Skip to main content
CVE-2018-1315 LOW PATCH Monitor

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server can cause the file to be written to an arbitrary location on. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache RCE Hive
NVD
CVSS 3.0
3.7
EPSS
1.8%
CVE-2018-1284 LOW PATCH Monitor

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_float/xpath_long/xpath_int/xpath_short) to expose the content. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Hive
NVD
CVSS 3.0
3.7
EPSS
2.3%
CVE-2018-1000150 LOW PATCH Monitor

An exposure of sensitive information vulnerability exists in Jenkins Reverse Proxy Auth Plugin 1.5 and older in ReverseProxySecurityRealm#authContext that allows attackers with local file system. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Reverse Proxy Auth
NVD
CVSS 3.0
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy