Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cloudera vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2020-26936
Cloudera Data Engineering (CDE) prior to 1.1 was vulnerable to a CSRF attack.
Cloudera Data Engineering
383
VMScore
CVE-2021-29994
Cloudera Hue 4.6.0 allows XSS.
Cloudera Hue 4.6.0
578
VMScore
CVE-2017-15536
An issue exists in Cloudera Data Science Workbench (CDSW) 1.x prior to 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access to CDS...
Cloudera Data Science Workbench
356
VMScore
CVE-2021-3167
In Cloudera Data Engineering (CDE) 1.3.0, JWT authentication tokens are exposed to administrators in virtual cluster server logs.
Cloudera Data Engineering 1.3.0
445
VMScore
CVE-2018-15665
An issue exists in Cloudera Data Science Workbench (CDSW) 1.2.x up to and including 1.4.0. Unauthenticated users can get a list of user accounts.
Cloudera Data Science Workbench
578
VMScore
CVE-2018-20091
An SQL injection vulnerability was found in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. This would allow any authenticated user to run arbitrary queries against CDSW's internal database. The database contains user contact information, encrypted CD...
Cloudera Data Science Workbench
668
VMScore
CVE-2018-11215
Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.
Cloudera Data Science Workbench
668
VMScore
CVE-2015-4166
Cloudera Key Trustee Server prior to 5.4.3 does not store keys synchronously, which might allow malicious users to have unspecified impact via vectors related to loss of an encryption key.
Cloudera Key Trustee Server
578
VMScore
CVE-2018-20090
An issue exists in Cloudera Data Science Workbench (CDSW) 1.4.0 up to and including 1.4.2. Authenticated users can bypass project permission checks and gain read-write access to any project folder.
Cloudera Data Science Workbench
356
VMScore
CVE-2014-0229
Apache Hadoop 0.23.x prior to 0.23.11 and 2.x prior to 2.4.1, as used in Cloudera CDH 5.0.x prior to 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause...
Cloudera Cdh 5.0.0
Apache Hadoop 2.0.4
Apache Hadoop 2.0.6
Apache Hadoop 2.1.1
Apache Hadoop 0.23.1
Apache Hadoop 0.23.3
Apache Hadoop 2.0.0
Apache Hadoop 2.0.1
Apache Hadoop 2.0.2
Apache Hadoop 2.0.3
Apache Hadoop 0.23.5
Apache Hadoop 0.23.6
Apache Hadoop 0.23.7
Apache Hadoop 0.23.8
Apache Hadoop 2.2.0
Apache Hadoop 2.3.0
Apache Hadoop 2.4.0
Apache Hadoop 0.23.0
Apache Hadoop 2.0.5
Apache Hadoop 2.1.0
Apache Hadoop 0.23.10
Apache Hadoop 0.23.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5