Lucene search
+L

46 matches found

cvelist
cvelist
added 2026/07/06 8:38 a.m.39 views

CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

0.00546EPSS
Exploits0References1
cve
cve
added 2026/07/06 8:38 a.m.16 views

CVE-2026-24012

CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/07/06 8:38 a.m.2 views

CVE-2026-24012 Apache IoTDB: Denial of Service via Resource Exhaustion in Aggregation Query

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6.1AI score0.00546EPSS
Exploits0References4
euvd
euvd
added 2026/07/06 8:34 a.m.5 views

EUVD-2026-41854

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6AI score0.00509EPSS
Exploits0References1
osv
osv
added 2026/07/06 8:34 a.m.2 views

CVE-2026-24014 Apache IoTDB: Path Traversal in DataNode Internal RPC Trigger JAR Upload Allows Arbitrary File Write

Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path without sufficient validation. If the internal DataNode RPC port is exposed to an untrusted network, an attacker may use path traversal sequences in the JAR name t...

9.8CVSS6.2AI score0.00509EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.13 views

PT-2026-55878

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An uncontrolled resource consumption issue exists where certain interfaces do not impose reasonable limits on the time span and aggregation interval of queries. An attacker can send a reque...

7.5CVSS5.9AI score0.00546EPSS
Exploits0References6
euvd
euvd
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2282

Malware in sbrugna...

9.1CVSS9.1AI score0.02296EPSS
Exploits0References4
redhatcve
redhatcve
added 2025/05/22 8:44 p.m.6 views

CVE-2021-39231

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS7.2AI score0.02296EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 8:43 p.m.6 views

CVE-2021-39233

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

9.1CVSS7.2AI score0.02296EPSS
Exploits0References1
ossf
ossf
added 2022/06/20 8:23 p.m.6 views

Malicious code in datanode-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00d1448b8e6f940f88898c792caf2dee90ce774b871651177f974d3f73810b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
osv
osv
added 2022/06/20 8:23 p.m.10 views

MAL-2022-2354 Malicious code in datanode-explorer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00d1448b8e6f940f88898c792caf2dee90ce774b871651177f974d3f73810b43 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
github
github
added 2022/05/17 2:54 a.m.39 views

Client BlockTokens not checked in Apache Hadoop

DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens of clients when Kerberos is enabled and the DataNode has checked out the same BlockPool twice from a NodeName, which might allow remote clients to read arbitrary blocks, write to blocks to which they only have read access, and...

7.5CVSS2.2AI score0.02655EPSS
Exploits1References5Affected Software1
osv
osv
added 2022/05/17 2:53 a.m.1 views

GHSA-9R7G-325H-MXRM Improper Authentication in Apache Hadoop

Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in Cloudera CDH 5.0.x before 5.0.2, do not check authorization for the 1 refreshNamenodes, 2 deleteBlockPool, and 3 shutdownDatanode HDFS admin commands, which allows remote authenticated users to cause a denial of service DataNode...

6.5CVSS7.2AI score0.01591EPSS
Exploits0References2
osv
osv
added 2022/05/13 1:8 a.m.9 views

GHSA-8R28-R8CP-G6CP Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...

5.5CVSS5.8AI score0.00631EPSS
Exploits0References3
osv
osv
added 2022/05/13 1:8 a.m.51 views

GHSA-PR9X-QMP5-J3RR Improper Input Validation in Apache Hadoop

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

7.3CVSS7AI score0.06251EPSS
Exploits1References5
github
github
added 2022/05/13 1:8 a.m.39 views

Improper Input Validation in Apache Hadoop

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

7.5CVSS7.1AI score0.06251EPSS
Exploits1References6Affected Software1
cnvd
cnvd
added 2021/11/24 12:0 a.m.20 views

Apache Ozone input validation error vulnerability

Apache Ozone is an application. A scalable, redundant and distributed object store for Hadoop and cloud-native environments, an input validation error vulnerability exists in Apache Ozone, which stems from the product's Ozone Datanode not checking the block token's access mode parameter. An...

6.5CVSS1.9AI score0.01501EPSS
Exploits0References1
osv
osv
added 2021/11/23 6:18 p.m.76 views

GHSA-3W5H-X4RH-HC28 Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS9.2AI score0.02296EPSS
Exploits0References4
github
github
added 2021/11/23 6:18 p.m.44 views

Exposure of sensitive information in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration...

9.1CVSS8.8AI score0.02296EPSS
Exploits0References4Affected Software1
osv
osv
added 2021/11/23 6:17 p.m.20 views

GHSA-33XH-XCH9-P6HJ Incorrect Authorization in Apache Ozone

In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client...

9.1CVSS9.2AI score0.02296EPSS
Exploits0References3
Rows per page
Query Builder