CVE-2022-40525
published 2023-06-06CVE-2022-40525: Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.
PriorityP421medium5.5CVSS 3.1
AVLACLPRLUINSUCHINAN
EPSS
0.11%
1.7th percentile
Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
ghsa9.1CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xvm4-hfq6-6r23: Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis
ghsa_unreviewed·2023-06-06
CVE-2022-40525 [MEDIUM] CWE-200 GHSA-xvm4-hfq6-6r23: Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis
Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.
GHSA
Path Traversal in Apache James Server
ghsa·2022-02-08·CVSS 9.1
CVE-2022-22931 [CRITICAL] CWE-22 Path Traversal in Apache James Server
Path Traversal in Apache James Server
Apache James Server prior to version 3.6.2 contains a path traversal vulnerability. The fix for CVE-2021-40525 does not prepend delimiters upon valid directory validations. Affected implementations include: - maildir mailbox store - Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used).
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-06-06
Published