Security Vulnerabilities - CVEs Published In 2021
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
CVSS Score
6.5
EPSS Score
0.002
Published
2021-12-02
AOM v2.0.1 was discovered to contain a NULL pointer dereference via the component rate_hist.c.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-12-02
LibreDWG v0.12.3 was discovered to contain a NULL pointer dereference via out_dxfb.c.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-02
LibreDWG v0.12.3 was discovered to contain a heap-buffer overflow via decode_preR13.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-02
An issue was discovered on Renesas RX65 and RX65N devices. With a VCC glitch, an attacker can extract the security ID key from the device. Then, the protected firmware can be extracted.
CVSS Score
4.6
EPSS Score
0.001
Published
2021-12-02
Weak Password Requirements vulnerability in Hitachi Energy FOX61x, XCM20 allows an attacker to gain unauthorized access to the Data Communication Network (DCN) routing configuration. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
CVSS Score
9.0
EPSS Score
0.002
Published
2021-12-02
Missing Handler vulnerability in the proprietary management protocol (port TCP 5558) of Hitachi Energy FOX61x, XCM20 allows an attacker that exploits the vulnerability by activating SSH on port TCP 5558 to cause disruption to the NMS and NE communication. This issue affects: Hitachi Energy FOX61x versions prior to R15A. Hitachi Energy XCM20 versions prior to R15A.
CVSS Score
8.6
EPSS Score
0.004
Published
2021-12-02
CA Network Flow Analysis (NFA) 21.2.1 and earlier contain a SQL injection vulnerability in the NFA web application, due to insufficient input validation, that could potentially allow an authenticated user to access sensitive data.
CVSS Score
6.5
EPSS Score
0.006
Published
2021-12-02
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
CVSS Score
9.6
EPSS Score
0.002
Published
2021-12-02
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-12-02