589 matches found
Security Bulletin: IBM Security Guardium is affected by a snowflake-jdbc-3.13.8.jar vulnerability (CVE-2023-30535)
Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2023-30535 DESCRIPTION: Snowflake Computing Snowflake JDBC could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SSO URL...
Oracle GoldenGate for Big Data RCE (October 2023 CPU)
According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 21.3 = 21.10. It is, therefore, affected by a remote code execution vulnerability: - Vulnerability in the GoldenGate Big Data product of Oracle GoldenGate component:...
Malicious Package
Overview CData.Snowflake.API is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's...
Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Box or Snowflake connectors are vulnerable to arbitrary code execution due to [CVE-2023-37466], [CVE-2023-37903]
Summary Node.js module vm2 is used internally by the Box and Snowflake connectors in Designer flows in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands that run Designer flows...
org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...
Oracle Business Intelligence Publisher (OBIEE) (July 2023 CPU)
The 5.9.0.0 and 6.4.0.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the BI Publisher product of Oracle Analytics component: Security Apache CXF. Th...
The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake’s data processing capabilities on the NodeJS platform allows attackers to execute arbitrary code.
The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake data on the NodeJS platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability of the Snowflake Golang driver for working with the cloud-based data processing and storage platform allows a perpetrator to execute arbitrary code.
The vulnerability of the Snowflake Golang driver for working with cloud-based data processing and storage platforms is related to the lack of measures to clean incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Command Injection
github.com/snowflakedb/gosnowflake is vulnerable to Command Injection. The vulnerability exists due to the Snowflake Golang driver via SSO browser URL authentication because it lacks database URL sanitization. To exploit this, an attacker would need to establish a malicious database resource and...
org.apache.nifi:nifi-dbcp-service (>=1.19.0 <=1.21.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.19.0 <=1.21.0) +3 more potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-base (>=1.19.0 <=1.21.0)
org.apache.nifi:nifi-dbcp-base MAVEN version =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.21.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.1.0)
org.apache.nifi:nifi-dbcp-service-nar MAVEN version =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...
Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Snowflake connector are vulnerable to arbitrary code execution due to [CVE-2023-34232]
Summary Node.js module snowflake is used by IBM App Connect Enterprise Certified Container for connecting to Snowflake. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Snowflake connector are vulnerable to arbitrary code execution. Thi...
GHSA-H53W-7QW7-VH5C Snowflake NodeJS Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...
Snowflake NodeJS Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...
GHSA-FWV2-65WH-2W8C Snowflake Golang Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...
Snowflake Golang Driver vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...
apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1), arreyy (=0.0.1) +96 more potentially affected by CVE-2023-34233 via snowflake-connector-python (>=1.7.11 <=3.0.0)
snowflake-connector-python PYPI version =1.7.11, =2.4.0, =0.0.4, =0.1.0, =1.13.21, =20230717.1.0, =0.1.0, =0.4.0, =0.5.1, =1.0.5, =0.5.19, =0.1.1, =0.6.8, =0.8.9 and more Source cves: CVE-2023-34233 Source advisory: OSV:GHSA-5W5M-PFW9-C8FP...
GHSA-5W5M-PFW9-C8FP Snowflake Python Connector vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...
Snowflake Python Connector vulnerable to Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...
GHSA-223G-8W3X-98WR Snowflake Connector .Net Command Injection
Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...