Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
9
CVSSv2
CVE-2018-8029
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop 3.0.0
Apache Hadoop 2.9.0
Apache Hadoop
Apache Hadoop 2.9.1
6.5
CVSSv2
CVE-2012-1574
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 up to and including 0.20.205.0, 0.23.x prior to 0.23.2, and 1.0.x prior to 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin prior to 0.20.2+923.197, and other products, allows...
Apache Hadoop 0.20.203.0
Apache Hadoop 0.20.204.0
Apache Hadoop 0.20.205.0
Apache Hadoop 0.23.1
Apache Hadoop 1.0.0
Apache Hadoop 0.23.0
Apache Hadoop 1.0.1
Cloudera Hadoop 0.20.1\\+169
Cloudera Hadoop 0.20.2\\+923
Cloudera Cloudera Cdh Cdh3
Cloudera Hadoop 0.20-sbin
4.6
CVSSv2
CVE-2015-7430
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 prior to 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
Apache Hadoop 2.5.0
Apache Hadoop 1.1.1
Apache Hadoop 2.7.0
Apache Hadoop 2.4.0
2.1
CVSSv2
CVE-2016-5001
This is an information disclosure vulnerability in Apache Hadoop prior to 2.6.4 and 2.7.x prior to 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessin...
Apache Hadoop 2.7.0
Apache Hadoop
Apache Hadoop 2.7.1
7.5
CVSSv2
CVE-2022-26612
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry ma...
Apache Hadoop
Apache Hadoop 3.3.1
Apache Hadoop 3.3.2
9
CVSSv2
CVE-2021-33036
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop 3.0.0
Apache Hadoop
4.3
CVSSv2
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Apache Hadoop 3.0.0
Apache Hadoop
8.5
CVSSv2
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 2.8.0
Apache Hadoop 3.0.0
5
CVSSv2
CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Apache Hadoop 2.7.3
Apache Hadoop 2.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »