Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache hadoop vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2017-3161
The HDFS web UI in Apache Hadoop prior to 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
Apache Hadoop
5.5
CVSSv3
CVE-2021-36151
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
Apache Gobblin
5.5
CVSSv3
CVE-2016-5001
This is an information disclosure vulnerability in Apache Hadoop prior to 2.6.4 and 2.7.x prior to 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessin...
Apache Hadoop 2.7.0
Apache Hadoop
Apache Hadoop 2.7.1
4.9
CVSSv3
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS...
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13.0
Cloudera Navigator Key Trustee Kms 5.12.0
Cloudera Navigator Key Trustee Kms 5.13.0
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.12.0
Cloudera Cloudera Manager 5.12.2
4.5
CVSSv3
CVE-2023-38188
Azure Apache Hadoop Spoofing Vulnerability
Microsoft Azure Hdinsights -
NA
CVE-2014-3627
The YARN NodeManager daemon in Apache Hadoop 0.23.0 up to and including 0.23.11 and 2.x prior to 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which...
Apache Hadoop 2.0.4
Apache Hadoop 0.23.9
Apache Hadoop 0.23.3
Apache Hadoop 2.0.3
Apache Hadoop 2.0.6
Apache Hadoop 2.1.0
Apache Hadoop 2.5.1
Apache Hadoop 2.0.5
Apache Hadoop 2.2.0
Apache Hadoop 0.23.6
Apache Hadoop 2.5.0
Apache Hadoop 2.1.1
Apache Hadoop 2.0.0
Apache Hadoop 0.23.0
Apache Hadoop 0.23.4
Apache Hadoop 2.4.0
Apache Hadoop 0.23.5
Apache Hadoop 2.4.1
Apache Hadoop 0.23.10
Apache Hadoop 2.0.2
Apache Hadoop 0.23.8
Apache Hadoop 2.3.0
NA
CVE-2012-3376
DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have ...
Apache Hadoop 2.0.0
NA
CVE-2012-1574
The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 up to and including 0.20.205.0, 0.23.x prior to 0.23.2, and 1.0.x prior to 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin prior to 0.20.2+923.197, and other products, allows...
Apache Hadoop 0.20.203.0
Apache Hadoop 0.20.204.0
Apache Hadoop 0.20.205.0
Apache Hadoop 0.23.1
Apache Hadoop 1.0.0
Apache Hadoop 0.23.0
Apache Hadoop 1.0.1
Cloudera Hadoop 0.20.1\\+169
Cloudera Hadoop 0.20.2\\+923
Cloudera Cloudera Cdh Cdh3
Cloudera Hadoop 0.20-sbin
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4