Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hive vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-13926
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous v...
Apache Kylin
7.5
CVSSv2
CVE-2018-21234
Jodd prior to 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
Jodd Jodd
Apache Hive 3.1.2
7.5
CVSSv2
CVE-2018-1282
This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation.
Apache Hive
7.5
CVSSv2
CVE-2015-7521
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows malicious users to bypass intended parent table access restrictions via unspecified partition-level operations.
Apache Hive 1.1.0
Apache Hive 1.2.1
Apache Hive 1.2.0
Apache Hive 1.0.1
Apache Hive 1.0.0
1 Github repository
6.5
CVSSv2
CVE-2016-0760
Multiple incomplete blacklist vulnerabilities in Apache Sentry prior to 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Apache Sentry 1.6.0
Apache Sentry 1.5.1
5.5
CVSSv2
CVE-2020-13952
In the course of work on the open source project it exists that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version...
Apache Superset
5.5
CVSSv2
CVE-2018-11777
In Apache Hive 2.3.3, 3.1.0 and previous versions, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.
Apache Hive
1 Github repository
5
CVSSv2
CVE-2020-13949
In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service.
Apache Thrift
Apache Hive
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Cloud Native Core Policy 1.14.0
5
CVSSv2
CVE-2016-3083
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive prior to 1.2.2 and 2.0.x prior to 2.0.1 doesn't seem t...
Apache Hive 0.13.1
Apache Hive 1.1.1
Apache Hive 1.1.0
Apache Hive 1.0.0
Apache Hive 1.2.0
Apache Hive 0.14.0
Apache Hive 1.2.1
Apache Hive 1.0.1
Apache Hive 0.13.0
5
CVSSv2
CVE-2017-5654
In Ambari 2.4.x (prior to 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
Apache Ambari 2.5.0
Apache Ambari 2.4.0
Apache Ambari 2.4.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »