Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Back with another CVE question! I’m trying to understand why FleetDM isn’t recognizing a CVE that we’re seeing in CrowdStrike, `CVE-2024-11698` (<https://nvd.nist.gov/vuln/detail/CVE-2024-11698>). It seems like maybe it’s because it’s not in the CPE db, but I’m not super familiar and not sure why it wouldn’t be.

Thanks for reaching out <@ULKCEK4S3>! It looks like there was a bug in the way we were<https://github.com/fleetdm/fleet/issues/24860| pulling ><https://github.com/fleetdm/fleet/issues/24860|VulnCheck data> that became a bigger issue  due to some unannounced changes in NVD and resulted in this scenario.

We have identified a fix and it was<https://github.com/fleetdm/fleet/pull/24318| merged in an hour ago>, so we should see better reporting shortly. No Fleet update required.