CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2016-3086 – Apache Hadoop YARN NodeManager Password Leak
https://notcve.org/view.php?id=CVE-2016-3086
05 Sep 2017 — The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications. YARN NodeManager en Apache Hadoop en versiones 2.6.x anteriores a la 2.6.5 y 2.7.x anteriores a la 2.7.3 puede filtrar la contraseña del proveedor de almacén de contraseñas utilizado por el NodeManager en aplicaciones YARN. In Apache Hadoop 2.7.3 and 2.7.4, the security fix for CVE-2016-3086 is incomplete. The YARN NodeManager can l... • http://mail-archives.apache.org/mod_mbox/hadoop-general/201701.mbox/%3C0ed32746-5a53-9051-5877-2b1abd88beb6%40apache.org%3E • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6811 – Apache Hadoop 2.7.3 Privilege Escalation
https://notcve.org/view.php?id=CVE-2016-6811
11 Apr 2017 — In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn user can possibly run arbitrary commands as root user. En Apache Hadoop en versiones 2.x anteriores a la 2.7.4, un usuario que pueda escalar a usuario yarn podría ejecutar comandos arbitrarios como usuario root. Apache Hadoop versions 2.2.0 through 2.7.3 suffer from a privilege escalation vulnerability. • https://lists.apache.org/thread.html/9ba3c12bbdfd5b2cae60909e48f92608e00c8d99196390b8cfeca307%40%3Cgeneral.hadoop.apache.org%3E • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 2%CPEs: 8EXPL: 0CVE-2016-5393
https://notcve.org/view.php?id=CVE-2016-5393
29 Nov 2016 — In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. En Apache Hadoop 2.6.x en versiones anteriores a 2.6.5 y 2.7.x en versiones anteriores a 2.7.3, un usuario remoto que pueda autentificarse con el HDFS NameNode podría posiblemente ejecutar comandos arbitrarios con los mismos privilegios que el servicio HDFS. • http://mail-archives.apache.org/mod_mbox/hadoop-general/201611.mbox/%3CCAA0W1bTbUmUUSF1rjRpX-2DvWutcrPt7TJSWUcSLg1F0gyHG1Q%40mail.gmail.com%3E • CWE-284: Improper Access Control •