Merge branch 'develop' into patch-1

SOFTWARE-LIST.md

@@ -125,6 +125,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Aptible | Aptible | ElasticSearch 5.x |  | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Aqua Security |  |  |  | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Arbiter Systems | All |  |  | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
+| ARC Informatique | All |  |  | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
 | Arca Noae |  |  |  | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Arcserve | Arcserve Backup |  |  | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) |  | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
 | Arcserve | Arcserve Continuous Availability |  |  | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) |  | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 |
@@ -1307,6 +1308,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Google Cloud | Virtual Private Cloud |  |  | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 |
 | Google Cloud | Web Security Scanner |  |  | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
 | Google Cloud | Workflows |  |  | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 |
+| Google | Chrome |  |  | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 |
 | Gradle | Gradle |  |  | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gradle | Gradle Enterprise | < 2021.3.6 |  | Affected | [link](https://security.gradle.com/advisory/2021-11) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Gradle | Gradle Enterprise Build Cache Node | < 10.1 |  | Affected | [link](https://security.gradle.com/advisory/2021-11) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
@@ -2119,6 +2121,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | OpenNMS |  |  |  | Unknown | [link](https://www.opennms.com/en/blog/2021-12-10-opennms-products-affected-by-apache-log4j-vulnerability-cve-2021-44228/) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | OpenSearch |  |  |  | Unknown | [link](https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | OpenText |  |  |  | Unknown | [link](https://www.opentext.com/support/log4j-remote-code-execution-advisory) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 |
+| Opto 22 | GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
+| Opto 22 | GROOV-AT1, GROOV-AT1-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
+| Opto 22 | GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP | < 4.3g | 4.3g | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
+| Opto 22 | GRV-EPIC-PR1, GRV-EPIC-PR2 | < 3.3.2 | 3.3.2 | Fixed | [link](https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit) | The Log4j vulnerability affects all products running groov View software |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 |
 | Oracle |  |  |  | Unknown | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | The support document is available to customers only and has not been reviewed by CISA |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
 | Oracle | Enterprise Manager | 13.5, 13.4 & 13.3.2 |  | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |
 | Oracle | Exadata | <21.3.4 |  | Affected | [link](https://www.oracle.com/security-alerts/alert-cve-2021-44228.html) | Patch status and other security guidance is restricted to Oracle account/support members. The support document is available to customers only and has not been reviewed by CISA. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 |

data/cisagov.yml

@@ -3104,6 +3104,35 @@ software:
     references:
       - ''
     last_updated: '2021-12-22T00:00:00'
+  - vendor: ARC Informatique
+    product: All
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
   - vendor: Arca Noae
     product: ''
     cves:
@@ -38164,6 +38193,36 @@ software:
     references:
       - ''
     last_updated: '2021-12-21T00:00:00'
+  - vendor: Google
+    product: Chrome
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
+    notes: Chrome Browser releases, infrastructure and admin console are not using
+      versions of Log4j affected by the vulnerability.
+    references:
+      - ''
+    last_updated: '2022-01-14'
   - vendor: Gradle
     product: Gradle
     cves:
@@ -61941,6 +62000,130 @@ software:
     references:
       - ''
     last_updated: '2021-12-23T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-AT1, GROOV-AT1-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GRV-EPIC-PR1, GRV-EPIC-PR2
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 3.3.2
+        fixed_versions:
+          - 3.3.2
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
   - vendor: Oracle
     product: ''
     cves:

data/cisagov_A.yml

@@ -2958,6 +2958,35 @@ software:
     references:
       - ''
     last_updated: '2021-12-22T00:00:00'
+  - vendor: ARC Informatique
+    product: All
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1
+    notes: ''
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
   - vendor: Arca Noae
     product: ''
     cves:

data/cisagov_G.yml

@@ -654,6 +654,35 @@ software:
     references:
       - ''
     last_updated: '2022-01-12T07:18:52+00:00'
+  - vendor: Google
+    product: Chrome
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: true
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html
+    notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability.
+    references:
+      - ''
+    last_updated: '2022-01-14'
   - vendor: Google Cloud
     product: AI Platform Data Labeling
     cves:

data/cisagov_O.yml

@@ -586,6 +586,130 @@ software:
     references:
       - ''
     last_updated: '2021-12-23T00:00:00'
+  - vendor: Opto 22
+    product: GRV-EPIC-PR1, GRV-EPIC-PR2
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 3.3.2
+        fixed_versions:
+          - 3.3.2
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-AT1, GROOV-AT1-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
+  - vendor: Opto 22
+    product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP
+    cves:
+      cve-2021-4104:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-44228:
+        investigated: true
+        affected_versions:
+          - < 4.3g
+        fixed_versions:
+          - 4.3g
+        unaffected_versions: []
+      cve-2021-45046:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+      cve-2021-45105:
+        investigated: false
+        affected_versions: []
+        fixed_versions: []
+        unaffected_versions: []
+    vendor_links:
+      - https://blog.opto22.com/optoblog/new-update-to-address-log4shell/log4j-exploit
+    notes: The Log4j vulnerability affects all products running groov View software
+    references:
+      - ''
+    last_updated: '2022-01-13T00:00:00'
   - vendor: Oracle
     product: ''
     cves: