Show filters
13 Total Results
Displaying 1-10 of 13
Sort by:
Attacker Value
Unknown

CVE-2022-44310

Disclosure Date: February 24, 2023 (last updated October 08, 2023)
In Development IL ecdh before 0.2.0, an attacker can send an invalid point (not on the curve) as the public key, and obtain the derived shared secret.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-7319

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
An issue was discovered in Cloudera Hue 6.0.0 through 6.1.0. When using one of following authentication backends: LdapBackend, PamBackend, SpnegoDjangoBackend, RemoteUserDjangoBackend, SAML2Backend, OpenIDBackend, or OAuthBackend, external users are created with superuser privileges.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-5724

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-6353

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-3131

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-4572

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2015-7831

Disclosure Date: November 26, 2019 (last updated November 27, 2024)
In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2017-9325

Disclosure Date: July 03, 2019 (last updated November 27, 2024)
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on /update/json/docs.
0
0
Attacker Value
Unknown

CVE-2018-17860

Disclosure Date: November 12, 2018 (last updated November 27, 2024)
Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.
Attack Vector: NetworkPrivileges: HighUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2016-6605

Disclosure Date: April 10, 2017 (last updated November 26, 2024)
Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to bypass Setry authorization.
0
0
View More Topics  Next >