Security Bulletin: Common vulnerabilities addressed in Cloudera Base on premises 7.3.2

Summary Security Bulletin: Common vulnerabilities addressed in Cloudera Base on premises 7.3.2 Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be...

Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1

Summary Security Bulletin: Common Vulnerabilities Addressed in Cloudera Data Platform Private Cloud Base with IBM 7.3.1 Vulnerability Details CVEID:CVE-2024-50379 DESCRIPTION: Time-of-check Time-of-use TOCTOU Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on...

MAL-2026-2495 Malicious code in cloudera (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ddf3c5a1eb28ca1531748670bd932bda38d78b04ae81c983361465a2076f57 The package cloudera was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cloudera (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 11ddf3c5a1eb28ca1531748670bd932bda38d78b04ae81c983361465a2076f57 The package cloudera was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-2493 Malicious code in cloudera-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...

Malicious code in cloudera-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 24e0a829db4a908047174ccb540d590c9df780c994d9ecc1b1705247f89612de The package cloudera-poc was found to contain malicious code. Source: ossf-package-analysis...

Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2024-22415 DESCRIPTION: jupyter-lsp is a coding assistance tool for JupyterLab code navigation + hover suggestions + linters +...

Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary Security Bulletin: Multiple vulnerabilities addressed in Cloudera Base on premises Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-27221 DESCRIPTION: In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leaka...

Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9

Summary Security Bulletin: protobuf-java - CVE-2021-44716 addressed in Cloudera Data Platform Private Cloud Base 7.1.9. Vulnerability Details CVEID:CVE-2021-44716 DESCRIPTION: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header...

Security Bulletin: Critical vulnerability addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2

Summary CVE-2025-66516 - Apache Tika addressed in Cloudera Base on premises 7.1.9 SP1 CHF 14 and Cloudera Runtime 7.3.1.700 SP3 CHF 2 Vulnerability Details CVEID:CVE-2025-66516 DESCRIPTION: Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5...

Security Bulletin: Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base

Summary Common Vulnerability fixed in latest releases of Cloudera Data Platform Private Cloud Base Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function. CWE:CWE-94: Improper Control of Generation of...

Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3

Summary Security Bulletin: CVE-2022-3510 fixed in Cloudera Data Platform Private Cloud Base 7.1.7 SP3 Vulnerability Details CVEID:CVE-2022-3510 DESCRIPTION: A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3,...

Security Bulletin: Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM

Summary Common Vulnerabilities found in Cloudera Data Platform Private Cloud base with IBM v7.1.9. Upgrade to the latest service pack and hotfix to ensure fixes to the addressed vulnerabilities are obtained. Vulnerability Details CVEID:CVE-2020-9493 DESCRIPTION: A deserialization flaw was found i...

CVE-2018-10815

An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information...

CVE-2016-9271

Cloudera Manager 5.7.x before 5.7.6, 5.8.x before 5.8.4, and 5.9.x before 5.9.1 allows XSS in the help search feature...

Security Bulletin: CVEs addressed in latest release of Cloudera Observability

Summary Common Vulnerabilities addressed by Cloudera Observability 3.6.2 Vulnerability Details CVEID:CVE-2021-20190 DESCRIPTION: A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this...

EUVD-2014-8565

Malware in sbrugna...

EUVD-2015-6436

Malware in sbrugna...

EUVD-2018-2884

Malware in sbrugna...

EUVD-2014-0263

Malware in sbrugna...