5 matches found
CVE-2025-59059
Apache Ranger CVE-2025-59059 is a remote code execution issue affecting Ranger versions
CVE-2024-55532
CVE-2024-55532 affects Apache Ranger prior to 2.6.0, in the Export CSV feature. The root cause is Improper Neutralization of Formula Elements, which can enable CSV injection when exporting data. Multiple connected sources (Red Hat, SNYK, OSV, GHSA, and CVE listings) corroborate that the remediati...
CVE-2016-8751
CVE-2016-8751 affects Apache Ranger prior to 0.6.3. The vulnerability is a Stored Cross-Site Scripting in custom policy conditions, enabling admin users to store JavaScript executed when normal users log in and access policies. Exploitation details, affected versions beyond 0.6.3, and remediation...
CVE-2018-11778
CVE-2018-11778 affects UnixAuthenticationService in Apache Ranger. Multiple connected sources confirm that UnixAuthenticationService handles user input and previously vulnerable versions could be susceptible to a stack-based buffer overflow, potentially allowing crash or arbitrary code execution....
CVE-2025-59060
Summary: CVE-2025-59060 describes a hostname verification bypass in Apache Ranger’s NiFiRegistryClient/NiFiClient. The issue is reported for Apache Ranger versions ≤ 2.7.0 and is fixed by upgrading to version 2.8.0. Affected components: NiFiRegistryClient and NiFiClient within Apache Ranger. Root...