Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
hadoop vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-8042
Apache Ambari, version 2.5.0 to 2.6.2, passwords for Hadoop credential stores are exposed in Ambari Agent informational log messages when the credential store feature is enabled for eligible services. For example, Hive and Oozie.
Apache Ambari
2.1
CVSSv2
CVE-2021-36151
In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue.
Apache Gobblin
NA
CVE-2023-46674
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
Elastic Elasticsearch
6.5
CVSSv2
CVE-2015-1889
The Big SQL component in IBM InfoSphere BigInsights 3.0 up to and including 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a c...
Ibm Infosphere Biginsights 3.0.0.0
Ibm Infosphere Biginsights 3.0.0.1
Ibm Infosphere Biginsights 3.0.0.2
NA
CVE-2022-39379
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated malicious users to execute arbitrary code via specia...
Fluentd Fluentd
Fedoraproject Fedora 37
5.5
CVSSv2
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS...
Cloudera Cloudera Manager 5.12.1
Cloudera Cloudera Manager 5.13.0
Cloudera Navigator Key Trustee Kms 5.12.0
Cloudera Navigator Key Trustee Kms 5.13.0
Cloudera Cloudera Manager 5.13.1
Cloudera Cloudera Manager 5.12.0
Cloudera Cloudera Manager 5.12.2
4.3
CVSSv2
CVE-2020-2754
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access...
Oracle Jdk 14.0.0
Oracle Jre 14.0.0
Oracle Jdk 11.0.6
Oracle Jre 11.0.6
Oracle Jdk 1.8.0
Oracle Jre 1.8.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 14
Oracle Openjdk
Netapp Snapmanager -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Active Iq Unified Manager
Netapp E-series Santricity Os Controller
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
4.3
CVSSv2
CVE-2020-2755
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access...
Oracle Jdk 14.0.0
Oracle Jre 14.0.0
Oracle Jdk 11.0.6
Oracle Jre 11.0.6
Oracle Jdk 1.8.0
Oracle Jre 1.8.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 14
Oracle Openjdk
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Snapmanager -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager
Netapp Santricity Unified Manager -
Netapp E-series Performance Analyzer -
Netapp E-series Santricity Web Services -
Netapp 7-mode Transition Tool -
Netapp Cloud Secure Agent -
4.3
CVSSv2
CVE-2020-2773
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
Oracle Jdk 14.0.0
Oracle Jre 14.0.0
Oracle Jdk 11.0.6
Oracle Jre 11.0.6
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Jre 1.8.0
Oracle Jre 1.7.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 14
Oracle Openjdk
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Opensuse Leap 15.1
Opensuse Leap 15.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
5.8
CVSSv2
CVE-2020-2800
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacke...
Oracle Jre 1.7.0
Oracle Jre 1.8.0
Oracle Jdk 14.0.0
Oracle Jre 14.0.0
Oracle Jdk 11.0.6
Oracle Jre 11.0.6
Oracle Jdk 1.8.0
Oracle Jdk 1.7.0
Oracle Openjdk 8
Oracle Openjdk 7
Oracle Openjdk 14
Oracle Openjdk
Netapp Cloud Backup -
Netapp Steelstore Cloud Integrated Storage -
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Storagegrid -
Netapp Storagegrid
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager
Netapp Santricity Unified Manager -
Netapp E-series Performance Analyzer -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »