18 matches found
EUVD-2018-0816
Malware in sbrugna...
EUVD-2022-4410
Malicious code in bioql PyPI...
EUVD-2022-3152
Malicious code in bioql PyPI...
The vulnerability of the YARN NodeManager component in Apache Hadoop’s distributed development and execution platform allows a hacker to gain unauthorized access to arbitrary passwords.
The vulnerability of the YARN NodeManager component in Apache Hadoop distributed development and execution platforms is related to registration data management errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to arbitrary passwords...
GHSA-JPMF-8CJ2-595G Improper Link Resolution Before File Access in Apache Hadoop
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...
com.amazon.emr:emr-dynamodb-hadoop (>=4.2.0 <=4.3.0), com.amazon.emr:emr-dynamodb-tools (=4.2.0) +150 more potentially affected by CVE-2016-3086 via org.apache.hadoop:hadoop-yarn-server-nodemanager (>=2.7.0 <=2.7.2)
org.apache.hadoop:hadoop-yarn-server-nodemanager MAVEN version =2.7.0, =4.2.0, =1.0.4, =1.0.4, =1.2.0, =1.0.2, =1.0.2, =1.2.1, =10.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1, =1.2.0 - com.intropro.prairie:hbase-unit =1.2.0 and more Source cves: CVE-2016-3086 Source advisory: OSV:GHSA-895M-WW55-5...
VulnCheck KEV: CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...
The vulnerability of the YARN NodeManager component in Apache Hadoop’s distributed development and execution platform allows attackers to circumvent existing security restrictions and introduce malicious code into a zip file.
The vulnerability of the YARN NodeManager component in Apache Hadoop distributed development and execution platforms exists due to an incorrect pathname limitation for the restricted access directory. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions...
Apache Hadoop YARN NodeManager Password Disclosure Vulnerability
Apache Hadoop is a set of open source distributed system infrastructure of the Apache Apache Software Foundation of the United States, which is capable of distributed processing of large amounts of data, and has high reliability, high scalability, high fault tolerance, etc. YARN NodeManager is on...
CVE-2017-15718
The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications...
CVE-2016-3086
CVE-2016-3086 affects Apache Hadoop’s YARN NodeManager. Affected are Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, where a flaw in the NodeManager can leak the password for the credential store provider to YARN applications. Root cause is a credential store/password handling flaw in the NodeM...
Apache Hadoop Password Exposure Vulnerability (Jan 2017)
Apache Hadoop is prone to a password exposure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:hadoop";...
CVE-2015-2263
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
Design/Logic Flaw
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
CVE-2015-2263
CVE-2015-2263 affects Cloudera Manager 4.x and 5.x releases (before 5.0.6, 5.1.5, 5.2.5, and 5.3.3 respectively). The root cause is that, during YARN NodeManager startup, the product grants global read permissions to files in its configuration directory. This enables local users to read sensitive...
CVE-2015-2263
Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive information by reading the files, as...
CVE-2014-3627
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...
Authentication flaw
The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 and 2.x before 2.5.2, when using Kerberos authentication, allows remote cluster users to change the permissions of certain files to world-readable via a symlink attack in a public tar archive, which is not properly handled during...