Vulnerabilities > Apache > Hadoop > 2.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-30 | CVE-2016-5001 | Information Exposure vulnerability in Apache Hadoop This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. | 5.5 |
| 2017-04-26 | CVE-2017-3162 | Improper Input Validation vulnerability in Apache Hadoop HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. | 7.3 |
| 2017-04-26 | CVE-2017-3161 | Cross-site Scripting vulnerability in Apache Hadoop The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter. | 6.1 |
| 2017-04-11 | CVE-2016-6811 | Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. | 8.8 |
| 2016-11-29 | CVE-2016-5393 | Improper Access Control vulnerability in Apache Hadoop In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | 8.8 |
| 2016-04-19 | CVE-2015-1776 | Information Exposure vulnerability in Apache Hadoop Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file. | 6.2 |