Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed


Group Affected Fixed Severity Status Ticket
AVG-2623 7.10.1-1 7.10.2-1 Critical Fixed FS#72975
AVG-2425 7.10.2-1 High Not affected
AVG-2141 7.10.2-1 High Not affected
AVG-1730 7.10.2-1 High Not affected FS#70138
AVG-913 6.6.0-1 6.6.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-44228 AVG-2623 Critical Yes Arbitrary code execution
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
CVE-2021-41098 AVG-2425 High Yes Xml external entity injection
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted...
CVE-2021-32066 AVG-2141 High Yes Silent downgrade
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an...
CVE-2021-31810 AVG-2141 Medium Yes Information disclosure
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into...
CVE-2021-22138 AVG-1730 High Yes Certificate verification bypass
A TLS certificate validation flaw was found in the monitoring feature of Logstash versions 6.4.0 and before versions 6.8.15 and 7.12.0. When specifying a...
CVE-2019-7612 AVG-913 High No Information disclosure
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration,...


Date Advisory Group Severity Type
25 Feb 2019 ASA-201902-28 AVG-913 High information disclosure