Security Vulnerabilities - CVEs Published In January 2025
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. When the EXTERNALBROWSER authentication method is used on Windows, an attacker with write access to a directory in the %PATH% can escalate their privileges to the user that runs the vulnerable JDBC Driver version. This vulnerability affects versions 3.2.3 through 3.21.0 on Windows. Snowflake fixed the issue in version 3.22.0.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-01-29
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake JDBC Driver. On Linux systems, when temporary credential caching is enabled, the Snowflake JDBC Driver will cache temporary credentials locally in a world-readable file. This vulnerability affects versions 3.6.8 through 3.21.0. Snowflake fixed the issue in version 3.22.0.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-01-29
snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
CVSS Score
4.4
EPSS Score
0.0
Published
2025-01-29
IBM Aspera Faspex 5.0.0 through 5.0.10 could disclose sensitive username information due to an observable response discrepancy.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-01-29
RuoYi v4.8.0 was discovered to allow unauthorized attackers to view the session ID of the admin in the system monitoring. This issue can allow attackers to impersonate Admin users via using a crafted cookie.
CVSS Score
7.2
EPSS Score
0.002
Published
2025-01-29
RuoYi v4.8.0 was discovered to contain a SQL injection vulnerability via the orderby parameter at /monitor/online/list.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-01-29
Insecure permissions in RuoYi v4.8.0 allows authenticated attackers to escalate privileges by assigning themselves higher level roles.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-01-29