Lucene search
K
SnowflakeSnowflake Connector

13 matches found

CVE
CVE
added 2024/10/24 10:3 p.m.330 views

CVE-2024-49750

Summary (CVE-2024-49750): The Snowflake Connector for Python is affected by exposure of sensitive data in logs prior to version 3.12.3. Under DEBUG logging, credentials such as Duo passcodes and Azure SAS tokens could be logged, and the SecretDetector formatter could fail to fully redact JWTs and...

5.5CVSS5.5AI score0.00203EPSS
CVE
CVE
added 2025/01/29 8:23 p.m.291 views

CVE-2025-24793

Technical details about CVE-2025-24793 are not provided in the connected documents. The initial entry notes a SQL injection in Snowflake Connector for Python versions 2.2.5–3.13.0, fixed in 3.13.1, but no further technical specifics are available here. Monitor for updates.

7CVSS7.2AI score0.003EPSS
CVE
CVE
added 2025/01/29 8:30 p.m.291 views

CVE-2025-24795

The Snowflake Connector for Python (Linux) has a vulnerability in temporary credential caching: when enabled, credentials are cached in a world-readable file. Affected versions are 2.3.7 through 3.13.0; upgrade to 3.13.1 to fix. (Exploits not described in the provided documents; CVSS details indi...

5.5CVSS4.6AI score0.00137EPSS
CVE
CVE
added 2025/01/29 8:25 p.m.290 views

CVE-2025-24794

Technical details such as affected products, versions, root cause, impact and fixes for CVE-2025-24794 are not provided in the connected documents. Please monitor for updates from relevant advisories to obtain concrete vulnerability data and remediation guidance.

7.8CVSS6.4AI score0.00246EPSS
CVE
CVE
added 2023/06/08 8:22 p.m.143 views

CVE-2023-34233

CVE-2023-34233 affects the Snowflake Connector for Python. Versions before 3.0.2 are vulnerable to a command injection via SSO browser URL authentication. Exploitation requires an attacker to host a malicious resource and lure a user to visit a crafted SSO URL, which could execute remote code on ...

8.8CVSS8.2AI score0.01841EPSS
CVE
CVE
added 2022/11/09 12:0 a.m.116 views

CVE-2022-42965

CVE-2022-42965 affects the Python Snowflake connector (snowflake-connector-python). The vulnerability is an exponential ReDoS in the undocumented get_file_transfer_type method, allowing a network attacker to trigger a denial of service by supplying crafted input. Underlying cause: a vulnerable re...

7.5CVSS5.8AI score0.00816EPSS
CVE
CVE
added 2025/04/28 10:33 p.m.103 views

CVE-2025-46326

Snowflake Connector for .NET has a TOCTOU race in the Linux/macOS Easy Logging config file check. Versions 2.1.2 through before 4.4.1 are vulnerable: a local attacker with write access to the logging config file or its directory could overwrite configuration, gaining control over logging level an...

7CVSS4AI score0.00135EPSS
CVE
CVE
added 2025/04/28 10:33 p.m.76 views

CVE-2025-46328

CVE-2025-46328 affects the Snowflake Node.js driver. Versions 1.10.0 up to (but not including) 2.0.4 are vulnerable to a TOCTOU race in the Linux/macOS Easy Logging configuration check: the driver validates that the logging config file is writable only by the owner, but the check can be bypassed,...

7CVSS3.9AI score0.00141EPSS
CVE
CVE
added 2025/01/29 4:59 p.m.75 views

CVE-2025-24791

CVE-2025-24791 affects snowflake-connector-nodejs (Snowflake NodeJS Driver) on Linux. The vulnerability allows bypassing file permissions checks for the temporary credential cache, exploitable by an attacker with write access to the local cache directory. Affected versions are 1.12.0 through 2.0....

5.5CVSS4.7AI score0.00143EPSS
CVE
CVE
added 2025/01/29 8:19 p.m.57 views

CVE-2025-24788

CVE-2025-24788 affects the Snowflake Connector for .NET. The vulnerability arises when downloading files from stages: temporary files are written to the OS temporary directory with world-readable permissions, enabling access by other users on the same machine. Affected versions are 2.0.12 through...

5.5CVSS5AI score0.00141EPSS
CVE
CVE
added 2023/06/08 8:29 p.m.56 views

CVE-2023-34230

CVE-2023-34230 affects the Snowflake Connector for .NET (snowflake-connector-net) prior to version 2.0.18. The underlying issue is a command injection vulnerability via SSO URL authentication. An attacker would need to: (1) establish a malicious resource and (2) persuade a user to use a crafted c...

8.8CVSS8.3AI score0.01431EPSS
CVE
CVE
added 2023/06/08 8:17 p.m.55 views

CVE-2023-34232

Snowflake NodeJS driver (snowflake-connector-nodejs) is vulnerable to command injection via Single Sign-On (SSO) browser URL authentication in versions before 1.6.21. The attack requires the attacker to host a malicious resource and Trick a user into visiting a crafted connection URL; if successf...

8.8CVSS8.3AI score0.01897EPSS
CVE
CVE
added 2023/12/22 4:27 p.m.50 views

CVE-2023-51662

The CVE-2023-51662 issue affects Snowflake Connector .NET (Snowflake .NET driver) where Certificate Revocation List (CRL) checks were not performed when insecureMode is false (default). Affected versions are 2.0.25 through 2.1.4 (inclusive); remediation is to upgrade to 2.1.5. Multiple sources (N...

7.5CVSS6.5AI score0.00348EPSS