CVE-2025-62728

all versions

SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs.

5.4MEDIUM

CVE-2024-29869

>= 1.1.0 and < 4.0.1

Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissi

5.5MEDIUM

CVE-2024-23953

>= 2.2.0 and < 4.0.0

Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature

6.5MEDIUM

CVE-2024-23945

>= 1.2.0 and < 4.0.0

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and int

5.9MEDIUM

CVE-2022-41137

all versions

Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching

8.3HIGH

CVE-2023-35701

all versions

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC d

6.6MEDIUM

CVE-2021-34538

< 3.1.3

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities i

7.5HIGH

CVE-2020-1926

< 2.3.8

Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. T

5.9MEDIUM

CVE-2020-13949

< 4.0.0

In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation,

7.5HIGH

CVE-2018-21234

all versions

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.

9.8CRITICAL

CVE-2020-7655

< 1.17.58

netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be pos

6.1MEDIUM

CVE-2018-1314

<= 2.3.3

In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities

4.3MEDIUM

CVE-2018-11777

<= 2.3.3

In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user

8.1HIGH

CVE-2018-1315

>= 2.1.0 and <= 2.3.2

In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP

3.7LOW

CVE-2018-1284

>= 0.6.0 and <= 2.3.2

In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double

3.7LOW

CVE-2018-1282

>= 0.7.1 and <= 2.3.2

This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument

9.1CRITICAL

CVE-2017-12625

all versions

Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can

4.3MEDIUM

CVE-2016-3083

all versions

Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While valid

7.5HIGH

CVE-2015-7521

all versions

The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and SqlStd

8.3HIGH

CVE-2015-1772

all versions

The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3

7.3HIGH

CVE-2014-0228

<= 0.13.0

Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) im