Search
Search Results (318859 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32089 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2025-11-19 | 8.8 High |
| A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-36460 | 3 Broadcom, Dell, Microsoft | 3 Bcm5820x, Controllvault3, Windows | 2025-11-19 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 2 (`WBIO_USH_GET_IDENTITY`) with an improper `ReceiveBuferSize` value. | ||||
| CVE-2025-36461 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2025-11-19 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 0 (`WBIO_USH_GET_TEMPLATE`) and with either and an invalid `ReceiveBuferSize` and/or an invalid `SendBufferSize`. | ||||
| CVE-2025-36462 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2025-11-19 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 3 (`WBIO_USH_CREATE_CHALLENGE`) with an invalid `ReceiveBuferSize`. | ||||
| CVE-2025-36463 | 3 Broadcom, Dell, Microsoft | 3 Bcm5820x, Controlvault3, Windows | 2025-11-19 | 7.3 High |
| Multiple out-of-bounds read and write vulnerabilities exist in the ControlVault WBDI Driver Broadcom Storage Adapter functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to memory corruption. An attacker can issue an api call to trigger this vulnerability. This vulnerability is triggered when submitting a `WinBioControlUnit` call to the StorageAdapter with the ControlCode 4 (`WBIO_USH_ADD_RECORD`) and with an invalid `SendBufferSize`. | ||||
| CVE-2025-31361 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2025-11-19 | 8.7 High |
| A privilege escalation vulnerability exists in the ControlVault WBDI Driver WBIO_USH_ADD_RECORD functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted WinBioControlUnit call can lead to privilege escalation. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-31649 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2025-11-19 | 8.7 High |
| A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-40547 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2025-11-19 | 9.1 Critical |
| A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-40548 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2025-11-19 | 9.1 Critical |
| A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-40549 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2025-11-19 | 9.1 Critical |
| A Path Restriction Bypass vulnerability exists in Serv-U that when abused, could give a malicious actor with access to admin privileges the ability to execute code on a directory. This issue requires administrative privileges to abuse. On Windows systems, this scored as medium due to differences in how paths and home directories are handled. | ||||
| CVE-2025-65941 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65940 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65939 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65938 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65937 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65936 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65935 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65934 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2025-65933 | 2025-11-19 | N/A | ||
| Not used | ||||
| CVE-2024-3092 | 1 Gitlab | 1 Gitlab | 2025-11-19 | 8.7 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. A payload may lead to a Stored XSS while using the diff viewer, allowing attackers to perform arbitrary actions on behalf of victims. | ||||