diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-19 16:42:03 +0100 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2022-01-19 16:42:03 +0100 |
commit | 49cfb7cea516b65fd12040d383f14b62e603ab6b (patch) | |
tree | ab85a4d5b0e0e949562af8cc3b385bd4940f43d0 /data | |
parent | 023a4360e5d0041c66352884d5a70037c2611a4a (diff) |
new apache-log4j1.2 issues
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/list.2022 | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022 index a56070a070..269b663146 100644 --- a/data/CVE/list.2022 +++ b/data/CVE/list.2022 @@ -277,11 +277,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem CVE-2022-0265 RESERVED CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5 CVE-2022-23306 RESERVED CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...) NOT-FOR-US: pimcore CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...) @@ -340,7 +342,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio CVE-2022-0243 RESERVED CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...) - TODO: check + - apache-log4j1.2 <unfixed> + NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3 CVE-2022-22142 RESERVED CVE-2022-21805 |