Lucene search
K

71 matches found

Snyk
Snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 6:18 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 6:18 p.m.4 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/01 6:18 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview github.com/elastic/fleet-server/v7/internal/pkg/api is a control server to manage a fleet of elastic-agents. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitti...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

7.5CVSS0.00312EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:26 p.m.6 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 4:26 p.m.15 views

CVE-2026-56150

MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/01 4:26 p.m.31 views

CVE-2026-56150 Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS0.00312EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:26 p.m.8 views

EUVD-2026-41077

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References1
Chainguard
Chainguard
added 2026/06/19 2:16 a.m.10 views

GHSA-MQQF-5WVP-8FH8 vulnerabilities

Vulnerabilities for packages: aws-lambda-runtime-interface-emulator, custom-pod-autoscaler, fleet-server-fips, kyverno-fips, cloudbeat-fips, custom-pod-autoscaler-fips, cloudbeat, commercial-kyverno, aws-lambda-runtime-interface-emulator-fips...

6.1AI score
Exploits0
Chainguard
Chainguard
added 2026/06/19 2:16 a.m.12 views

CVE-2025-69725 vulnerabilities

Vulnerabilities for packages: aws-lambda-runtime-interface-emulator, custom-pod-autoscaler, fleet-server-fips, kyverno-fips, cloudbeat-fips, custom-pod-autoscaler-fips, cloudbeat, commercial-kyverno, aws-lambda-runtime-interface-emulator-fips...

4.7CVSS6.1AI score0.00215EPSS
Exploits0
Snyk
Snyk
added 2026/05/26 10:48 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/server/service to...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/26 10:48 p.m.8 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the windowsMDMManagement endpoint. An attacker can gain unauthorized access to management functionality by bypassing authentication mechanisms. Remediation Upgrade github.com/fleetdm/fleet/server/mock to...

8.2CVSS5.8AI score0.00214EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/14 9:24 p.m.6 views

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to the reliance on client-supplied IP address headers such as X-Forwarded-For, X-Real-IP, and True-Client-IP. An attacker can circumvent per-IP rate limiting by supplying arbitrary values in these headers, causing...

7.5CVSS5.7AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/05/14 7:0 p.m.20 views

CVE-2026-26062

CVE-2026-26062 affects Fleet before version 4.81.0, where the gRPC Launcher PublishLogs endpoint could terminate the Fleet server when handling certain inputs. An authenticated attacker with access to an enrolled Launcher node key could trigger an immediate DoS by sending a single gRPC request, i...

8.7CVSS5.8AI score0.00372EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 7:0 p.m.11 views

EUVD-2026-30375

Fleet is open source device management software. Prior to version 4.81.0, Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to...

8.7CVSS5.8AI score0.00372EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 1:17 p.m.7 views

GHSA-X67P-9M2R-FXQV Fleet server may terminate unexpectedly when handling certain gRPC requests

Summary Fleet contained a denial-of-service DoS issue in the gRPC Launcher PublishLogs endpoint. In affected versions, certain unexpected input values were not handled gracefully, which could cause the Fleet server process to terminate while processing an authenticated request from an enrolled...

8.7CVSS5.9AI score0.00372EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-40970

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.81.0 Description A denial-of-service DoS issue exists in the gRPC Launcher "PublishLogs" endpoint. Certain unexpected input values are not handled gracefully, which can cause the server process to terminate while...

8.7CVSS5.9AI score0.00372EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.10 views

CVE-2026-29181 vulnerabilities

Vulnerabilities for packages: cluster-api-provider-vsphere, gitlab-kas-fips, crossplane-provider-aws-kafka, crossplane-provider-aws-cloudwatchevents, crossplane-provider-azure-resources, crossplane-provider-aws-kafka-fips, crossplane-provider-aws-cloudwatchlogs, commercial-grafana, emissary,...

7.5CVSS6.1AI score0.00435EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/25 7:17 p.m.7 views

GHSA-MH2Q-Q3FH-2475 vulnerabilities

Vulnerabilities for packages: cluster-api-provider-vsphere, gitlab-kas-fips, crossplane-provider-aws-kafka, crossplane-provider-aws-cloudwatchevents, crossplane-provider-azure-resources, crossplane-provider-aws-kafka-fips, crossplane-provider-aws-cloudwatchlogs, commercial-grafana, emissary,...

6.1AI score
Exploits0
Rows per page
Query Builder