CVE-2020-1887

CVE-2020-1887 affects osquery versions post-2.9.0 and before 4.2.0, where TLS SNI hostname validation is incorrect. This could allow an attacker to perform a MITM on osquery traffic if no root trust chain is configured. Remediation: upgrade to 4.2.0 or later (or apply vendor guidance). The connec...

CVE-2020-26273

Summary: CVE-2020-26273 affects osquery prior to 4.6.0. By abusing sqlite’s ATTACH verb, an administrator can read/write to arbitrary sqlite databases on disk, potentially creating new sqlite files. Existing non-sqlite files are not overwritten according to the sources. The vulnerability is mitig...

CVE-2019-3567

In osquery, CVE-2019-3567 describes a bypass where an attacker can inject a new executable path into extensions.load and hard link a parent folder of a malicious binary to a folder with safe permissions, causing osquery to load the malicious binary with SYSTEM privileges. The issue affects instal...

CVE-2018-6336

The CVE-2018-6336 issue affects osquery prior to v3.2.7. A malformed Universal/Fat binary can bypass third-party code-signing checks, causing unsigned code to execute while appearing Apple-signed. This is triggered when a Fat binary’s nested Mach-O binaries aren’t fully inspected, leading third-p...

CVE-2020-11081

The vulnerability CVE-2020-11081 affects osquery prior to 4.4.0 on Windows. If PATH includes a user-writable directory, a local attacker can place a malicious zlib1.dll that osquery will load, enabling local privilege escalation because osquery runs with elevated privileges. Affected software: os...