation: We are using same version of integrated OS package updated as mentioned as released by ubuntu for Package glibc. But still issue thrown. It is not an issue from our side. This issue is with Vuls or Ubuntu. Proof: | Approved | ||
CVE-2018-20839 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2018-20839 | srinivasanselvam2014@gmail.com | Medium | No | Approved | ||
CVE-2019-11059 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-11059 | srinivasanselvam2014@gmail.com | Low | 18.04 LTS: Not Vulnerable 2019.07+dfsg-1ubuntu4~18.04.1 Screenshots: | Approved | ||
CVE-2019-14192 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14192 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14193 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14193 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14194 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14194 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14195 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14195 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14196 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14196 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14198 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14198 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14199 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14199 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14200 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14200 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14201 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14201 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14202 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14202 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14203 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14203 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-14204 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14204 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-9169 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-9169 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-10220 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-10220 | srinivasanselvam2014@gmail.com | Medium | linux Minimum 4.15.0-88.88 Explanation: We are using the latest patch of linux kernel. Since we are using updated patch. Still issues thrown. This is an issue from Vuls / Ubuntu not from our side Screenshot: 4.15.0-118-generic installed | Approved | ||
CVE-2019-19814 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-19814 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2019-19816 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-19816 | srinivasanselvam2014@gmail.com | Low | linux 4.15.0-88.88 minimum required Explanation: We are using the latest patch of linux kernel. Eventhough we are using updated patch, Still issues thrown. This is an issue from Vuls / Ubuntu not from our side Screenshot: 4.15.0-118-generic installed | Approved | ||
CVE-2019-14197 | EALT-Edge | Ubuntu 18.04 | https://ubuntu.com/security/CVE-2019-14197 | srinivasanselvam2014@gmail.com | Low | No | Approved | ||
CVE-2017-12652 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-12652 | wuzifan0817@gmail.com | We need exception request for this CVE as it is not yet fixed for 7.X version | Low 3.7 | Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-11068 | The AI Edge: Federated ML application at the edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-11068 | wuzifan0817@gmail.com | We need exception request for this CVE as it is not yet fixed for 7.X version | Low 6.3 | Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-12450 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12450 | wuzifan0817@gmail.com | We need exception request for this CVE as it is not yet fixed for 7.X version | Moderate 6.6 | Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-12900 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12900 | wuzifan0817@gmail.com | We need exception request for this CVE as it is not yet fixed for 7.X version | LOW 4.0 | No | Approved | |
CVE-2018-20836 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-20836 | wuzifan0817@gmail.com | We need exception request for this CVE as it is not yet fixed for 7.X version | Moderate 7.0 | Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 | Approved | |
CVE-2019-8506 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-8506 | wuzifan0817@gmail.com | This is a bug for the host machine, not for the runtime environment for the Blueprint. | Moderate 6.3 | webkitgtk4 - Fixed in RHEL 7 But not in CentOS 7.8 as of 9/29/2020 webkitgtk3 - Will not fix | Approved | |
CVE-2019-8535 | The AI Edge: Federated ML application at edge | Centos7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-8535 | wuzifan0817@gmail.com |