Lucene search
K
SnowflakeSnowflake Jdbc

6 matches found

CVE
CVE
added 2025/01/29 5:49 p.m.296 views

CVE-2025-24790

CVE-2025-24790 affects Snowflake JDBC driver (type 4) used by Java apps. On Linux, when temporary credential caching is enabled, credentials may be cached locally in a world-readable file. Affected versions: 3.6.8 through 3.21.0. The issue has been fixed in version 3.22.0. Remediation: upgrade Sn...

5.5CVSS4.6AI score0.00188EPSS
CVE
CVE
added 2025/01/29 5:46 p.m.291 views

CVE-2025-24789

CVE-2025-24789 — Snowflake JDBC Driver privilege escalation (Windows) Affected product: Snowflake JDBC Type 4 driver used by Java apps; Windows EXTERNALBROWSER authentication method on Windows with write access to a PATH directory can escalate privileges to the running user. Affected versions: 3....

7.8CVSS7.8AI score0.00252EPSS
CVE
CVE
added 2024/10/30 12:0 a.m.281 views

CVE-2024-43382

CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...

5.9CVSS6.9AI score0.00173EPSS
CVE
CVE
added 2025/03/13 7:1 p.m.259 views

CVE-2025-27496

Summary: CVE-2025-27496 affects Snowflake JDBC Driver versions 3.0.13–3.23.0. When logging level is DEBUG, the driver locally logs the client-side encryption master key of the target stage during GET/PUT, exposing a sensitive key through logs. The issue is not logged server-side and does not by i...

3.3CVSS3.9AI score0.00112EPSS
CVE
CVE
added 2023/04/14 7:30 p.m.85 views

CVE-2023-30535

CVE-2023-30535 affects Snowflake JDBC (type 4 driver). The issue is a command injection via the SSO URL authentication payload. It was patched in Snowflake JDBC driver version 3.13.29; all users should upgrade to 3.13.29 or later. Related IBM/Oracle advisories note the CVE in the context of Oracl...

8.8CVSS8.2AI score0.01668EPSS
CVE
CVE
added 2026/02/27 5:32 a.m.23 views

CVE-2026-3293

CVE-2026-3293 affects snowflake-bdb snowflake-jdbc up to 4.0.1, specifically the SdkProxyRoutePlanner (src/main/java/net/snowflake/client/internal/core/SdkProxyRoutePlanner.java) in the JDBC URL Handler. The vulnerability arises from manipulating the nonProxyHosts argument, which can cause ineffi...

5.5CVSS4.5AI score0.00209EPSS