Lucene search
+L

950 matches found

OSV
OSV
added 2018/04/05 1:29 p.m.22 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

3.7CVSS4.6AI score
Exploits0References2
NVD
NVD
added 2018/04/05 1:29 p.m.26 views

CVE-2018-1282

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

9.1CVSS9.3AI score0.05516EPSS
Exploits0References3
Prion
Prion
added 2018/04/05 1:29 p.m.17 views

Information disclosure

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

7.5CVSS9AI score0.05516EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2018/04/05 1:29 p.m.21 views

CVE-2018-1282

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

9.1CVSS9.3AI score
Exploits0References3
Prion
Prion
added 2018/04/05 1:29 p.m.21 views

Code injection

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

4.3CVSS4.1AI score0.02272EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/04/05 1:29 p.m.20 views

Design/Logic Flaw

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3CVSS4.5AI score0.0178EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.32 views

CVE-2018-1282

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument escaping/cleanup that JDBC driver does in PreparedStatement implementation...

9.3AI score0.05516EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.27 views

CVE-2018-1315

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on the cluster where the command is run from. This is because FTP client code in HPL/SQL does not veri...

4.3AI score0.0178EPSS
Exploits0References1
Cvelist
Cvelist
added 2018/04/05 1:0 p.m.38 views

CVE-2018-1284

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs xpath/xpathstring/xpathboolean/xpathnumber/xpathdouble/xpathfloat/xpathlong/xpathint/xpathshort to expose the content of a file on the machine running HiveServer2 owned by HiveServer2 user usually hive if...

4AI score0.02272EPSS
Exploits0References2
CVE
CVE
added 2018/04/05 1:0 p.m.96 views

CVE-2018-1315

CVE-2018-1315 affects Apache Hive 2.1.0–2.3.2 when using the HPL/SQL extension and issuing COPY FROM FTP. The FTP client does not verify the destination path, allowing a compromised FTP server to cause the downloaded file to be written to an arbitrary location on the cluster where the command is ...

4.3CVSS4.6AI score0.0178EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/04/05 1:0 p.m.93 views

CVE-2018-1284

CVE-2018-1284 affects Apache Hive versions 0.6.0 through 2.3.2. A malicious user can leverage any of the xpath UDFs (xpath, xpath_string, xpath_boolean, xpath_number, xpath_double, xpath_float, xpath_long, xpath_int, xpath_short) to expose the content of a local file on the machine running HiveSe...

4.3CVSS4.2AI score0.02272EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/04/05 1:0 p.m.110 views

CVE-2018-1282

CVE-2018-1282 affects Apache Hive JDBC driver versions 0.7.1 through 2.3.2. The vulnerability arises from an error in the PreparedStatement argument handling, allowing carefully crafted inputs to bypass the driver’s argument escaping/cleanup. Several connected documents corroborate this CVE in th...

9.1CVSS8.9AI score0.05516EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2018/04/05 2:18 a.m.20 views

Unauthorised Arbitrary File Access Through XML External Entity (XXE)

Apache Hive Query Language is vulnerable to unauthorized arbitrary file access through XML external entity XXE . Using xpath UDFs, an attacker can reveal any file on a machine running HiveServer 2 only if the hive.server2.enable.doAs variable is set to false...

3.7CVSS4.6AI score0.02272EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2018/04/05 1:46 a.m.19 views

Unauthorized Write To Arbitrary Location

Hive HPL/SQL is vulnerable to unauthorized write to arbitrary location. FTP client in HPL/SQL fails to validate the download destination location for COPY FROM FTP statement, thereby allowing a malicious FTP server to run the command to download the file to any location...

3.7CVSS4.8AI score0.0178EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2018/04/05 12:0 a.m.3 views

PT-2018-3928 · Apache +1 · Apache Hive Jdbc Driver +1

Name of the Vulnerable Software and Affected Versions: Apache Hive JDBC driver versions 0.7.1 through 2.3.2 Oracle Business Intelligence Enterprise Edition Analytics Server affected versions not specified Description: The issue allows an attacker to bypass argument escaping in the JDBC driver's...

9.4CVSS9AI score0.05516EPSS
Exploits0References14
Snyk
Snyk
added 2018/04/04 1:2 p.m.3 views

Arbitrary File Write

Amendment This was deemed not a vulnerability. Overview org.apache.hive:hive-common is a reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client...

4.3CVSS6.8AI score0.0178EPSS
Exploits0References2
Snyk
Snyk
added 2018/04/04 1:2 p.m.5 views

Arbitrary File Write

Overview org.apache.hive:hive-hplsql is a data warehouse software facilitates reading, writing, and managing large datasets residing in distributed storage using SQL. Affected versions of this package are vulnerable to Arbitrary File Write via the File Transfer Protocol FTP client functionality...

4.3CVSS6.8AI score0.0178EPSS
Exploits0References2
CNVD
CNVD
added 2018/02/26 12:0 a.m.4 views

Apache Ranger Security Bypass Vulnerability

Apache Ranger is the Apache Software Foundation's architecture for implementing comprehensive security measures for Hadoop clusters, which provides centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection.Hive Authorizer ...

5.9CVSS6.8AI score0.02614EPSS
Exploits1References1
The Hacker News
The Hacker News
added 2017/11/09 6:6 a.m.22 views

Vault 8: WikiLeaks Releases Source Code For Hive - CIA's Malware Control System

Almost two months after releasing details of 23 different secret CIA hacking tool projects under Vault 7 series, Wikileaks today announced a new Vault 8 series that will reveal source codes and information about the backend infrastructure developed by the CIA hackers. Not just announcement, but t...

7.6AI score
Exploits0
CNVD
CNVD
added 2017/11/06 12:0 a.m.7 views

Apache Hive Information Disclosure Vulnerability

Apache Hive is a set of Hadoop Distributed Systems Infrastructure based data warehouse software from the Apache Apache Software Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...

4.3CVSS6.2AI score0.01431EPSS
Exploits3References1
Rows per page
Query Builder