Lucene search
+L

589 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/12/14 6:36 p.m.41 views

Security Bulletin: IBM Security Guardium is affected by a snowflake-jdbc-3.13.8.jar vulnerability (CVE-2023-30535)

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2023-30535 DESCRIPTION: Snowflake Computing Snowflake JDBC could allow a remote authenticated attacker to execute arbitrary commands on the system, caused by a command injection flaw in the SSO URL...

8.8CVSS8.3AI score0.01668EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/18 12:0 a.m.27 views

Oracle GoldenGate for Big Data RCE (October 2023 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is 21.3 = 21.10. It is, therefore, affected by a remote code execution vulnerability: - Vulnerability in the GoldenGate Big Data product of Oracle GoldenGate component:...

8.8CVSS8.9AI score0.01668EPSS
Exploits0References3
Snyk
Snyk
added 2023/10/11 9:0 p.m.2 views

Malicious Package

Overview CData.Snowflake.API is a malicious package. This package contains malicious code that executes covert scripts upon installation or uninstallation, communicating with a remote server to download and execute additional malicious files, thereby deploying the SeroXen RAT on the victim's...

9.8CVSS7.4AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/08/24 3:7 p.m.44 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Box or Snowflake connectors are vulnerable to arbitrary code execution due to [CVE-2023-37466], [CVE-2023-37903]

Summary Node.js module vm2 is used internally by the Box and Snowflake connectors in Designer flows in IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationServer and IntegrationRuntime operands that run Designer flows...

10CVSS9.8AI score0.02925EPSS
Exploits5Affected Software1
vulnersOsv
vulnersOsv
added 2023/08/19 12:30 a.m.14 views

org.apache.nifi.minifi:minifi-assembly (>=1.22.0 <=1.23.0), org.apache.nifi:nifi-dbcp-service (>=1.21.0 <=1.23.0) +4 more potentially affected by CVE-2023-40037 via org.apache.nifi:nifi-dbcp-base (>=1.21.0 <=1.23.0)

org.apache.nifi:nifi-dbcp-base MAVEN version =1.21.0, =1.22.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.21.0, =1.23.0 Source cves: CVE-2023-40037 Source advisory: OSV:GHSA-23QF-3JF9-H3Q9...

6.5CVSS6.5AI score0.01536EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/07/21 12:0 a.m.79 views

Oracle Business Intelligence Publisher (OBIEE) (July 2023 CPU)

The 5.9.0.0 and 6.4.0.0 versions of Oracle Business Intelligence Enterprise Edition installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2023 CPU advisory. - Vulnerability in the BI Publisher product of Oracle Analytics component: Security Apache CXF. Th...

9.8CVSS6.6AI score0.0193EPSS
Exploits8References6
BDU FSTEC
BDU FSTEC
added 2023/06/22 12:0 a.m.11 views

The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake’s data processing capabilities on the NodeJS platform allows attackers to execute arbitrary code.

The vulnerability of the Snowflake NodeJS driver for working with cloud-based data processing platforms and Snowflake data on the NodeJS platform is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.5CVSS8AI score0.01897EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/06/22 12:0 a.m.7 views

The vulnerability of the Snowflake Golang driver for working with the cloud-based data processing and storage platform allows a perpetrator to execute arbitrary code.

The vulnerability of the Snowflake Golang driver for working with cloud-based data processing and storage platforms is related to the lack of measures to clean incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

8.5CVSS7.6AI score0.01962EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/06/20 8:48 a.m.24 views

Command Injection

github.com/snowflakedb/gosnowflake is vulnerable to Command Injection. The vulnerability exists due to the Snowflake Golang driver via SSO browser URL authentication because it lacks database URL sanitization. To exploit this, an attacker would need to establish a malicious database resource and...

8.8CVSS7.5AI score0.01962EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/06/12 6:30 p.m.4 views

org.apache.nifi:nifi-dbcp-service (>=1.19.0 <=1.21.0), org.apache.nifi:nifi-dbcp-service-nar (>=1.19.0 <=1.21.0) +3 more potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-base (>=1.19.0 <=1.21.0)

org.apache.nifi:nifi-dbcp-base MAVEN version =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.19.0, =1.21.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...

8.8CVSS7.4AI score0.63633EPSS
Exploits10
vulnersOsv
vulnersOsv
added 2023/06/12 6:30 p.m.4 views

com.drunkendev:nifi-drunken-nar (=1.0.0), org.apache.nifi:nifi-snowflake-services-nar (>=1.16.0 <=1.18.0) potentially affected by CVE-2023-34468 via org.apache.nifi:nifi-dbcp-service-nar (>=1.16.0 <=1.1.0)

org.apache.nifi:nifi-dbcp-service-nar MAVEN version =1.16.0, =1.16.0, =1.18.0 Source cves: CVE-2023-34468 Source advisory: OSV:GHSA-XM2M-2Q6H-22JW...

8.8CVSS7.4AI score0.63633EPSS
Exploits10
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/12 2:47 p.m.14 views

Security Bulletin: IBM App Connect Enterprise Certified Container operands that use the Snowflake connector are vulnerable to arbitrary code execution due to [CVE-2023-34232]

Summary Node.js module snowflake is used by IBM App Connect Enterprise Certified Container for connecting to Snowflake. IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands that use the Snowflake connector are vulnerable to arbitrary code execution. Thi...

8.8CVSS8.4AI score0.01897EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/06/09 10:53 p.m.13 views

GHSA-H53W-7QW7-VH5C Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...

7.3CVSS8.3AI score0.01897EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2023/06/09 10:53 p.m.20 views

Snowflake NodeJS Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake NodeJS driver via SSO browser URL authentication. Impacted driver package: snowflake-connector-nodejs Impacted version range: before Version 1.6.21 Attack Scenario In order to exploit the...

8.8CVSS7.4AI score0.01897EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2023/06/09 10:53 p.m.16 views

GHSA-FWV2-65WH-2W8C Snowflake Golang Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...

7.3CVSS8.3AI score0.01962EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/06/09 10:53 p.m.33 views

Snowflake Golang Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...

8.8CVSS7.4AI score0.01962EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2023/06/09 10:53 p.m.5 views

apache-airflow-providers-snowflake (>=2.4.0 <=2.5.1rc1), arreyy (=0.0.1) +96 more potentially affected by CVE-2023-34233 via snowflake-connector-python (>=1.7.11 <=3.0.0)

snowflake-connector-python PYPI version =1.7.11, =2.4.0, =0.0.4, =0.1.0, =1.13.21, =20230717.1.0, =0.1.0, =0.4.0, =0.5.1, =1.0.5, =0.5.19, =0.1.1, =0.6.8, =0.8.9 and more Source cves: CVE-2023-34233 Source advisory: OSV:GHSA-5W5M-PFW9-C8FP...

8.8CVSS7.2AI score0.01841EPSS
Exploits1
OSV
OSV
added 2023/06/09 10:53 p.m.51 views

GHSA-5W5M-PFW9-C8FP Snowflake Python Connector vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...

8.5CVSS8.3AI score0.01841EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2023/06/09 10:53 p.m.47 views

Snowflake Python Connector vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...

8.8CVSS7.4AI score0.01841EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2023/06/09 10:40 p.m.19 views

GHSA-223G-8W3X-98WR Snowflake Connector .Net Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...

7.3CVSS8.3AI score0.01431EPSS
Exploits0References3
Rows per page
Query Builder