Lucene search
K

1237 matches found

CVE
CVE
added 2025/01/29 8:30 p.m.288 views

CVE-2025-24795

The Snowflake Connector for Python (Linux) has a vulnerability in temporary credential caching: when enabled, credentials are cached in a world-readable file. Affected versions are 2.3.7 through 3.13.0; upgrade to 3.13.1 to fix. (Exploits not described in the provided documents; CVSS details indi...

5.5CVSS4.6AI score0.00137EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/29 6:42 p.m.23 views

Snowflake JDBC uses insecure temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through...

5.5CVSS4.8AI score0.00188EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/29 6:42 p.m.12 views

GHSA-33G6-495W-V8J2 Snowflake JDBC uses insecure temporary credential cache file permissions

Issue Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through...

4.4CVSS4.7AI score0.00188EPSS
Exploits0References4
CVE
CVE
added 2025/01/29 5:49 p.m.295 views

CVE-2025-24790

CVE-2025-24790 affects Snowflake JDBC driver (type 4) used by Java apps. On Linux, when temporary credential caching is enabled, credentials may be cached locally in a world-readable file. Affected versions: 3.6.8 through 3.21.0. The issue has been fixed in version 3.22.0. Remediation: upgrade Sn...

5.5CVSS4.6AI score0.00188EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/29 5:49 p.m.11 views

CVE-2025-24790 Snowflake JDBC uses insecure temporary credential cache file permissions

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver...

4.4CVSS4.5AI score0.00188EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/29 5:49 p.m.18 views

CVE-2025-24790 Snowflake JDBC uses insecure temporary credential cache file permissions

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver...

4.4CVSS0.00188EPSS
Exploits0References2
OSV
OSV
added 2025/01/29 5:49 p.m.15 views

CVE-2025-24790 Snowflake JDBC uses insecure temporary credential cache file permissions

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver...

4.4CVSS7.7AI score0.00188EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2025/01/28 3:56 a.m.9 views

CVE-2024-50124 affecting package kernel for versions less than 6.6.64.2-1

CVE-2024-50124 affecting package kernel for versions less than 6.6.64.2-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS6.8AI score0.00229EPSS
Exploits0
OSV
OSV
added 2025/01/13 9:42 p.m.11 views

CVE-2024-51491 Process crash during CRL-based revocation check on OS using separate mount point for temp Directory in notation-go

notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List CRL based revocation check feature. After retrieving the CRL, notation-go...

3.3CVSS6.8AI score0.00192EPSS
Exploits1References5
0day.today
0day.today
added 2025/01/08 12:0 a.m.753 views

Selenium Firefox Remote Code Execution Exploit

Selenium Server Grid versions 4.27.0 and below allows cross site request forgery because it permits non-JSON content types such as application/x-www-form-urlencoded, multipart/form-data, and text/plain and this issue in turn allows for an attacker to achieve remote code execution. This module...

8.8CVSS9.1AI score0.11816EPSS
Exploits6
GithubExploit
GithubExploit
added 2025/01/04 12:25 a.m.302 views

Exploit for Race Condition in Openbsd Openssh

Summary This is essentially a statistical vulnerability: a la...

8.1CVSS9.3AI score0.99506EPSS
Exploits68
CNNVD
CNNVD
added 2024/12/07 12:0 a.m.2 views

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM Db2 suffers from a denial-of-service vulnerability that can be exploited by an attacker to cause a...

6.5CVSS6.7AI score0.00382EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/11/21 3:50 p.m.51 views

Chinese APT Gelsemium Targets Linux Systems with New WolfsBane Backdoor

The China-aligned advanced persistent threat APT actor known as Gelsemium has been observed using a new Linux backdoor dubbed WolfsBane as part of cyber attacks likely targeting East and Southeast Asia. That's according to findings from cybersecurity firm ESET based on multiple Linux samples...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/11/21 12:0 a.m.8 views

The vulnerability of the mptcp component in Linux operating systems, which allows attackers to manipulate data

The vulnerability of the mptcp component in Linux operating systems is related to the state of the race condition when using shared resources. Exploiting this vulnerability allows an attacker to manipulate data...

3.3CVSS6.1AI score0.00168EPSS
Exploits0References15Affected Software5
The Hacker News
The Hacker News
added 2024/11/19 9:40 a.m.9 views

New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus. "Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The...

7.6AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2024/11/18 10:15 a.m.8 views

CVE-2023-39179

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS7AI score0.01095EPSS
Exploits0References4
OSV
OSV
added 2024/11/18 10:15 a.m.1 views

UBUNTU-CVE-2023-39179

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS5.6AI score0.01095EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/11/15 5:21 p.m.11 views

CVE-2023-39179

A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS5.8AI score0.01095EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/11/15 4:53 p.m.12 views

CVE-2023-39176

A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose...

5.8CVSS5.8AI score0.00663EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2024/11/14 12:15 p.m.4 views

CVE-2023-4458

A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on...

7.5CVSS5.6AI score0.00833EPSS
Exploits0References4
Rows per page
Query Builder