Lucene search
K

64 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a hacker to recover passwords of other users.

The vulnerability of the Device Admin App on the ctrlX OS operating system is related to insufficient calculation of the password hash. Exploiting this vulnerability allows a malicious actor to retrieve passwords of other users by sending specially crafted HTTP requests...

6.8CVSS5.5AI score0.00239EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.7 views

The vulnerability of the Device Admin App on the ctrlX OS operating system allows a perpetrator to compromise the integrity of the vulnerable application’s configuration.

The vulnerability of the Device Admin App on the ctrlX OS lies in the improper validation of the data entered by the user against a list of allowed values. Exploiting this vulnerability allows an attacker to compromise the integrity of the vulnerable application by sending a specially crafted HTT...

7.5CVSS5.5AI score0.00477EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

5.3CVSS5.5AI score0.00285EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to select user account names.

The vulnerability of the Device Admin App on the ctrlX OS involves unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to select user account names by sending specially crafted HTTP requests remotely...

5.3CVSS5.5AI score0.00353EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/07/09 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to carry out “man-in-the-middle” attacks by sending specially crafted HTTP requests...

5.1CVSS5.6AI score0.00212EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

6.8CVSS5.5AI score0.00409EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.5 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

5.5CVSS5.5AI score0.00426EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/29 12:0 a.m.6 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to trigger a service failure.

The vulnerability of the Device Admin App on the ctrlX OS operating system relates to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted HTTP requests remotely...

6.8CVSS5.5AI score0.00409EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 3:58 a.m.3 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service factory reset or continuous locking with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.7AI score0.00093EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:36 p.m.7 views

CVE-2021-25356

An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application...

8.8CVSS7AI score0.00177EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.5 views

The vulnerability of the Certificates and Keys module of the Device Admin App for the ctrlX OS operating system allows a perpetrator to write arbitrary files.

The vulnerability of the Certificates and Keys module in the Device Admin app of the ctrlX OS operating system is related to an incorrect limitation on the path name to the directory. Exploiting this vulnerability allows a malicious actor to write arbitrary files by sending specially crafted HTTP...

7.5CVSS5.6AI score0.003EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.5 views

The vulnerability of the Device Admin App operating system ctrlX OS allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Device Admin App on the ctrlX OS platform is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information by sending specially crafted HTTP requests...

7.5CVSS5.5AI score0.00401EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/12 12:0 a.m.4 views

The vulnerability of the Backup & Restore module of the Device Admin app for the ctrlX OS operating system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Backup & Restore module of the Device Admin app for the ctrlX OS operating system is related to insufficient protection of sensitive data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by...

6.8CVSS5.5AI score0.02633EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2025/03/05 3:15 p.m.57 views

CVE-2025-24494

CVE-2025-24494 affects the Keysight Ixia Vision Product Family. A path traversal vulnerability combined with the Upload functionality could lead to remote code execution under a privileged device admin account, potentially enabling execution of arbitrary scripts or uploaded binaries. The issue is...

8.6CVSS8.3AI score0.0114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/03/04 12:0 a.m.3 views

PT-2025-9700 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX versions prior to 6.7.0 Description: The issue allows for path traversal, which may enable remote code execution using a privileged account, requiring a device admin account. This cannot be performed by a regular user. In combinatio...

8.6CVSS9.7AI score0.0114EPSS
Exploits0References24
OSV
OSV
added 2025/01/03 1:15 a.m.3 views

CVE-2024-43769

In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed...

7.8CVSS5.9AI score0.00081EPSS
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2024/04/04 12:0 a.m.55 views

Android Pixel Privilege Escalation Vulnerability

Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app...

7.8CVSS7.2AI score0.0068EPSS
In wildExploits0
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.3 views

PT-2024-2944 · Google · Android Pixel

Name of the Vulnerable Software and Affected Versions: Android Pixel affected versions not specified Description: The issue is caused by a logic error in the code, allowing for a possible bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS8.4AI score0.0068EPSS
Exploits0References34
OSV
OSV
added 2023/09/11 9:15 p.m.6 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service factory reset or continuous locking with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00093EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/11 8:9 p.m.15 views

CVE-2023-35677

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service factory reset or continuous locking with no additional execution privileges needed. User interaction is not needed for...

6.7AI score0.00093EPSS
Exploits0References2
Rows per page
Query Builder