Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-1792

Malicious code in bioql PyPI...

8.8CVSS7.5AI score0.01962EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0241

Malicious code in bioql PyPI...

8.8CVSS7.5AI score0.01841EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.4 views

CVE-2023-34230

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

8.8CVSS7.8AI score0.01431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:23 a.m.5 views

CVE-2023-34232

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on SSO browser URL authentication in versions prior to 1.6.21. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicio...

8.8CVSS7.8AI score0.01897EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.4 views

CVE-2023-34231

gosnowflake is th Snowflake Golang driver. Prior to version 1.6.19, a command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1...

8.8CVSS7.7AI score0.01962EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.7 views

CVE-2019-15041

JetBrains YouTrack versions before 2019.1.52545 allowed unbounded URL whitelisting because of Inclusion of Functionality from an Untrusted Control Sphere...

6.1CVSS6.9AI score0.01047EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/06/03 5:2 p.m.4 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/06/09 10:53 p.m.32 views

Snowflake Golang Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...

8.8CVSS7.4AI score0.01962EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/09 10:53 p.m.45 views

Snowflake Python Connector vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Python connector via SSO browser URL authentication. Impacted driver package: snowflake-connector-python Impacted version range: before Version 3.0.2 Attack Scenario In order to exploit t...

8.8CVSS7.4AI score0.01841EPSS
Exploits1References6Affected Software1
Github Security Blog
Github Security Blog
added 2023/06/09 10:40 p.m.21 views

Snowflake Connector .Net Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake .NET driver via SSO URL authentication. Impacted driver package: snowflake-connector-net Impacted version range: before Version 2.0.18 Attack Scenario In order to exploit the potential fo...

8.8CVSS7.8AI score0.01431EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2023/06/09 7:23 a.m.2 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via single sign-on SSO browser URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecting use...

8.8CVSS8AI score0.01431EPSS
Exploits0References2
NVD
NVD
added 2023/06/08 9:15 p.m.14 views

CVE-2023-34230

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

8.8CVSS8AI score0.01431EPSS
Exploits0References1
NVD
NVD
added 2023/06/08 9:15 p.m.24 views

CVE-2023-34233

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

8.8CVSS8AI score0.01841EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/08 8:29 p.m.16 views

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

7.3CVSS9.2AI score0.01431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/06/08 8:29 p.m.8 views

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

7.3CVSS8.9AI score0.01431EPSS
Exploits0References1
CVE
CVE
added 2023/06/08 8:29 p.m.54 views

CVE-2023-34230

CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...

8.8CVSS8.3AI score0.01431EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/06/08 8:29 p.m.15 views

CVE-2023-34230 Snowflake Connector vulnerable to Command Injection

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. In order to exploit the potential for command injection, an attacker would need to be successful in 1 establishing a malicious resource and 2 redirecti...

7.3CVSS8.9AI score0.01431EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/08 8:22 p.m.9 views

CVE-2023-34233 Snowflake Python Connector vulnerable to Command Injection

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

7.3CVSS7.7AI score0.01841EPSS
Exploits1References3
CVE
CVE
added 2023/06/08 8:22 p.m.141 views

CVE-2023-34233

CVE-2023-34233 affects the Snowflake Connector for Python. Versions before 3.0.2 are vulnerable to a command injection via SSO browser URL authentication. Exploitation requires an attacker to host a malicious resource and lure a user to visit a crafted SSO URL, which could execute remote code on ...

8.8CVSS8.2AI score0.01841EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/06/08 8:22 p.m.23 views

CVE-2023-34233 Snowflake Python Connector vulnerable to Command Injection

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Versions prior to 3.0.2 are vulnerable to command injection via single sign-onSSO browser URL authentication. In order to exploit the...

7.3CVSS9.2AI score0.01841EPSS
Exploits1References3
Rows per page
Query Builder