Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hive vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-3083
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive prior to 1.2.2 and 2.0.x prior to 2.0.1 doesn't seem t...
Apache Hive 0.13.1
Apache Hive 1.1.1
Apache Hive 1.1.0
Apache Hive 1.0.0
Apache Hive 1.2.0
Apache Hive 0.14.0
Apache Hive 1.2.1
Apache Hive 1.0.1
Apache Hive 0.13.0
668
VMScore
CVE-2015-7521
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows malicious users to bypass intended parent table access restrictions via unspecified partition-level operations.
Apache Hive 1.1.0
Apache Hive 1.2.1
Apache Hive 1.2.0
Apache Hive 1.0.1
Apache Hive 1.0.0
1 Github repository
356
VMScore
CVE-2017-12625
Apache Hive 2.1.x prior to 2.1.2, 2.2.x prior to 2.2.1, and 2.3.x prior to 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen corr...
Apache Hive 2.3.0
Apache Hive 2.1.1
Apache Hive 2.2.0
Apache Hive 2.1.0
NA
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: prior to 5.0.0.
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-37415
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 prior to 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.2. It ...
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this t...
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-25696
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions prior to 5.1.3.
Apache Apache-airflow-providers-apache-hive
383
VMScore
CVE-2020-1926
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could allow recovery of another users cookie signature. The issue was addressed in Apache Hive 2.3.8
Apache Hive
490
VMScore
CVE-2018-11777
In Apache Hive 2.3.3, 3.1.0 and previous versions, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Apache Hive
1 Github repository
312
VMScore
CVE-2014-0228
Apache Hive prior to 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and (2) export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI.
Apache Hive
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »