Vulnerabilidades en fleetdm

29 resultados
CVE-2020-26276CRITICALSAML authentication vulnerability in FleetEPSS 2.2%CVE-2021-21296LOWDenial-of-service in FleetEPSS 1.9%CVE-2026-34387MEDIUMFleet vulnerable to OS command injection via crafted software package metadata in uninstall scriptsEPSS 1.3%CVE-2022-23600MEDIUMLimited ability to spoof SAML authentication with missing audience verificationEPSS 0.9%CVE-2022-24841MEDIUMImproper Authorization in github.com/fleetdm/fleetEPSS 0.8%CVE-2026-26191MEDIUMFleet vulnerable to OS command injection in software packagesEPSS 0.8%CVE-2025-27509CRITICALSAML authentication vulnerability due to improper SAML response validationEPSS 0.6%CVE-2026-26061HIGHFleet's unbounded request body read allows remote Denial of ServiceEPSS 0.4%CVE-2026-24000MEDIUMFleet has a rate limiting bypass via untrusted client IP headersEPSS 0.4%CVE-2026-24899HIGHFleet Windows MDM Azure AD JWT Authentication BypassEPSS 0.4%CVE-2026-26062HIGHFleet server may terminate unexpectedly when handling certain gRPC requestsEPSS 0.4%CVE-2026-26060MEDIUMFleet: Password reset tokens remain valid after password change for 24 hoursEPSS 0.3%CVE-2026-34386MEDIUMFleet vulnerable to SQL injection in MDM bootstrap package by authenticated team or global adminEPSS 0.3%CVE-2026-29180MEDIUMFleet's team maintainer can transfer hosts from any team via missing source team authorizationEPSS 0.3%CVE-2026-26186MEDIUMFleet has a SQL injection via backtick escape in ORDER BY parameterEPSS 0.3%CVE-2026-46356MEDIUMFleet: IP spoofing allows bypassing API rate limitingEPSS 0.3%CVE-2026-34388MEDIUMFleet vulnerable to Denial of Service via unhandled gRPC log type in launcher endpointEPSS 0.3%CVE-2026-24004LOWFleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpointEPSS 0.3%CVE-2026-23517MEDIUMFleet has an Access Control vulnerability in debug/pprof endpointsEPSS 0.2%CVE-2026-27465LOWFleet: Sensitive Google Calendar credentials disclosed to low-privileged usersEPSS 0.2%