Security Vulnerabilities - CVEs Published In April 2022
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to memory corruption while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to an out-of-bounds write while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to a use after free memory condition while processing a specific project file, which may allow an attacker to execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.003
Published
2022-04-01
Omron CX-Position (versions 2.5.3 and prior) is vulnerable to multiple stack-based buffer overflow conditions while parsing a specific project file, which may allow an attacker to locally execute arbitrary code.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-04-01
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
CVSS Score
9.8
EPSS Score
0.021
Published
2022-04-01
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
CVSS Score
9.8
EPSS Score
0.006
Published
2022-04-01
A blind self XSS vulnerability exists in RocketChat LiveChat <v1.9 that could allow an attacker to trick a victim pasting malicious code in their chat instance.
CVSS Score
6.1
EPSS Score
0.004
Published
2022-04-01
A buffer overflow vulnerability found in the UniFi Door Access Reader Lite’s (UA Lite) firmware (Version 3.8.28.24 and earlier) allows a malicious actor who has gained access to a network to control all connected UA devices. This vulnerability is fixed in Version 3.8.31.13 and later.
CVSS Score
10.0
EPSS Score
0.005
Published
2022-04-01
n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition.
CVSS Score
6.5
EPSS Score
0.041
Published
2022-04-01
CVE-2022-22963
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Known exploited
CVSS Score
9.8
EPSS Score
0.945
Published
2022-04-01