Vulnerabilities > Snowflake > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-22 CVE-2023-51662 Improper Certificate Validation vulnerability in Snowflake Connector
The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications.
network
high complexity
snowflake CWE-295
7.5
2023-06-08 CVE-2023-34230 Command Injection vulnerability in Snowflake Connector
snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication.
network
low complexity
snowflake CWE-77
8.8
2023-06-08 CVE-2023-34232 Command Injection vulnerability in Snowflake Connector
snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21.
network
low complexity
snowflake CWE-77
8.8
2023-06-08 CVE-2023-34233 Command Injection vulnerability in Snowflake Connector
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations.
network
low complexity
snowflake CWE-77
8.8
2023-06-08 CVE-2023-34231 Command Injection vulnerability in Snowflake Gosnowflake
gosnowflake is th Snowflake Golang driver.
network
low complexity
snowflake CWE-77
8.8
2023-04-14 CVE-2023-30535 Command Injection vulnerability in Snowflake Jdbc
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake.
network
low complexity
snowflake CWE-77
8.8
2022-11-09 CVE-2022-42965 Unspecified vulnerability in Snowflake Snowflake-Connector-Python
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method
network
low complexity
snowflake
7.5
2010-03-02 CVE-2010-0798 SQL Injection vulnerability in Snowflake T3Blog 0.5.0/0.6.0/0.6.1
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
snowflake typo3 CWE-89
7.5