Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hadoop vulnerabilities and exploits
(subscribe to this query)
2.1
CVSSv2
CVE-2015-1776
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the ...
Apache Hadoop 2.6.0
Apache Hadoop 2.6.2
Apache Hadoop 2.6.3
Apache Hadoop 2.6.4
Apache Hadoop 2.6.1
6.5
CVSSv2
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
Apache Hadoop 2.0.0
Apache Hadoop 3.0.0
Apache Hadoop
Apache Hadoop 3.1.0
9
CVSSv2
CVE-2018-8029
In Apache Hadoop versions 3.0.0-alpha1 to 3.1.0, 2.9.0 to 2.9.1, and 2.2.0 to 2.8.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop 3.0.0
Apache Hadoop 2.9.0
Apache Hadoop
Apache Hadoop 2.9.1
4.6
CVSSv2
CVE-2015-7430
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 prior to 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
Apache Hadoop 2.5.0
Apache Hadoop 1.1.1
Apache Hadoop 2.7.0
Apache Hadoop 2.4.0
2.1
CVSSv2
CVE-2016-5001
This is an information disclosure vulnerability in Apache Hadoop prior to 2.6.4 and 2.7.x prior to 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessin...
Apache Hadoop 2.7.0
Apache Hadoop
Apache Hadoop 2.7.1
7.5
CVSSv2
CVE-2022-26612
In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry ma...
Apache Hadoop
Apache Hadoop 3.3.1
Apache Hadoop 3.3.2
4.3
CVSSv2
CVE-2018-11765
In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.
Apache Hadoop 3.0.0
Apache Hadoop
9
CVSSv2
CVE-2021-33036
In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher.
Apache Hadoop 3.0.0
Apache Hadoop
8.5
CVSSv2
CVE-2017-7669
In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.
Apache Hadoop 2.8.0
Apache Hadoop 3.0.0
5
CVSSv2
CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.
Apache Hadoop 2.7.3
Apache Hadoop 2.7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »