summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMoritz Muehlenhoff <jmm@debian.org>2022-01-19 16:42:03 +0100
committerMoritz Muehlenhoff <jmm@debian.org>2022-01-19 16:42:03 +0100
commit516d40d264daac53fb8e42b2882bfa4c7de1c843 (patch)
treee0bd20f0822e283c7e543232320cc33c61ccb802
parentf1d8add0fb013701e34b7240b2691e2d7a315ea2 (diff)
new apache-log4j1.2 issues
-rw-r--r--data/CVE/2022.list9
1 files changed, 6 insertions, 3 deletions
diff --git a/data/CVE/2022.list b/data/CVE/2022.list
index a56070a070..269b663146 100644
--- a/data/CVE/2022.list
+++ b/data/CVE/2022.list
@@ -277,11 +277,13 @@ CVE-2022-0266 (Authorization Bypass Through User-Controlled Key in Packagist rem
CVE-2022-0265
RESERVED
CVE-2022-23307 (CVE-2020-9493 identified a deserialization issue that was present in A ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/5
CVE-2022-23306
RESERVED
CVE-2022-23305 (By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/4
CVE-2022-0263 (Unrestricted Upload of File with Dangerous Type in Packagist pimcore/p ...)
NOT-FOR-US: pimcore
CVE-2022-0262 (Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior ...)
@@ -340,7 +342,8 @@ CVE-2022-0244 (An issue has been discovered in GitLab CE/EE affecting all versio
CVE-2022-0243
RESERVED
CVE-2022-23302 (JMSSink in all versions of Log4j 1.x is vulnerable to deserialization ...)
- TODO: check
+ - apache-log4j1.2 <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2022/01/18/3
CVE-2022-22142
RESERVED
CVE-2022-21805

© 2014-2024 Faster IT GmbH | imprint | privacy policy