Lucene search
+L

174 matches found

Cvelist
Cvelist
added 2018/10/24 8:0 p.m.23 views

CVE-2018-11792

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with A...

9.5AI score0.02456EPSS
Exploits0References2
CVE
CVE
added 2018/10/24 8:0 p.m.53 views

CVE-2018-11792

CVE-2018-11792 affects Apache Impala up to version 3.0.1. The issue occurs when performing ALTER TABLE/VIEW RENAME, which requires ALTER on the old table. This can enable privilege escalation: if a user has ALTER on a table and ALL on the database, they can move the table to a database with ALL, ...

9.8CVSS9.3AI score0.02456EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/10/24 8:0 p.m.46 views

CVE-2018-11785

CVE-2018-11785 affects Apache Impala versions prior to 3.0.1 where a missing authorization check allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, resulting in incorrect query results. The connected CNVD/OSV/NVD records corroborate the lack of autho...

6.5CVSS6.3AI score0.01221EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2018/10/24 8:0 p.m.5 views

CVE-2018-11785

Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query...

6.5CVSS6.9AI score0.01221EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2018/10/24 8:0 p.m.5 views

CVE-2018-11792

In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with A...

9.8CVSS6.9AI score0.02456EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/21 12:0 a.m.9 views

Apache Impala Information Disclosure Vulnerability (CNVD-2018-10329)

Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...

6.5CVSS6.8AI score0.01576EPSS
Exploits0References1
Node.js
Node.js
added 2018/05/15 11:33 p.m.19 views

Malicious Package

Overview Version 1.1.7 of impala contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.1.7 of this module is found installed you...

6.9AI score
Exploits0Affected Software1
Node.js
Node.js
added 2018/05/15 10:56 p.m.13 views

Malicious Package

Overview Version 1.0.3 of @impala/bmap contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 1.0.3 of this module is found installe...

6.9AI score
Exploits0Affected Software1
NVD
NVD
added 2017/10/04 1:29 a.m.22 views

CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.5CVSS6.6AI score0.01576EPSS
Exploits0References3
OSV
OSV
added 2017/10/04 1:29 a.m.21 views

CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.5CVSS7.1AI score
Exploits0References3
Prion
Prion
added 2017/10/04 1:29 a.m.22 views

Authorization

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

4CVSS7.3AI score0.01576EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/10/03 1:0 a.m.58 views

CVE-2017-9792

CVE-2017-9792 affects Apache Impala (incubating) before 2.10.0. A user with ALTER privileges on an Impala table can bypass authorization by turning a non-external Kudu table into external mode and altering the underlying mapping to point at other Kudu tables, potentially accessing data across tab...

6.5CVSS6.5AI score0.01576EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/10/03 1:0 a.m.26 views

CVE-2017-9792

In Apache Impala incubating before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point to other Kudu tables. This violates and works...

6.6AI score0.01576EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2017/08/25 6:29 p.m.4 views

dbt-hive (>=1.1.5 <=1.11.0), dbt-impala (>=1.1.4 <=1.3.1) +30 more potentially affected by CVE-2015-3206 via kerberos (>=1.1.1 <=1.3.1)

kerberos PYPI version =1.1.1, =1.1.5, =1.1.4, =0.1.0, =1.0.5, =0.1.0, =6.0.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =2017.3.3, =0.1.0, =0.0.1, =1.6.16 and more Source cves: CVE-2015-3206 Source advisory: OSV:PYSEC-2017-49...

8.1CVSS7.4AI score0.02303EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2017/07/31 5:41 a.m.9 views

euroimpalabooks.com XSS vulnerability

Vulnerable URL: http://www.euroimpalabooks.com/store/search?term='"/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 29.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5595696 VIP website status:| No Check euroimpalabooks.com SSL...

6.3AI score
Exploits0
CNVD
CNVD
added 2017/07/11 12:0 a.m.6 views

Apache Impala Authentication Bypass Vulnerability

Apache Impala is an open source distributed SQL query engine for Apache Hadoop. When Apache Impala is Kerberos-enabled, a malicious process emulates the Impala backend program, allowing attackers to exploit vulnerabilities to submit special requests, bypass authentication, and perform unauthorize...

9.8CVSS9.9AI score0.02852EPSS
Exploits1References1
0day.today
0day.today
added 2017/07/11 12:0 a.m.37 views

Apache Impala 2.8.0 Authentication Bypass Vulnerability

Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. It was noticed that a malicious process impersonating an Impala daemon could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server respond...

7.5CVSS0.02852EPSS
Exploits1
0day.today
0day.today
added 2017/07/11 12:0 a.m.35 views

Apache Impala 2.8.0 Plain-Text Information Disclosure Vulnerability

Apache Impala versions 2.7.0 through 2.8.0 suffers from an information disclosure vulnerability. During a routine security analysis, it was found that one of the ports sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber...

5CVSS7.3AI score0.01217EPSS
Exploits1
CNVD
CNVD
added 2017/07/11 12:0 a.m.5 views

Apache Impala Information Disclosure Vulnerability

Apache Impala incubating is a large-scale, distributed parallel processing database query system of the United States Apache Apache Software Foundation. The system is able to query the Hadoop big data analytics software stored in HDFS distributed file system and HBase database in the petabytes of...

7.5CVSS6.7AI score0.01217EPSS
Exploits1References1
Prion
Prion
added 2017/07/10 8:29 p.m.17 views

Design/Logic Flaw

It was noticed that a malicious process impersonating an Impala daemon in Apache Impala incubating 2.7.0 to 2.8.0 could cause Impala daemons to skip authentication checks when Kerberos is enabled but TLS is not. If the malicious server responds with 'COMPLETE' before the SASL handshake has...

7.5CVSS9.3AI score0.02852EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder