Vulnerabilities > Apache > Hadoop > 2.6.5

DATE CVE VULNERABILITY TITLE RISK
2017-04-26 CVE-2017-3162 Improper Input Validation vulnerability in Apache Hadoop
HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace.
network
low complexity
apache CWE-20
7.3
7.3
2017-04-26 CVE-2017-3161 Cross-site Scripting vulnerability in Apache Hadoop
The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting (XSS) attack through an unescaped query parameter.
network
low complexity
apache CWE-79
6.1
6.1
2017-04-11 CVE-2016-6811 Permissions, Privileges, and Access Controls vulnerability in Apache Hadoop
In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user.
network
low complexity
apache CWE-264
8.8
8.8