6 matches found
CVE-2026-54000
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
EUVD-2026-42919
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, on Windows, a local unprivileged attacker can cause a heap buffer out-of-bounds write if there is a query of the processes table targeting a maliciously crafted process, due to uncheck...
CVE-2026-54000
CVE-2026-54000 in osquery (Windows) describes a heap buffer out-of-bounds write in getProcessCurrentDirectory() triggered via the processes table by a maliciously crafted process. The unchecked PEB string lengths in process command-line and current-directory reads allow a local attacker with low ...
CVE-2026-46388
CVE-2026-46388 affects osquery. Prior to version 5.23.1, unprivileged attackers could read contents of an osquery file carve before the carve completes, due to in-progress carve directories not being created with private permissions. If the carve targets a directory the attacker controls, arbitra...
EUVD-2026-42916
osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...
[R1] Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1
R1 Stand-alone Security Patch Available for Tenable Security Center versions 5.23.1, 6.0.0, 6.1.0, 6.1.1, and 6.2.0: SC-202310.1 Jason Schavel Tue, 10/31/2023 - 11:08 Security Center leverages third-party software to help provide underlying functionality. One of the third-party components curl wa...