diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-19 16:42:03 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-19 16:42:03 +0100 |
commit | dde7e90f3c21c362b78880af91bb769754b57717 (patch) | |
tree | 4245924c5a53f6808cdf1e8336bd2b33079dd350 | |
parent | 3d109ceff17dedf4174f458924f918d45ed39666 (diff) |
new apache-log4j1.2 issues
-rw-r--r-- | data/CVE/list | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/list b/data/CVE/list index 4be12ee2e9..4d5006bf51 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -467,11 +467,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem CVE-2022-0265 RESERVED CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5 CVE-2022-23306 RESERVED CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) NOT-FOR-US: pimcore CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) @@ -530,7 +532,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-0243 RESERVED CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3 CVE-2022-22142 RESERVED CVE-2022-21805 |