Snowflake Golang Driver vulnerable to Command Injection

Issue Snowflake was informed via our bug bounty program of a command injection vulnerability in the Snowflake Golang driver via SSO browser URL authentication. Impacted driver package: gosnowflake Impacted version range: before Version 1.6.19 Attack Scenario In order to exploit the potential for...

gosnowflake 命令注入漏洞

Snowflake gosnowflake is a golang implementation of Snowflake's id issuer. A command injection vulnerability exists in gosnowflake versions prior to 1.6.19. An attacker can exploit this vulnerability to cause remote code execution...

PT-2023-3208

Name of the Vulnerable Software and Affected Versions gosnowflake versions prior to 1.6.19 Description A command injection vulnerability exists in the Snowflake Golang driver via single sign-on SSO browser URL authentication. To exploit this issue, an attacker would need to establish a malicious...

Microsoft Azure Kubernetes 安全漏洞

Microsoft Azure Kubernetes is a fully managed Kubernetes service from Microsoft Corporation USA. Offers serverless Kubernetes, a consolidated Continuous Integration and Continuous Delivery CI/CD experience, along with enterprise-grade security and governance. Unify development and operations team...

libupnp Heap Buffer Overflow Vulnerability

libupnp is a portable open source provides an API and open source code UPnP development kit . A remote heap buffer overflow vulnerability exists in libupnp versions 1.6.19 and 1.8.0. Due to the program failing to perform proper boundary checks on user-submitted input. An attacker can exploit this...

Eggdrop < 1.6.19 Server Module Message Handling Remote Buffer Overflow Vulnerability

Eggdrop Server Module is prone to a remote buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced...