Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.15 views

Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint

Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...

5.5AI score0.00019EPSS
Exploits0References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.3 views

SUSE CVE-2026-34385

Fleet is open source device management software. Prior to 4.81.0, a second-order SQL injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user...

8.6CVSS5.9AI score0.00197EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/02 6:42 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the Apple MDM profile delivery pipeline. An attacker can access or modify sensitive database contents, such as user credentials, API tokens, and device enrollment secrets, by sending a malicious UDID during the MDM...

8.6CVSS6.2AI score0.00197EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 6:42 p.m.6 views

GO-2026-4914 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...

8.6CVSS5.9AI score0.00197EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-29954

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database in github.com/fleetdm/fleet...

8.6CVSS6AI score0.00197EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/30 7:17 p.m.5 views

EUVD-2026-16754

Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database...

8.6CVSS6AI score0.00197EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 7:17 p.m.3 views

GHSA-V895-833R-8C45 Fleet's Apple MDM profile delivery has second-order SQL Injection that can compromise the database

Summary A critical second-order SQL Injection vulnerability in Fleet's Apple MDM profile delivery pipeline could allow an attacker with a valid MDM enrollment certificate to exfiltrate or modify the contents of the Fleet database, including user credentials, API tokens, and device enrollment...

8.6CVSS6.1AI score0.00197EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28626

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description Fleet is open source device management software susceptible to a second-order SQL injection in its Apple MDM profile delivery pipeline. An attacker possessing a valid MDM enrollment certificate could...

8.8CVSS5.9AI score0.08123EPSS
Exploits7References45
CNNVD
CNNVD
added 2021/11/12 12:0 a.m.5 views

JAMF Jamf Pro 代码问题漏洞

JAMF Jamf Pro is an Apple device management solution from Jamf America JAMF. A security vulnerability exists in Jamf Pro versions prior to 10.32.0. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor's announcement...

9.8CVSS8.2AI score0.0167EPSS
Exploits1References6
Rows per page
Query Builder