Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudera vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2016-4947
Cloudera HUE 3.9.0 and previous versions allows remote malicious users to enumerate user accounts via a request to desktop/api/users/autocomplete.
Cloudera Hue
445
VMScore
CVE-2016-4949
Cloudera Manager 5.5 and previous versions allows remote malicious users to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.
Cloudera Manager
445
VMScore
CVE-2016-4950
Cloudera Manager 5.5 and previous versions allows remote malicious users to enumerate user sessions via a request to /api/v11/users/sessions.
Cloudera Manager
578
VMScore
CVE-2015-7831
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
Cloudera Cdh
516
VMScore
CVE-2015-8094
Open redirect vulnerability in Cloudera HUE prior to 3.10.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.
Cloudera Hue
570
VMScore
CVE-2017-9325
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
Cloudera Cdh
383
VMScore
CVE-2016-4948
Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Ke...
Cloudera Manager
312
VMScore
CVE-2016-6353
Cloudera Search in CDH prior to 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
Cloudera Cdh
445
VMScore
CVE-2016-5724
Cloudera CDH prior to 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
Cloudera Cdh
605
VMScore
CVE-2020-26936
Cloudera Data Engineering (CDE) prior to 1.1 was vulnerable to a CSRF attack.
Cloudera Data Engineering
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »