Not visible anything on their site yet:

C:\Program Files (x86)\APC\PowerChute Business Edition\agent\lib>dir | findstr log4j

10-12-2020 18:42 264,058 log4j-api-2.11.1.jar 10-12-2020 18:42 1,607,936 log4j-core-2.11.1.jar 10-12-2020 18:42 23,242 log4j-slf4j-impl-2.11.1.jar

PowerChute Business Edition - 10.0.2.301

ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.

[2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]

[2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]

Add product statement for family of Waters informatics solutions

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• [x ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
• [x ] Status: please select a value from the status table at the top
• [ x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• [x ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• [x ] Please mind the sorting

Dell EMC heeft versie 5.1.2.0.5.007 voor de Dell EMC Unity uitgebracht. "This release addresses the Apache Log4j issue", maar aangezien er (nog) geen release notes beschikbaar zijn weet ik niet welke van de CVE's wel of niet verholpen zijn.

Updated Fedex Ship Manager to 3509, adding notes about pending 3510 update 1/24.

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• [ ] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
• [ ] Status: please select a value from the status table at the top
• [ ] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• [ ] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• [ ] Please mind the sorting

Following files were found on the FEDEX Ship Manager server installation, version 3508:

C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-api-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-core-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-jcl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4j-slf4j-impl-2.8.2.jar C:\Program Files (x86)\FedEx\ShipManager\BIN\OfflineFastServicePublisher_lib\log4jna-api-2.0.jar

Neighter are vuln Beyondcompare makes the remark in the footer of there site.

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• Status: please select a value from the status table at the top
• Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• Please mind the sorting
• Please put vendor/product name in PR title (instead of "Update README.md")

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• Status: please select a value from the status table at the top
• Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• Please mind the sorting
• Please put vendor/product name in PR title (instead of "Update README.md")

from advisory sent by vendor

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
• [x] Status: please select a value from the status table at the top
• [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• [x] Please mind the sorting

Updated Stormshield with specific advisory for StormShield Visibility Center (only product announced vulnerable to CVE-2021-44228) Updated SonicWall product list based on v2.3 of their advisory

Thank you for your contribution! Some pointers to get it merged quickly:

For contributions in software/:

• [x] PR Title: Please use "Add <vendor/product name>" (instead of "Update README.md")
• [x] Status: please select a value from the status table at the top
• [x] Version: Status Vulnerable / Workaround? -> List vulnerable versions. Status Fix? -> List fixed versions.
• [x] Links: make sure you link to a public statement by the developer. Alternatively, include and link a file in the software/vendor-statements/ directory
• [x] Please mind the sorting

The quality of markdown tables is slowly deteriorating:

• some entries don't have a trailing |, some do
• some table uses a different separator than |:----, namely |----

This makes it hard for automated parsing tools to access the data.

Doing a one-shot cleanup and sending a pull request fixing half the entries would not be wise, because it would make all the other waiting pull requests unmergeable. Also, implementing a commit hook would make the entire file un-commitable.

My idea would be to

• fix |:--- manually
• ask contributors for a more rigid input formatting
• add a pre-merge-commit hook, that would only check the diff for violations of the code, so that the old code can still be ugly (for some time)