CVE-2018-1282 — CVSS 9.1 (critical): This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows carefully crafted arguments to be used to bypass the argument…
CVE-2015-7521 — CVSS 8.3 (high): The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters protected by Ranger and…
CVE-2022-41137 — CVSS 8.3 (high): Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions…
CVE-2018-11777 — CVSS 8.1 (high): In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if…
CVE-2021-34538 — CVSS 7.5 (high): Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the…
CVE-2016-3083 — CVSS 7.5 (high): Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the…
CVE-2020-13949 — CVSS 7.5 (high): In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation…
CVE-2015-1772 — CVSS 7.3 (high): The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used in IBM InfoSphere BigInsights 3.0…
CVE-2023-35701 — CVSS 6.6 (medium): Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Hive. The vulnerability affects the Hive JDBC driver…
CVE-2024-23953 — CVSS 6.5 (medium): Use of Arrays.equals() in LlapSignerImpl in Apache Hive to compare message signatures allows attacker to forge a valid signature for an…
CVE-2024-23945 — CVSS 5.9 (medium): Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity…
CVE-2020-1926 — CVSS 5.9 (medium): Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. This could…
CVE-2024-29869 — CVSS 5.5 (medium): Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are…
CVE-2025-62728 — CVSS 5.4 (medium): SQL injection vulnerability in Hive Metastore Server (HMS) when processing delete column statistics requests via the Thrift APIs. The…
CVE-2018-1314 — CVSS 4.3 (medium): In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a…
CVE-2017-12625 — CVSS 4.3 (medium): Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before 2.3.1 expose an interface through which masking policies can be…
CVE-2018-1315 — CVSS 3.7 (low): In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run using HPL/SQL extension to Hive, a compromised/malicious FTP server…
CVE-2018-1284 — CVSS 3.7 (low): In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs (xpath/xpath_string/xpath_boolean/xpath_number/xpath_double/xpath_flo…
CVE-2014-0228 — CVSS 3.5 (low): Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for (1) import and…