| CVE-2021-44228 |
AVG-2623 |
Critical |
Yes |
Arbitrary code execution |
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI... |
| CVE-2021-41098 |
AVG-2425 |
High |
Yes |
Xml external entity injection |
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted... |
| CVE-2021-32066 |
AVG-2141 |
High |
Yes |
Silent downgrade |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an... |
| CVE-2021-31810 |
AVG-2141 |
Medium |
Yes |
Information disclosure |
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into... |
| CVE-2021-22138 |
AVG-1730 |
High |
Yes |
Certificate verification bypass |
A TLS certificate validation flaw was found in the monitoring feature of Logstash versions 6.4.0 and before versions 6.8.15 and 7.12.0. When specifying a... |
| CVE-2019-7612 |
AVG-913 |
High |
No |
Information disclosure |
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration,... |