CVE-2022-1264
published 2022-07-20CVE-2022-1264: The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
PriorityP354high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.82%
52.6th percentile
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | flipped-aurora_gin-vue-admin_server | >= 0 < 2.5.4 | 2.5.4 |
| inductive_automation | ignition | — | — |
| inductive_automation | ignition | >= 8.0.4 < All 8.0 versions* | All 8.0 versions* |
| inductiveautomation | ignition | >= 8.0.4 < 8.1.10 | 8.1.10 |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Chromium: CVE-2022-2480 Use after free in Service Worker API
vendor_msrc·2022-07-12·CVSS 8.8
CVE-2022-2480 [HIGH] Chromium: CVE-2022-2480 Use after free in Service Worker API
Chromium: CVE-2022-2480 Use after free in Service Worker API
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.71
7/22/2022
103.0.5060.134
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the bro
Microsoft
Chromium: CVE-2022-2478 Use after free in PDF
vendor_msrc·2022-07-12·CVSS 8.8
CVE-2022-2478 [HIGH] Chromium: CVE-2022-2478 Use after free in PDF
Chromium: CVE-2022-2478 Use after free in PDF
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.71
7/22/2022
103.0.5060.134
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Microsoft
Chromium: CVE-2022-2481 Use after free in Views
vendor_msrc·2022-07-12·CVSS 8.8
CVE-2022-2481 [HIGH] Chromium: CVE-2022-2481 Use after free in Views
Chromium: CVE-2022-2481 Use after free in Views
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.71
7/22/2022
103.0.5060.134
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In you
Microsoft
Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File
vendor_msrc·2022-07-12·CVSS 4.3
CVE-2022-2479 [MEDIUM] Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File
Chromium: CVE-2022-2479 Insufficient validation of untrusted input in File
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.71
7/22/2022
103.0.5060.134
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the vers
Microsoft
Chromium: CVE-2022-2477 Use after free in Guest View
vendor_msrc·2022-07-12·CVSS 8.8
CVE-2022-2477 [HIGH] Chromium: CVE-2022-2477 Use after free in Guest View
Chromium: CVE-2022-2477 Use after free in Guest View
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.71
7/22/2022
103.0.5060.134
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
I
Microsoft
Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
vendor_msrc·2022-07-12·CVSS 8.8
CVE-2022-2294 [HIGH] Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
Chromium: CVE-2022-2294 Heap buffer overflow in WebRTC
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.49
7/6/2022
103.0.5060.114
Extended Stable: 102.0.1245.56
7/6/2022
102.0.5005.148
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longe
Microsoft
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
vendor_msrc·2022-06-14·CVSS 8.3
CVE-2022-33639 [HIGH] Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to prepare the target environment to improve exploit reliability.
FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
This vulnerability could lead to a browser sandbox escape.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is the severity for this CVE rated as Moderate, but the CVSS score is higher than normal?
Per our severity
Microsoft
Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2163 [HIGH] Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar
Chromium: CVE-2022-2163 Use after free in Cast UI and Toolbar
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the bro
Microsoft
Chromium: CVE-2022-2156 Use after free in Base
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2156 [HIGH] Chromium: CVE-2022-2156 Use after free in Base
Chromium: CVE-2022-2156 Use after free in Base
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your
Microsoft
Chromium: CVE-2022-2157 Use after free in Interest groups
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2157 [HIGH] Chromium: CVE-2022-2157 Use after free in Interest groups
Chromium: CVE-2022-2157 Use after free in Interest groups
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser
Microsoft
Chromium: CVE-2022-2165 Insufficient data validation in URL formatting
vendor_msrc·2022-06-14·CVSS 4.3
CVE-2022-2165 [MEDIUM] Chromium: CVE-2022-2165 Insufficient data validation in URL formatting
Chromium: CVE-2022-2165 Insufficient data validation in URL formatting
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version o
Microsoft
Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API
vendor_msrc·2022-06-14·CVSS 6.3
CVE-2022-2164 [MEDIUM] Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API
Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version o
Microsoft
Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2162 [HIGH] Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API
Chromium: CVE-2022-2162 Insufficient policy enforcement in File System API
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the versi
Microsoft
Chromium: CVE-2022-2160 Insufficient policy enforcement in DevTools
vendor_msrc·2022-06-14·CVSS 6.5
CVE-2022-2160 [MEDIUM] Chromium: CVE-2022-2160 Insufficient policy enforcement in DevTools
Chromium: CVE-2022-2160 Insufficient policy enforcement in DevTools
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of t
Microsoft
Chromium: CVE-2022-2158 Type Confusion in V8
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2158 [HIGH] Chromium: CVE-2022-2158 Type Confusion in V8
Chromium: CVE-2022-2158 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Mi
Microsoft
Chromium: CVE-2022-2161 Use after free in WebApp Provider
vendor_msrc·2022-06-14·CVSS 8.8
CVE-2022-2161 [HIGH] Chromium: CVE-2022-2161 Use after free in WebApp Provider
Chromium: CVE-2022-2161 Use after free in WebApp Provider
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
103.0.1264.37
6/23/2022
103.0.5060.53
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser
CISA ICS
Inductive Automation Ignition
cisa_ics·2022-04-12·CVSS 6.8
[MEDIUM] Inductive Automation Ignition
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
Inductive Automation Ignition
Last RevisedApril 12, 2022
Alert CodeICSA-22-102-03
## 1. EXECUTIVE SUMMARY
- CVSS v3 6.8
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Inductive Automation
- Equipment: Ignition
- Vulnerability: Path Traversal
## 2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an authenticated attacker with network access to execute code by uploading a malicious zip file.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Inductive Automation Ignition software are affected:
- Inducti
GHSA
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
ghsa·2022-10-25
CVE-2022-39345 [CRITICAL] CWE-22 Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
### Impact
Gin-vue-admin < 2.5.4 has File upload vulnerabilities。
File upload vulnerabilities are when a web server allows users to upload files to its filesystem without sufficiently validating things like their name, type, contents, or size. Failing to properly enforce restrictions on these could mean that even a basic image upload function can be used to upload arbitrary and potentially dangerous files instead. This could even include server-side script files that enable remote code execution.
### Patches
https://github.com/flipped-aurora/gin-vue-admin/pull/1264
### Workarounds
https://github.com/flipped-aurora/gin-vue-admin/pull/1264
### References
#1263
### For more information
The plugin installation
GHSA
GHSA-q2p6-q4x9-rcrf: The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code
ghsa_unreviewed·2022-07-21
CVE-2022-1264 [HIGH] CWE-22 GHSA-q2p6-q4x9-rcrf: The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-07-20
Published