Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hive vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2017-5654
In Ambari 2.4.x (prior to 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.
Apache Ambari 2.5.0
Apache Ambari 2.4.0
Apache Ambari 2.4.1
NA
CVE-2021-40331
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled This issue affects Apache Ranger ...
Apache Ranger
578
VMScore
CVE-2016-0760
Multiple incomplete blacklist vulnerabilities in Apache Sentry prior to 1.7.0 allow remote authenticated users to execute arbitrary code via the (1) reflect, (2) reflect2, or (3) java_method Hive builtin functions.
Apache Sentry 1.6.0
Apache Sentry 1.5.1
383
VMScore
CVE-2017-7677
In environments that use external location for hive tables, Hive Authorizer in Apache Ranger prior to 0.7.1 should be checking RWX permission for create table.
Apache Ranger
668
VMScore
CVE-2020-13926
Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. Users of all previous v...
Apache Kylin
490
VMScore
CVE-2020-13952
In the course of work on the open source project it exists that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version...
Apache Superset
383
VMScore
CVE-2018-8042
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Apache Ambari
NA
CVE-2023-35701
Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver component and it can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver (client) is running. The...
NA
CVE-2023-35393
Azure Apache Hive Spoofing Vulnerability
Microsoft Azure Hdinsights -
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3