VYPR

Cdh

by Cloudera

CVEs (8)

  • CVE-2016-6605HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.

  • CVE-2014-0229MedMar 23, 2017
    risk 0.42cvss 6.5epss 0.02

    Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a…

  • CVE-2013-6446LowMar 23, 2017
    risk 0.20cvss 3.1epss 0.01

    The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.

  • CVE-2018-17860Nov 26, 2019
    risk 0.00cvss epss 0.01

    Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

  • CVE-2016-3131Nov 26, 2019
    risk 0.00cvss epss 0.01

    Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.

  • CVE-2016-4572Nov 26, 2019
    risk 0.00cvss epss 0.01

    In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.

  • CVE-2016-5724Nov 26, 2019
    risk 0.00cvss epss 0.01

    Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.

  • CVE-2012-1574Apr 12, 2012
    risk 0.00cvss epss 0.05

    The Kerberos/MapReduce security functionality in Apache Hadoop 0.20.203.0 through 0.20.205.0, 0.23.x before 0.23.2, and 1.0.x before 1.0.2, as used in Cloudera CDH CDH3u0 through CDH3u2, Cloudera hadoop-0.20-sbin before 0.20.2+923.197, and other products, allows remote…