Lucene search
+L

174 matches found

BDU FSTEC
BDU FSTEC
added 2021/08/25 12:0 a.m.7 views

The vulnerability of the distributed database management system Apache Impala, related to the storage of passwords in an unencrypted form, allows attackers to expose the protected information.

The vulnerability of the distributed database management system Apache Impala lies in the storage of passwords in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the protected information remotely...

6.8CVSS7.1AI score0.03324EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/07/22 10:15 a.m.22 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

7.5CVSS0.03324EPSS
Exploits0References3
OSV
OSV
added 2021/07/22 10:15 a.m.28 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

7.5CVSS7.1AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/07/22 10:15 a.m.2 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

7.5CVSS7AI score0.03324EPSS
Exploits0References6
Prion
Prion
added 2021/07/22 10:15 a.m.22 views

Authorization

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

6CVSS7.8AI score0.03324EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/07/22 10:5 a.m.62 views

CVE-2021-28131

CVE-2021-28131 (Impala): The vulnerability arises because a 16-byte session secret is logged, enabling an authenticated user to hijack another user’s session and execute statements with privileges not held. Affected deployments with Apache Sentry, Apache Ranger, or audit logging may face privileg...

7.5CVSS7.8AI score0.03324EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/07/22 10:5 a.m.26 views

CVE-2021-28131 Impala logs contain secrets

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

8AI score0.03324EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2021/07/22 10:5 a.m.6 views

CVE-2021-28131

Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another user. However, these secrets appear in the Impala logs, therefore Impala users with access to the logs can use another authenticated user's sessions with specially constructed requests. This means the...

7.5CVSS7.1AI score0.03324EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/22 12:0 a.m.7 views

Apache Impala 日志信息泄露漏洞

Apache Impala is a large-scale, distributed parallel processing database query system of the United States Apache Apache Foundation. The system is capable of querying petabytes of big data stored in HDFS Distributed File System and HBase database in Hadoop big data analytics software. A log...

7.5CVSS7.4AI score0.03324EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2021/06/29 12:0 a.m.7 views

The vulnerability of the distributed database management system Apache Impala, related to errors in information encryption, allows attackers to increase their privileges.

The vulnerability of the distributed database management system Apache Impala is related to errors in information encryption. Exploiting this vulnerability can allow an attacker to enhance their privileges remotely...

7.5CVSS7.2AI score0.00994EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2020/09/01 7:56 p.m.23 views

Malicious Package in impala

Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you will want...

2.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2020/09/01 7:56 p.m.8 views

GHSA-92PX-Q4W8-HRR5 Malicious Package in impala

Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you will want...

9.8CVSS7.1AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2020/09/01 7:41 p.m.22 views

Malicious Package in @impala/bmap

Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wil...

2.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2020/09/01 7:41 p.m.14 views

GHSA-C82C-8PJW-6829 Malicious Package in @impala/bmap

Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installed you wil...

9.8CVSS7.1AI score
Exploits0References3
CNVD
CNVD
added 2019/12/03 12:0 a.m.3 views

Unspecified vulnerability in Cloudera CDH (CNVD-2020-14226)

Cloudera CDH is an open source Hadoop platform from Cloudera. The platform provides scalable storage and distributed computing, as well as a Web-based user interface and other enterprise features. A security vulnerability exists in Cloudera CDH versions prior to 5.7.1 that stems from the inabilit...

8.8CVSS7AI score0.00861EPSS
Exploits0References1
OSV
OSV
added 2019/11/26 5:15 p.m.4 views

CVE-2019-14449

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...

5.4CVSS6.1AI score
Exploits0References1
NVD
NVD
added 2019/11/26 5:15 p.m.19 views

CVE-2019-14449

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...

5.4CVSS5.3AI score0.00521EPSS
Exploits0References1
Prion
Prion
added 2019/11/26 5:15 p.m.13 views

Cross site scripting

An issue was discovered in Cloudera Manager 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1. Malicious impala queries can result in Cross Site Scripting XSS when viewed within this product...

3.5CVSS5.3AI score0.00521EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/11/26 4:32 p.m.50 views

CVE-2019-14449

CVE-2019-14449 affects Cloudera Manager: versions 5.x before 5.16.2, 6.0.x before 6.0.2, and 6.1.x before 6.1.1 are vulnerable. The issue is a Cross-Site Scripting (XSS) flaw resulting from insufficient validation of client-side data in the WEB application, exploitable via malicious impala querie...

5.4CVSS5.3AI score0.00521EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2019/11/26 2:15 p.m.14 views

CVE-2016-4572

In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges...

8.8CVSS8.9AI score0.00861EPSS
Exploits0References1
Rows per page
Query Builder