Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudera vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-32481
Cloudera Hue 4.6.0 allows XSS via the type parameter.
Cloudera Hue 4.6.0
8.8
CVSSv3
CVE-2020-26936
Cloudera Data Engineering (CDE) prior to 1.1 was vulnerable to a CSRF attack.
Cloudera Data Engineering
8.3
CVSSv3
CVE-2018-20090
An issue exists in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
Cloudera Data Science Workbench
6.5
CVSSv3
CVE-2021-3167
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
Cloudera Data Engineering 1.3.0
9.9
CVSSv3
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CD...
Cloudera Data Science Workbench
8.8
CVSSv3
CVE-2017-15536
An issue exists in Cloudera Data Science Workbench (CDSW) 1.x prior to 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDS...
Cloudera Data Science Workbench
9.8
CVSSv3
CVE-2015-4166
Cloudera Key Trustee Server prior to 5.4.3 does not store keys synchronously, which might allow malicious users to have unspecified impact via vectors related to loss of an encryption key.
Cloudera Key Trustee Server
9.8
CVSSv3
CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
Cloudera Data Science Workbench
5.3
CVSSv3
CVE-2018-15665
An issue exists in Cloudera Data Science Workbench (CDSW) 1.2.x up to and including 1.4.0. Unauthenticated users can get a list of user accounts.
Cloudera Data Science Workbench
6.5
CVSSv3
CVE-2014-0229
Apache Hadoop 0.23.x prior to 0.23.11 and 2.x prior to 2.4.1, as used in Cloudera CDH 5.0.x prior to 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause...
Cloudera Cdh 5.0.0
Apache Hadoop 2.0.4
Apache Hadoop 2.0.6
Apache Hadoop 2.1.1
Apache Hadoop 0.23.1
Apache Hadoop 0.23.3
Apache Hadoop 2.0.0
Apache Hadoop 2.0.1
Apache Hadoop 2.0.2
Apache Hadoop 2.0.3
Apache Hadoop 0.23.5
Apache Hadoop 0.23.6
Apache Hadoop 0.23.7
Apache Hadoop 0.23.8
Apache Hadoop 2.2.0
Apache Hadoop 2.3.0
Apache Hadoop 2.4.0
Apache Hadoop 0.23.0
Apache Hadoop 2.0.5
Apache Hadoop 2.1.0
Apache Hadoop 0.23.10
Apache Hadoop 0.23.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5