EUVD-2013-2148

Malware in sbrugna...

EUVD-2018-0678

Malware in sbrugna...

EUVD-2019-0402

Malware in sbrugna...

EUVD-2018-0650

Malware in sbrugna...

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

Unauthorized Access Vulnerability in Apache HBase

Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. An unauthorized access vulnerability exists in Apache HBase. An attacker could exploit the vulnerability to obtain sensitive information...

Security Bulletin: Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, CVE-2015-1836).

Summary Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials CVE-2015-1772 , CVE-2015-1836. Vulnerability Details CVEID: CVE-2015-1772 DESCRIPTION: Apac...

apache-hbase.679495.n3.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181880 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

GHSA-535V-4X9Q-446C Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

Authentication flaw

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

Race condition in org.apache.hbase:hbase-thrift

An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...

High severity vulnerability that affects org.apache.hbase:hbase

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...

GHSA-P8XR-4V2C-RVGP High severity vulnerability that affects org.apache.hbase:hbase

Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoSphere BigInsights 3.0, 3.0.0.1, and 3.0.0.2 and other products, uses incorrect ACLs for ZooKeeper coordination state, which allows remote attackers to cause a denial of service daemon outage, obtai...

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

CVE-2018-8025

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...

Race condition

CVE-2018-8025 describes an issue in Apache HBase that affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an...