Vulnerabilities > Apache > Ranger > High

DATE CVE VULNERABILITY TITLE RISK
2023-05-05 CVE-2021-40331 Unspecified vulnerability in Apache Ranger
An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin.
network
low complexity
apache
8.1
2023-05-05 CVE-2022-45048 Unspecified vulnerability in Apache Ranger 2.3.0
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0.
network
low complexity
apache
8.8
2018-10-05 CVE-2018-11778 Out-of-bounds Write vulnerability in Apache Ranger
UnixAuthenticationService in Apache Ranger 1.2.0 was updated to correctly handle user input to avoid Stack-based buffer overflow.
network
low complexity
apache CWE-787
8.8
2016-06-13 CVE-2016-2174 SQL Injection vulnerability in Apache Ranger 0.5.0/0.5.1/0.5.2
SQL injection vulnerability in the policy admin tool in Apache Ranger before 0.5.3 allows remote authenticated administrators to execute arbitrary SQL commands via the eventTime parameter to service/plugins/policies/eventTime.
network
low complexity
apache CWE-89
7.2
2016-04-11 CVE-2016-0735 Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.5.0/0.5.1
Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to bypass intended parent resource-level access restrictions by leveraging mishandling of a resource-level exclude policy.
network
low complexity
apache CWE-264
8.8
2016-04-11 CVE-2015-0266 Permissions, Privileges, and Access Controls vulnerability in Apache Ranger 0.4.0
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
network
low complexity
apache CWE-264
7.1