new apache-log4j1.2 issues

author: Moritz Muehlenhoff <jmm@debian.org> 2022-01-19 16:42:03 +0100
committer: Moritz Muehlenhoff <jmm@debian.org> 2022-01-19 16:42:03 +0100
commit: 49cfb7cea516b65fd12040d383f14b62e603ab6b (patch)
tree: ab85a4d5b0e0e949562af8cc3b385bd4940f43d0 /data
parent: 023a4360e5d0041c66352884d5a70037c2611a4a (diff)
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/list.2022 b/data/CVE/list.2022
index a56070a070..269b663146 100644
--- a/data/CVE/list.2022
+++ b/data/CVE/list.2022
@@ -277,11 +277,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
 CVE-2022-0265
 	RESERVED
 CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
 CVE-2022-23306
 	RESERVED
 CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
 CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
 	NOT-FOR-US: pimcore
 CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
@@ -340,7 +342,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2022-0243
 	RESERVED
 CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization  ...)
-	TODO: check
+	- apache-log4j1.2 <unfixed>
+	NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
 CVE-2022-22142
 	RESERVED
 CVE-2022-21805
author	Moritz Muehlenhoff <jmm@debian.org>	2022-01-19 16:42:03 +0100
committer	Moritz Muehlenhoff <jmm@debian.org>	2022-01-19 16:42:03 +0100
commit	49cfb7cea516b65fd12040d383f14b62e603ab6b (patch)
tree	ab85a4d5b0e0e949562af8cc3b385bd4940f43d0 /data
parent	023a4360e5d0041c66352884d5a70037c2611a4a (diff)