MAL-2026-2112 Malicious code in apply-hive-table (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cd10a24231fb7b6830827a26ee11d450938fce94e811f0c233c6a63a8e3c98d9 In specific environments, during installation, the package attempts to exfiltrate some basic information using DNS requests and then cover tracks by installing...

GHSA-H7XG-CMPP-48HF H2O Deserialization of Untrusted Data Vulnerability

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...

Privilege Escalation

org.apache.ranger:ranger-hive-plugin is vulnerable to Privilege Escalation. An Incorrect Permission Assignment vulnerability exists in RangerHiveAuthorizer.java, which allows any user with SELECT capability to change the ownership of a Hive table...

CVE-2015-1889

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via 1 a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or 2 an import of a certain Hive table definition with...

Design/Logic Flaw

The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via 1 a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or 2 an import of a certain Hive table definition with...