6 matches found
EUVD-2024-0163
Malicious code in bioql PyPI...
ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains
In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain...
The Snowflake Connector for Python stores sensitive data in logs
Issue Snowflake recently learned about and remediated a set of vulnerabilities in the Snowflake Connector for Python. Under specific conditions, certain users credentials or portions of those credentials were logged locally by the Connector to the users own systems. The credentials were not logge...
CVE-2024-49750
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...
CVE-2024-49750 Snowflake Connector for Python has sensitive data in logs
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Prior to version 3.12.3, when the logging level was set by the user to DEBUG, the Connector could have logged Duo passcodes when specified...
Microsoft AI researchers accidentally exposed terabytes of sensitive data
Warnings about including credentials, keys, and tokens when sharing code on publicly accessible repositories shouldnt be necessary. It should speak for itself that you dont just hand over the keys to your data. But what if a misconfiguration ends in a supposed internal storage account becoming...