VYPR
Vendor

Cloudera

Products
14
CVEs
52
Across products
56
Status
Private

Products

14

Recent CVEs

52
View all 52 CVEs →
  • CVE-2015-4166CriMar 23, 2017
    risk 0.64cvss 9.8epss 0.01

    Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key.

  • CVE-2024-54660HigJan 16, 2025
    risk 0.57cvss 8.7epss 0.01

    A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to…

  • CVE-2017-15536HigFeb 5, 2018
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x before 1.2.0. Several web application vulnerabilities allow malicious authenticated users of CDSW to escalate privileges in CDSW. CDSW users can exploit these vulnerabilities in combination to gain root access…

  • CVE-2016-6605HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.

  • CVE-2016-4950HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.02

    Cloudera Manager 5.5 and earlier allows remote attackers to enumerate user sessions via a request to /api/v11/users/sessions.

  • CVE-2016-4949HigMar 7, 2017
    risk 0.49cvss 7.5epss 0.02

    Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.

  • CVE-2014-0229MedMar 23, 2017
    risk 0.42cvss 6.5epss 0.02

    Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a…

  • CVE-2018-11649MedJun 1, 2018
    risk 0.40cvss 6.1epss 0.01

    Hue 3.12 has XSS via the /pig/save/ name and script parameters.

  • CVE-2016-4948MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos…

  • CVE-2016-4946MedMar 7, 2017
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page.

  • CVE-2016-4947MedMar 7, 2017
    risk 0.35cvss 5.3epss 0.01

    Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate user accounts via a request to desktop/api/users/autocomplete.

  • CVE-2015-8094MedMay 22, 2018
    risk 0.33cvss 6.1epss 0.02

    Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter.

  • CVE-2015-2263LowMar 23, 2017
    risk 0.21cvss 3.3epss 0.00

    Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the…

  • CVE-2015-4078LowMar 23, 2017
    risk 0.20cvss 3.1epss 0.01

    Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).

  • CVE-2013-6446LowMar 23, 2017
    risk 0.20cvss 3.1epss 0.01

    The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job information by leveraging failure to enforce job ACLs.

  • CVE-2025-3884May 22, 2025
    risk 0.01cvss epss 0.02

    Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulnerability. The specific…

  • CVE-2023-29751Jun 9, 2023
    risk 0.00cvss epss 0.00

    An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.

  • CVE-2021-32483Nov 8, 2021
    risk 0.00cvss epss 0.01

    Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.

  • CVE-2021-30132Nov 8, 2021
    risk 0.00cvss epss 0.01

    Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.

  • CVE-2021-29243Nov 8, 2021
    risk 0.00cvss epss 0.01

    Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS.