Linuxfoundation Osquery — known CVE vulnerabilities
Every CVE whose affected-product data names Linuxfoundation Osquery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2020-1887 — CVSS 9.1 (critical): Incorrect validation of the TLS SNI hostname in osquery versions after 2.9.0 and before 4.2.0 could allow an attacker to MITM osquery…
CVE-2019-3567 — CVSS 8.1 (high): In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder…
CVE-2018-6336 — CVSS 7.8 (high): An issue was discovered in osquery. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing…
CVE-2020-11081 — CVSS 5.3 (medium): osquery before version 4.4.0 enables a privilege escalation vulnerability. If a Window system is configured with a PATH that contains a…
CVE-2020-26273 — CVSS 5.2 (medium): osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. In osquery before version 4.6.0, by using…