CVE-2019-0212

CVE-2019-0212 affects Apache HBase 2.x (versions 2.0.0–2.0.4 and 2.1.0–2.1.3). The vulnerability is in the HBase REST server where authorization was incorrectly applied to REST users; requests were executed with the REST server’s permissions rather than those of the end user. The issue is relevan...

CVE-2015-1836

CVE-2015-1836 affects Apache HBase as used in IBM InfoSphere BigInsights (3.0.x). The vulnerability is a logic/ACL flaw in ZooKeeper coordination state: insecure ACL handling allows a remote attacker to read/modify data or cause a denial of service by exploiting ZooKeeper access controls. IBM’s b...

CVE-2018-8025

CVE-2018-8025 describes a race condition in the Apache HBase optional Thrift 1 API server over HTTP where authenticated sessions could be incorrectly applied to users. The issue affects the Thrift 1 endpoint and can cause session misassignment (e.g., a user becoming another user or an unauthentic...

CVE-2019-15544

The CVE-2019-15544 issue affects the protobuf crate for Rust (pre-2.6.0). The vulnerability arises from Vec::reserve being fed by user-supplied input, enabling memory exhaustion. Documented impact: Out-of-Memory conditions, potentially affecting affected Rust crates that rely on this protobuf imp...

CVE-2013-2193

Apache HBase 0.92.x (pre-0.92.3) and 0.94.x (pre-0.94.9) with Kerberos enabled is affected. An attacker in MITM position can disable bidirectional RPC authentication between client and RegionServer, potentially leaking sensitive information via unspecified vectors. Root cause: RPC bidirectional a...