Vulnerabilities > Cloudera > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-11-26 | CVE-2016-3192 | Cleartext Storage of Sensitive Information vulnerability in Cloudera Manager Cloudera Manager 5.x before 5.7.1 places Sensitive Data in cleartext Readable Files. | 6.5 |
2019-11-26 | CVE-2016-3131 | Incorrect Authorization vulnerability in Cloudera CDH Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. | 6.5 |
2019-07-03 | CVE-2017-9327 | Permission Issues vulnerability in Cloudera Manager 5.10.1/5.11.0/5.9.2 Secret data of processes managed by CM is not secured by file permissions. | 6.5 |
2019-06-21 | CVE-2018-15665 | Information Exposure vulnerability in Cloudera Data Science Workbench An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.2.x through 1.4.0. | 5.3 |
2019-06-20 | CVE-2018-15913 | Cross-site Scripting vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager 5.x through 5.15.0. | 6.1 |
2019-06-07 | CVE-2018-6185 | Cryptographic Issues vulnerability in Cloudera Manager and Navigator KEY Trustee KMS In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. | 4.9 |
2019-06-07 | CVE-2018-5798 | Cross-site Scripting vulnerability in Cloudera Manager This CVE relates to an unspecified cross site scripting vulnerability in Cloudera Manager. | 6.1 |
2019-05-24 | CVE-2018-10815 | Information Exposure vulnerability in Cloudera Manager An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. | 6.5 |
2018-05-22 | CVE-2015-8094 | Open Redirect vulnerability in Cloudera HUE 3.9.0 Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | 6.1 |
2017-03-23 | CVE-2014-0229 | Permissions, Privileges, and Access Controls vulnerability in multiple products Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the (1) refreshNamenodes, (2) deleteBlockPool, and (3) shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service (DataNodes shutdown) or perform unnecessary operations by issuing a command. | 6.5 |