Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hive vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-3083
Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive prior to 1.2.2 and 2.0.x prior to 2.0.1 doesn't seem t...
Apache Hive 0.13.1
Apache Hive 1.1.1
Apache Hive 1.1.0
Apache Hive 1.0.0
Apache Hive 1.2.0
Apache Hive 0.14.0
Apache Hive 1.2.1
Apache Hive 1.0.1
Apache Hive 0.13.0
668
VMScore
CVE-2015-7521
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows malicious users to bypass intended parent table access restrictions via unspecified partition-level operations.
Apache Hive 1.1.0
Apache Hive 1.2.1
Apache Hive 1.2.0
Apache Hive 1.0.1
Apache Hive 1.0.0
1 Github repository
356
VMScore
CVE-2017-12625
Apache Hive 2.1.x prior to 2.1.2, 2.2.x prior to 2.2.1, and 2.3.x prior to 2.3.1 expose an interface through which masking policies can be defined on tables or views, e.g., using Apache Ranger. When a view is created over a given table, the policy enforcement does not happen corr...
Apache Hive 2.3.0
Apache Hive 2.1.1
Apache Hive 2.2.0
Apache Hive 2.1.0
NA
CVE-2023-25696
Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions prior to 5.1.3.
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-37415
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 prior to 6.1.2 the proxy_user option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.2. It ...
Apache Apache-airflow-providers-apache-hive
NA
CVE-2022-46421
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: prior to 5.0.0.
Apache Apache-airflow-providers-apache-hive
NA
CVE-2023-35797
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: prior to 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this t...
Apache Apache-airflow-providers-apache-hive
356
VMScore
CVE-2018-1314
In Apache Hive 2.3.3, 3.1.0 and previous versions, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
Apache Hive
383
VMScore
CVE-2018-1315
In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client co...
Apache Hive
383
VMScore
CVE-2018-1284
In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user (usually h...
Apache Hive
1 Github repository
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »