Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop 3.0.0 vulnerabilities and exploits
(subscribe to this query)
801
VMScore
CVE-2021-33036
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop 3.0.0
Apache Hadoop
801
VMScore
CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Apache Hadoop 3.0.0
801
VMScore
CVE-2018-8029
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop 3.0.0
Apache Hadoop 2.9.0
Apache Hadoop
Apache Hadoop 2.9.1
756
VMScore
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 2.8.0
Apache Hadoop 3.0.0
580
VMScore
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
578
VMScore
CVE-2020-9492
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
Apache Hadoop
Apache Solr 8.6.0
Apache Solr 8.6.2
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
445
VMScore
CVE-2018-11768
In Apache Hadoop 3.1.0 to 3.1.1, 3.0.0-alpha1 to 3.0.3, 2.9.0 to 2.9.1, and 2.0.0-alpha to 2.8.4, the user/group information can be corrupted across storing in fsimage and reading back from fsimage.
Apache Hadoop 2.0.4
Apache Hadoop 2.0.3
Apache Hadoop 2.0.6
Apache Hadoop 2.1.0
Apache Hadoop 2.0.5
Apache Hadoop 2.1.1
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop 2.0.2
Apache Hadoop 2.0.1
Apache Hadoop
445
VMScore
CVE-2018-1296
In Apache Hadoop 3.0.0-alpha1 to 3.0.0, 2.9.0, 2.8.0 to 2.8.3, and 2.5.0 to 2.7.5, HDFS exposes extended attribute key/value pairs during listXAttrs, verifying only path-level search access to the directory rather than path-level read permission to the referent.
Apache Hadoop 3.0.0
Apache Hadoop 2.8.0
Apache Hadoop
Apache Hadoop 2.8.1
Apache Hadoop 2.8.2
Apache Hadoop 2.8.3
Apache Hadoop 2.9.0
409
VMScore
CVE-2017-3166
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be sh...
Apache Hadoop 2.6.2
Apache Hadoop 2.7.0
Apache Hadoop 2.6.3
Apache Hadoop 2.6.4
Apache Hadoop 3.0.0
Apache Hadoop 2.7.2
Apache Hadoop 2.7.1
Apache Hadoop 2.6.1
Apache Hadoop 2.6.5
Apache Hadoop 2.7.3
383
VMScore
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Apache Hadoop 3.0.0
Apache Hadoop
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »