Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudera vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-29994
Cloudera Hue 4.6.0 allows XSS.
Cloudera Hue 4.6.0
6.8
CVSSv2
CVE-2020-26936
Cloudera Data Engineering (CDE) prior to 1.1 was vulnerable to a CSRF attack.
Cloudera Data Engineering
7.5
CVSSv2
CVE-2015-4166
Cloudera Key Trustee Server prior to 5.4.3 does not store keys synchronously, which might allow malicious users to have unspecified impact via vectors related to loss of an encryption key.
Cloudera Key Trustee Server
7.5
CVSSv2
CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
Cloudera Data Science Workbench
4
CVSSv2
CVE-2021-3167
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
Cloudera Data Engineering 1.3.0
6.5
CVSSv2
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CD...
Cloudera Data Science Workbench
6.5
CVSSv2
CVE-2018-20090
An issue exists in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
Cloudera Data Science Workbench
5
CVSSv2
CVE-2018-15665
An issue exists in Cloudera Data Science Workbench (CDSW) 1.2.x up to and including 1.4.0. Unauthenticated users can get a list of user accounts.
Cloudera Data Science Workbench
6.5
CVSSv2
CVE-2017-15536
An issue exists in Cloudera Data Science Workbench (CDSW) 1.x prior to 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDS...
Cloudera Data Science Workbench
4
CVSSv2
CVE-2014-0229
Apache Hadoop 0.23.x prior to 0.23.11 and 2.x prior to 2.4.1, as used in Cloudera CDH 5.0.x prior to 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause...
Cloudera Cdh 5.0.0
Apache Hadoop 2.0.4
Apache Hadoop 2.0.6
Apache Hadoop 2.1.1
Apache Hadoop 0.23.1
Apache Hadoop 0.23.3
Apache Hadoop 2.0.0
Apache Hadoop 2.0.1
Apache Hadoop 2.0.2
Apache Hadoop 2.0.3
Apache Hadoop 0.23.5
Apache Hadoop 0.23.6
Apache Hadoop 0.23.7
Apache Hadoop 0.23.8
Apache Hadoop 2.2.0
Apache Hadoop 2.3.0
Apache Hadoop 2.4.0
Apache Hadoop 0.23.0
Apache Hadoop 2.0.5
Apache Hadoop 2.1.0
Apache Hadoop 0.23.10
Apache Hadoop 0.23.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400
CVE-2023-7252
CVE-2024-21111
denial of service
CVE-2024-29661
CVE-2024-22856
remote attackers
encryption
CVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5