EUVD-2018-0737

Malware in sbrugna...

EUVD-2018-0764

Malware in sbrugna...

EUVD-2025-0181

Malicious code in bioql PyPI...

GO-2025-3536 OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive

OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive...

GHSA-C392-WRGW-JJFW OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability

A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If ...

CVE-2024-25132

Technical details for CVE-2024-25132 are not publicly provided in the supplied documents. Monitor for updates; no affected products, root cause, or remediation can be stated from these sources.

GHSA-C339-MWFC-FMR2 Openshift Hive Exposes VCenter Credentials via ClusterProvision

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

CVE-2025-2241

A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...

Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

GHSA-P953-3J66-HG45 Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing

Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...

CVE-2024-54660

CVE-2024-54660 affects Cloudera JDBC Connector for Hive (before 2.6.26) and JDBC Connector for Impala (before 2.6.35). The issue is a JNDI injection triggered by untrusted values in the JAAS-using krbJAASFile parameter within the JDBC URL during connection, allowing potential remote code executio...

EUVD-2024-3564

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

PT-2024-12506 · Apache · Apache Hive

Name of the Vulnerable Software and Affected Versions: Apache Hive versions 4.0.0-alpha-1 through 4.0.0 Description: The issue affects the Hive JDBC driver component and can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious...

com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2020-1926 via org.apache.hive:hive (=2.1.1)

org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2020-1926 Source advisory:...

ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.10), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +26 more potentially affected by CVE-2015-7521 via org.apache.hive:hive-exec (>=1.1.0 <=1.2.1)

org.apache.hive:hive-exec MAVEN version =1.1.0, =3.18.0.9, =0.1.5, =0.1.5, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =0.14.0, =0.14.0, =0.15.0, =0.15.0, =0.15.1 and more Source cves: CVE-2015-7521 Source advisory: OSV:GHSA-83R3-C79W-F6WC...

GHSA-83R3-C79W-F6WC High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...

com.alibaba.blink:flink-hcatalog (>=blink-3.2.0 <=blink-3.7.0), com.bazaarvoice.emodb:emodb-sor-hive (>=1.0.1-migration <=6.2.3) +85 more potentially affected by CVE-2014-0228 via org.apache.hive:hive-exec (>=0.10.0 <=0.13.0)

org.apache.hive:hive-exec MAVEN version =0.10.0, =blink-3.2.0, =1.0.1-migration, =0.60.0, =1.0.1, =0.6, =0.6, =0.6, =0.6, =1.11.2, =1.11.2, =1.11.9 and more Source cves: CVE-2014-0228 Source advisory: OSV:GHSA-W4X9-4F5X-8JJ8...