20 matches found
EUVD-2018-0764
Malware in sbrugna...
EUVD-2018-0737
Malware in sbrugna...
EUVD-2025-0181
Malicious code in bioql PyPI...
Vulnerability of the amdgpu_get_xgmi_hive() function in the drivers/gpu/drm/amd/amdgpu/amdgpu_xgmi.c module – A driver for supporting AMD GPU cores in Linux operating systems, which allows a hacker to cause a service failure
Vulnerability of the amdgpugetxgmihive function in the drivers/gpu/drm/amd/amdgpu/amdgpuxgmi.c module – The Linux kernel driver for AMD GPU Direct Rendering Infrastructure supports is related to improper disabling or release of resources. Exploiting this vulnerability can allow an attacker to cau...
GO-2025-3536 OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive
OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability in github.com/openshift/hive...
GHSA-C392-WRGW-JJFW OpenShift Hive Has an Uncontrolled Resource Consumption Vulnerability
A flaw was found in the Hive hibernation controller component of OpenShift Dedicated. The ClusterDeployment.hive.openshift.io/v1 resource can be created with the spec.installed field set to true, regardless of the installation status, and a positive timespan for the spec.hibernateAfter value. If ...
CVE-2024-25132
Technical details for CVE-2024-25132 are not publicly provided in the supplied documents. Monitor for updates; no affected products, root cause, or remediation can be stated from these sources.
The vulnerability of the Hive software component used in the Kubernetes Multicluster Engine (MCE) and Advanced Cluster Management (ACM) allows a hacker to gain unauthorized access to the VCenter database.
The vulnerability of the Hive software components used in the Kubernetes Multicluster Engine MCE and Advanced Cluster Management ACM lies in the insecure storage of confidential information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to th...
GHSA-C339-MWFC-FMR2 Openshift Hive Exposes VCenter Credentials via ClusterProvision
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241 Hive: exposure of vcenter credentials via clusterprovision in hive / mce / acm
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
CVE-2025-2241
A flaw was found in Hive, a component of Multicluster Engine MCE and Advanced Cluster Management ACM. This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object after provisioning a VSphere cluster. Users with read access to ClusterProvision objects can extract...
Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...
GHSA-P953-3J66-HG45 Apache Hive vulnerable to Observable Timing Discrepancy and Authentication Bypass by Spoofing
Use of Arrays.equals in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an arbitrary message byte by byte. The attacker should be an authorized user of the product to perform this attack. Users are recommended to upgrade to version 4.0.0,...
CVE-2024-54660
CVE-2024-54660 affects Cloudera JDBC Connector for Hive (before 2.6.26) and JDBC Connector for Impala (before 2.6.35). The issue is a JNDI injection triggered by untrusted values in the JAAS-using krbJAASFile parameter within the JDBC URL during connection, allowing potential remote code executio...
EUVD-2024-3564
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
PT-2024-12506 · Apache · Apache Hive
Name of the Vulnerable Software and Affected Versions: Apache Hive versions 4.0.0-alpha-1 through 4.0.0 Description: The issue affects the Hive JDBC driver component and can potentially lead to arbitrary code execution on the machine/endpoint that the JDBC driver client is running. The malicious...
com.hindog.grid:grid-executor-examples_2.11 (>=1.1.0 <=2.0.1) potentially affected by CVE-2020-1926 via org.apache.hive:hive (=2.1.1)
org.apache.hive:hive MAVEN version =2.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.hive:hive and may be impacted: - com.hindog.grid:grid-executor-examples2.11 =1.1.0, =2.0.1 Source cves: CVE-2020-1926 Source advisory:...
ai.h2o:h2o-orc-parser (>=3.18.0.9 <=3.46.0.11), com.linkedin.tony:tony-cli (>=0.1.5 <=0.3.3) +26 more potentially affected by CVE-2015-7521 via org.apache.hive:hive-exec (>=1.1.0 <=1.2.1)
org.apache.hive:hive-exec MAVEN version =1.1.0, =3.18.0.9, =0.1.5, =0.1.5, =6.5.0, =6.5.0, =6.5.0, =6.5.0, =0.14.0, =0.14.0, =0.15.0, =0.15.0, =0.15.1 and more Source cves: CVE-2015-7521 Source advisory: OSV:GHSA-83R3-C79W-F6WC...
GHSA-83R3-C79W-F6WC High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStdHiveAuthorization, allows attackers to bypass intended parent table access restrictions via unspecified partition-level operations...