Lucene search
K

92 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.37 views

Dell ControlVault3 Driver Vulnerability (DSA-2025-053)

The version of the Dell ControlVault3 cvusbdrv.sys driver installed on the remote host is 5.x prior to 5.15.10.14, or 6.x prior to 6.2.26.36. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory: - An out-of-bounds write vulnerability exists in the...

8.8CVSS8.2AI score0.02226EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/08/08 12:0 a.m.4 views

Dell ControlVault3 Driver Detection (Windows)

Binary data dellcontrolvault3driverwininstalled.nbin...

7.3AI score
Exploits0References1
Talos Blog
Talos Blog
added 2025/08/05 1:0 p.m.8 views

ReVault! When your SoC turns against you…

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling "ReVault". 100+ models of Dell Laptops are affected by this vulnerability if left unpatched. The ReVault attack can be used as a post-compromise...

8.8CVSS7.3AI score0.02226EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/06/26 12:0 a.m.7 views

The vulnerability of the cv_send_blockdata() function in the Dell ControlVault3 security driver package allows a attacker to disclose protected information.

The vulnerability of the cvsendblockdata function in the Dell ControlVault3 security driver suite relates to reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to disclose protected information...

8.4CVSS7.7AI score0.01302EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/26 12:0 a.m.8 views

The vulnerability of the cv_close() function in the Dell ControlVault3 security driver package allows a attacker to execute arbitrary code or cause a service failure.

The vulnerability of the cvclose function in the Dell ControlVault3 security driver suite is related to the release of an incorrect pointer. Exploiting this vulnerability could allow an attacker to execute arbitrary code or cause service failures...

8.8CVSS8AI score0.01768EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.9 views

The vulnerability of the securebio_identify() function in the Dell ControlVault3 security management driver allows a attacker to execute arbitrary code.

The vulnerability of the securebioidentify function in the Dell ControlVault3 security driver suite is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

8.8CVSS8.2AI score0.02226EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.6 views

The vulnerability of the cv_upgrade_sensor_firmware() function in the Dell ControlVault3 security driver package allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the cvupgradesensorfirmware function in the Dell ControlVault3 security driver suite is related to writing beyond buffer boundaries. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected...

8.8CVSS7.7AI score0.01429EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.7 views

The vulnerability of the cvhDecapsulateCmd() function in the Dell ControlVault3 security driver package allows a attacker to execute arbitrary code.

The vulnerability of the cvhDecapsulateCmd function in the Dell ControlVault3 security driver suite is related to deficiencies in the deserialization mechanism. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

8.1CVSS7.9AI score0.01797EPSS
Exploits0References2Affected Software2
RedhatCVE
RedhatCVE
added 2025/06/15 10:14 p.m.7 views

CVE-2025-25050

An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...

8.8CVSS7.2AI score0.01429EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/15 10:14 p.m.6 views

CVE-2025-25215

An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...

8.8CVSS7.2AI score0.01768EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/15 10:14 p.m.5 views

CVE-2025-24919

A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can...

8.1CVSS8AI score0.01797EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/15 8:58 p.m.7 views

CVE-2025-24922

A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...

8.8CVSS8.2AI score0.02226EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/15 8:58 p.m.8 views

CVE-2025-24311

An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...

8.4CVSS6.8AI score0.01302EPSS
Exploits0References1
NVD
NVD
added 2025/06/13 10:15 p.m.19 views

CVE-2025-25215

An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...

8.8CVSS0.01768EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 9:48 p.m.16 views

CVE-2025-24919 Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability

A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can...

8.1CVSS0.01797EPSS
Exploits0References1
CVE
CVE
added 2025/06/13 9:48 p.m.59 views

CVE-2025-24919

Dell ControlVault3 CVE-2025-24919 is a deserialization of untrusted input flaw in cvhDecapsulateCmd (bcmbipdll.dll). A crafted firmware response can cause incorrect parameter handling and memory corruption, enabling arbitrary code execution on the firmware. Affected products: ControlVault3 prior ...

8.1CVSS8.4AI score0.01797EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 9:15 p.m.10 views

CVE-2025-24922

A stack-based buffer overflow vulnerability exists in the securebioidentify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cvobject can lead to a arbitrary code execution. An attacker can issue an API call to...

8.8CVSS0.02226EPSS
Exploits0References2
NVD
NVD
added 2025/06/13 9:15 p.m.40 views

CVE-2025-24311

An out-of-bounds read vulnerability exists in the cvsendblockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this...

8.4CVSS0.01302EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/13 9:3 p.m.1 views

CVE-2025-25050 Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability

An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...

8.8CVSS8.7AI score0.01429EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/13 9:3 p.m.22 views

CVE-2025-25050 Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability

An out-of-bounds write vulnerability exists in the cvupgradesensorfirmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to...

8.8CVSS0.01429EPSS
Exploits0References1
Rows per page
Query Builder