174 matches found
CVE-2018-11792
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with A...
CVE-2018-11792
CVE-2018-11792 affects Apache Impala up to version 3.0.1. The issue occurs when performing ALTER TABLE/VIEW RENAME, which requires ALTER on the old table. This can enable privilege escalation: if a user has ALTER on a table and ALL on the database, they can move the table to a database with ALL, ...
CVE-2018-11785
CVE-2018-11785 affects Apache Impala versions prior to 3.0.1 where a missing authorization check allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, resulting in incorrect query results. The connected CNVD/OSV/NVD records corroborate the lack of autho...
CVE-2018-11785
Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query...
CVE-2018-11792
In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with A...
Apache Impala Information Disclosure Vulnerability (CNVD-2018-10329)
Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...
Malicious Package
Overview Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you...
Malicious Package
Overview Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installe...
CVE-2017-9792
In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...
CVE-2017-9792
In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...
Authorization
In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...
CVE-2017-9792
CVE-2017-9792 affects Apache Impala (incubating) before 2.10.0. A user with ALTER privileges on an Impala table can bypass authorization by turning a non-external Kudu table into external mode and altering the underlying mapping to point at other Kudu tables, potentially accessing data across tab...
CVE-2017-9792
In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...
dbt-hive (>=1.1.5 <=1.11.0), dbt-impala (>=1.1.4 <=1.3.1) +30 more potentially affected by CVE-2015-3206 via kerberos (>=1.1.1 <=1.3.1)
kerberos PYPI version =1.1.1, =1.1.5, =1.1.4, =0.1.0, =1.0.5, =0.1.0, =6.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =2017.3.3, =0.1.0, =0.0.1, =1.6.16 and more Source cves: CVE-2015-3206 Source advisory: OSV:PYSEC-2017-49...
euroimpalabooks.com XSS vulnerability
Vulnerable URL: http://www.euroimpalabooks.com/store/search?term='"/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5595696 VIP website status:| No Check euroimpalabooks.com SSL...
Apache Impala Authentication Bypass Vulnerability
Apache Impala is an open source distributed SQL query engine for Apache Hadoop. When Apache Impala is Kerberos-enabled, a malicious process emulates the Impala backend program, allowing attackers to exploit vulnerabilities to submit special requests, bypass authentication, and perform unauthorize...
Apache Impala 2.8.0 Authentication Bypass Vulnerability
Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server respond...
Apache Impala 2.8.0 Plain-Text Information Disclosure Vulnerability
Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber...
Apache Impala Information Disclosure Vulnerability
Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...
Design/Logic Flaw
It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...