Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop vulnerabilities and exploits
(subscribe to this query)
9
CVSSv2
CVE-2016-6811
In Apache Hadoop 2.x prior to 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
Apache Hadoop
4
CVSSv2
CVE-2014-0229
Apache Hadoop 0.23.x prior to 0.23.11 and 2.x prior to 2.4.1, as used in Cloudera CDH 5.0.x prior to 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause...
Cloudera Cdh 5.0.0
Apache Hadoop 2.0.4
Apache Hadoop 2.0.6
Apache Hadoop 2.1.1
Apache Hadoop 0.23.1
Apache Hadoop 0.23.3
Apache Hadoop 2.0.0
Apache Hadoop 2.0.1
Apache Hadoop 2.0.2
Apache Hadoop 2.0.3
Apache Hadoop 0.23.5
Apache Hadoop 0.23.6
Apache Hadoop 0.23.7
Apache Hadoop 0.23.8
Apache Hadoop 2.2.0
Apache Hadoop 2.3.0
Apache Hadoop 2.4.0
Apache Hadoop 0.23.0
Apache Hadoop 2.0.5
Apache Hadoop 2.1.0
Apache Hadoop 0.23.10
Apache Hadoop 0.23.4
6.5
CVSSv2
CVE-2016-5393
In Apache Hadoop 2.6.x prior to 2.6.5 and 2.7.x prior to 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
Apache Hadoop 2.7.1
Apache Hadoop 2.7.2
Apache Hadoop 2.7.0
Apache Hadoop 2.6.4
Apache Hadoop 2.6.2
Apache Hadoop 2.6.0
Apache Hadoop 2.6.3
Apache Hadoop 2.6.1
2.1
CVSSv2
CVE-2015-1776
Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the ...
Apache Hadoop 2.6.0
Apache Hadoop 2.6.2
Apache Hadoop 2.6.3
Apache Hadoop 2.6.4
Apache Hadoop 2.6.1
4.6
CVSSv2
CVE-2015-7430
The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 prior to 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecified vectors.
Apache Hadoop 2.5.0
Apache Hadoop 1.1.1
Apache Hadoop 2.7.0
Apache Hadoop 2.4.0
5
CVSSv2
CVE-2014-3627
The YARN NodeManager daemon in Apache Hadoop 0.23.0 up to and including 0.23.11 and 2.x prior to 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which...
Apache Hadoop 2.0.4
Apache Hadoop 0.23.9
Apache Hadoop 0.23.3
Apache Hadoop 2.0.3
Apache Hadoop 2.0.6
Apache Hadoop 2.1.0
Apache Hadoop 2.5.1
Apache Hadoop 2.0.5
Apache Hadoop 2.2.0
Apache Hadoop 0.23.6
Apache Hadoop 2.5.0
Apache Hadoop 2.1.1
Apache Hadoop 2.0.0
Apache Hadoop 0.23.0
Apache Hadoop 0.23.4
Apache Hadoop 2.4.0
Apache Hadoop 0.23.5
Apache Hadoop 2.4.1
Apache Hadoop 0.23.10
Apache Hadoop 2.0.2
Apache Hadoop 0.23.8
Apache Hadoop 2.3.0
7.5
CVSSv2
CVE-2012-3376
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have ...
Apache Hadoop 2.0.0
6.5
CVSSv2
CVE-2012-1574
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 up to and including 0.20.205.0, 0.23.x prior to 0.23.2, and 1.0.x prior to 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin prior to 0.20.2+923.197, and other products, allows...
Apache Hadoop 0.20.203.0
Apache Hadoop 0.20.204.0
Apache Hadoop 0.20.205.0
Apache Hadoop 0.23.1
Apache Hadoop 1.0.0
Apache Hadoop 0.23.0
Apache Hadoop 1.0.1
Cloudera Hadoop 0.20.1\\+169
Cloudera Hadoop 0.20.2\\+923
Cloudera Cloudera Cdh Cdh3
Cloudera Hadoop 0.20-sbin
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4