Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2012-3376
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have ...
Apache Hadoop 2.0.0
801
VMScore
CVE-2018-11764
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured.
Apache Hadoop 3.0.0
578
VMScore
CVE-2020-9492
In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.
Apache Hadoop
Apache Solr 8.6.0
Apache Solr 8.6.2
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
383
VMScore
CVE-2018-8042
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Apache Ambari
187
VMScore
CVE-2021-36151
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
Apache Gobblin
606
VMScore
CVE-2019-17195
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Connect2id Nimbus Jose\\+jwt
Apache Hadoop 3.2.1
Oracle Solaris Cluster 4.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Enterprise Manager Base Platform 13.4.0.0
Oracle Primavera Gateway 19.12.0
Oracle Data Integrator 12.2.1.4.0
Oracle Peoplesoft Enterprise Peopletools 8.59
Oracle Primavera Gateway
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Jd Edwards Enterpriseone Tools
Oracle Policy Automation
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.7.0
Oracle Insurance Policy Administration
Oracle Healthcare Data Repository 8.1.0
Oracle Jd Edwards Enterpriseone Orchestrator
NA
CVE-2023-38188
Azure Apache Hadoop Spoofing Vulnerability
Microsoft Azure Hdinsights -
490
VMScore
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS...
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13.0
Cloudera Navigator Key Trustee Kms 5.12.0
Cloudera Navigator Key Trustee Kms 5.13.0
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.12.0
Cloudera Cloudera Manager 5.12.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4