CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6392 – Daily Data Dump Collector logs database password in cleartext when running docker exec commands (CVE-2025-6392)
https://notcve.org/view.php?id=CVE-2025-6392
10 Jul 2025 — Brocade SANnav before Brocade SANnav 2.4.0a could log database passwords in clear text in audit logs when the daily data dump collector invokes docker exec commands. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35910 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6390 – Cleartext storage of sensitive information in Brocade SANnav server audit logs.
https://notcve.org/view.php?id=CVE-2025-6390
10 Jul 2025 — Brocade SANnav before SANnav 2.4.0a logs passwords and pbe keys in the Brocade SANnav server audit logs after installation and under specific conditions. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35909 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4662 – Plaintext security passwords are logged in the audit logs while executing openssl cmd
https://notcve.org/view.php?id=CVE-2025-4662
10 Jul 2025 — Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and are not controlled by SANnav. These logs are only visible to the server admin of the host server and are not visible to the SANnav admin or any SANnav user. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35908 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24919 – Dell ControlVault3/ControlVault3 Plus deserialization of untrusted input vulnerability
https://notcve.org/view.php?id=CVE-2025-24919
13 Jun 2025 — A deserialization of untrusted input vulnerability exists in the cvhDecapsulateCmd functionality of Dell ControlVault3 prior to 5.15.10.14 and ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault response to a command can lead to arbitrary code execution. An attacker can compromise a ControlVault firmware and have it craft a malicious response to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25215 – Dell ControlVault3/ControlVault3 Plus cv_close arbitrary free vulnerability
https://notcve.org/view.php?id=CVE-2025-25215
13 Jun 2025 — An arbitrary free vulnerability exists in the cv_close functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-25050 – Dell ControlVault3/ControlVault3 Plus cv_upgrade_sensor_firmware out-of-bounds write vulnerability
https://notcve.org/view.php?id=CVE-2025-25050
13 Jun 2025 — An out-of-bounds write vulnerability exists in the cv_upgrade_sensor_firmware functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault 3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an out-of-bounds write. An attacker can issue an API call to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24922 – Dell ControlVault3/ControlVault3 Plus securebio_identify stack-based buffer overflow vulnerability
https://notcve.org/view.php?id=CVE-2025-24922
13 Jun 2025 — A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability. A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A spe... • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-121: Stack-based Buffer Overflow •
CVSS: 8.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24311 – Dell ControlVault3/ControlVault3 Plus cv_send_blockdata out-of-bounds read vulnerability
https://notcve.org/view.php?id=CVE-2025-24311
13 Jun 2025 — An out-of-bounds read vulnerability exists in the cv_send_blockdata functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an information leak. An attacker can issue an API call to trigger this vulnerability. • https://www.dell.com/support/kbdoc/en-us/000276106/dsa-2025-053 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24507
https://notcve.org/view.php?id=CVE-2025-24507
30 Jan 2025 — This vulnerability allows appliance compromise at boot time. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-24506
https://notcve.org/view.php?id=CVE-2025-24506
30 Jan 2025 — A specific authentication strategy allows to learn ids of PAM users associated with certain authentication types. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678 • CWE-203: Observable Discrepancy •