com.sap.hcp.cf.logging:sample-app-spring-boot (>=3.8.5 <=4.1.0), dev.vality:shared-resources (>=4.0.0-alpha1 <=4.0.0-alpha4) +1 more potentially affected by CVE-2026-33701 via io.opentelemetry.javaagent:opentelemetry-javaagent (>=2.15.0 <=2.23.0)

io.opentelemetry.javaagent:opentelemetry-javaagent MAVEN version =2.15.0, =3.8.5, =4.0.0-alpha1, =2.5.12, =2.6.4-hadoop3 Source cves: CVE-2026-33701 Source advisory: SNYK:JAVA-IOOPENTELEMETRYJAVAAGENT-15857172...

com.expediagroup:drone-fly-app (=1.0.9), org.apache.hive:hive-beeline (>=4.0.0 <=4.1.0) +3 more potentially affected by CVE-2025-62728 via org.apache.hive:hive-standalone-metastore-server (>=4.0.0-alpha-1 <=4.1.0)

org.apache.hive:hive-standalone-metastore-server MAVEN version =4.0.0-alpha-1, =4.0.0, =4.0.0, =4.1.0 - org.apache.hive:hive-metastore-packaging =4.1.0 - org.apache.hive:hive-standalone-metastore-rest-catalog =4.1.0 Source cves: CVE-2025-62728 Source advisory: SNYK:JAVA-ORGAPACHEHIVE-14136073...

EUVD-2013-2148

Malware in sbrugna...

EUVD-2018-0678

Malware in sbrugna...

EUVD-2019-0402

Malware in sbrugna...

EUVD-2018-0650

Malware in sbrugna...

Security Bulletin: Vulnerabilities with DataStage on Cloud Pak for Data related to Apache hbase-client 2.4.15

Summary IBM has released the below fix for IBM DataStage on Cloud Pak for Data in response to multiple vulnerabilities found in components. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2015-5237 DESCRIPTION: Google Protocol Buffers cou...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to denial of service due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as...

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to LDAP injection due to hbase-client

Summary hbase-client is used by the ds-cas-lite microservice as part of the HBase API functionality. Vulnerability Details CVEID:CVE-2023-25613 DESCRIPTION: Apache Kerby could allow a remote attacker to conduct an LDAP injection, caused by a flaw in LdapIdentityBackend. By sending a request with ...

org.apache.nifi:nifi-hbase_2-client-service-nar (>=1.10.0 <=1.22.0) potentially affected by CVE-2023-36542 via org.apache.nifi:nifi-hbase_2-client-service (>=1.10.0 <=1.22.0)

org.apache.nifi:nifi-hbase2-client-service MAVEN version =1.10.0, =1.10.0, =1.22.0 Source cves: CVE-2023-36542 Source advisory: OSV:GHSA-R969-8V3H-23V9...

ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.28.0), com.4paradigm.openmldb:openmldb-taskmanager (>=0.4.2 <=0.6.2) +398 more potentially affected by CVE-2022-25168 via org.apache.hadoop:hadoop-common (>=2.0.4-alpha <=2.10.1)

org.apache.hadoop:hadoop-common MAVEN version =2.0.4-alpha, =0.18.5, =0.4.2, =2.0.29.2, =0.3.0, =0.3.0, =2.10.6.9, =3.0.0, =3.0.0, =0.24.0, =0.24.0, =0.24.0, =0.24.0, =0.19.3, =0.19.3, =0.26.0 and more Source cves: CVE-2022-25168 Source advisory: OSV:GHSA-8WM5-8H9C-47PC...

co.cask.tephra:tephra-examples (>=0.6.2 <=0.7.1), co.cask.tephra:tephra-hbase-compat-1.0-cdh (>=0.6.0 <=0.7.1) +356 more potentially affected by CVE-2016-5393 via org.apache.hadoop:hadoop-common (>=2.6.0 <=2.6.4)

org.apache.hadoop:hadoop-common MAVEN version =2.6.0, =0.6.2, =0.6.0, =1.7.0, =1.1.0, =1.1.0, =7.2.1, =3.0.0, =3.0.0, =7.2.1, =3.0.0, =3.0.0, =3.0.0, =3.6.7 and more Source cves: CVE-2016-5393 Source advisory: OSV:GHSA-7Q56-MP4C-GGGG...

GHSA-CG5H-Q983-4RWW Apache Storm remote code execution vulnerability

The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase...

Apache Storm remote code execution vulnerability

The UI daemon in Apache Storm 0.10.0-beta allows remote users to run arbitrary code as the user running the web server. With kerberos authentication this could allow impersonation of arbitrary users on other systems, including HDFS and HBase...

br.com.esec.icpm:certillion-client-library (>=1.1.7 <=1.2.0), br.com.esec.icpm:certillion-client-library-resteasy-plugin (>=1.1.9 <=1.1.10) +294 more potentially affected by CVE-2013-2172 via org.apache.santuario:xmlsec (>=1.5.1 <=1.5.4)

org.apache.santuario:xmlsec MAVEN version =1.5.1, =1.1.7, =1.1.9, =1.2.5, =1.2.6 - com.fluxcorp.plugins:webservice-trigger =1.0.4 - com.googlecode.xades4j:xades4j =1.3.1 - com.sitewhere:sitewhere-core =0.9.7 - com.sitewhere:sitewhere-gnuhealth =0.9.7 - com.sitewhere:sitewhere-hbase =0.9.7 -...

Unauthorized Access Vulnerability in Apache HBase

Apache Hbase is the United States Apache Apache Software Foundation, a set of column-oriented distributed database built on Apache Hadoop and Apache ZooKeeper. An unauthorized access vulnerability exists in Apache HBase. An attacker could exploit the vulnerability to obtain sensitive information...

Security Bulletin: Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials (CVE-2015-1772, CVE-2015-1836).

Summary Infosphere BigInsights is affected by vulnerabilities in Apache HBase and Hive that could allow a remote attacker to gain unauthorized access to the system or authenticate with improper credentials CVE-2015-1772 , CVE-2015-1836. Vulnerability Details CVEID: CVE-2015-1772 DESCRIPTION: Apac...

apache-hbase.679495.n3.nabble.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1181880 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website...

CVE-2019-0212

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...

Improper Authorization in org.apache.hbase:hbase

In all previously released Apache HBase 2.x versions 2.0.0-2.0.4, 2.1.0-2.1.3, authorization was incorrectly applied to users of the HBase REST server. Requests sent to the HBase REST server were executed with the permissions of the REST server itself, not with the permissions of the end-user. Th...