List of fixed Common Vulnerabilities and Exposures in Cloudera Data Warehouse on cloud
Learn about the Common vulnerabilities and Exposures (CVEs) that were fixed in the version 1.12.1-b259 of Cloudera Data Warehouse on cloud.
| CVE ID | Description |
|---|---|
| CVE-2025-1948 | Uncontrolled resource consumption in Eclipse Jetty's HTTP/2 implementation leading to remote Denial of Service (DoS) via memory exhaustion. |
| CVE-2025-59250 | Network-based spoofing vulnerability in Microsoft JDBC Driver for SQL Server due to improper input validation. |
| CVE-2024-21147 | RangeCheckElimination array index overflow in the Oracle Java Hotspot compiler allowing unauthorized access or modification of critical data. |
| CVE-2023-22102 | Authentication bypass in Oracle MySQL Connector/J allowing unauthenticated remote takeover of the connector process. |
| CVE-2025-33042 | Improper code generation in Apache Avro Java SDK allows code injection from untrusted schemas. Upgrading to version 1.12.1 or 1.11.5 is recommended to address this issue. |
| CVE-2025-32434 | Critical remote code execution (RCE) vulnerability in PyTorch via a bypass of the
weights_only=True security setting in
torch.load(). |
| CVE-2025-11082 | Heap-based buffer overflow in GNU Binutils leading to local memory corruption and potential code execution. |
| CVE-2025-11083 | Heap-based buffer overflow in GNU Binutils' BFD library leading to memory corruption during ELF section header parsing. |
| CVE-2025-7545 | Heap-based buffer overflow in GNU Binutils objcopy leading to local
memory corruption or potential code execution. |
| CVE-2025-7546 | Out-of-bounds write in GNU Binutils BFD library leading to local memory corruption or arbitrary code execution. |
| CVE-2025-10200 | Critical use-after-free vulnerability in Google Chrome’s ServiceWorker component allowing remote code execution. |
| CVE-2025-10201 | Inter-process communication (IPC) flaw in Google Chrome’s Mojo framework allowing a bypass of site isolation and potential privilege escalation. |
| CVE-2025-10500 | Use-after-free vulnerability in the Dawn component of Google Chrome allowing for remote heap corruption and potential code execution. |
| CVE-2025-10501 | Use-after-free vulnerability in Google Chrome’s WebRTC component allowing remote heap corruption and arbitrary code execution. |
| CVE-2025-10502 | Heap-based buffer overflow in Google Chrome’s ANGLE component, allowing remote code execution via malicious graphics traffic. |
| CVE-2025-10585 | (KEV) Actively exploited type confusion vulnerability in Google Chrome’s V8 engine allowing for remote code execution and sandbox escape. |
| CVE-2025-10890 | Side-channel information leakage in Google Chrome’s V8 engine allowing for remote theft of cross-origin data. |
| CVE-2025-10891 | High-severity integer overflow in Google Chrome’s V8 engine allowing for remote heap corruption and arbitrary code execution |
| CVE-2025-10892 | High-severity integer overflow in Google Chrome’s V8 engine allowing for remote heap corruption and arbitrary code execution. |
| CVE-2025-11205 | High-severity heap buffer overflow in Google Chrome’s WebGPU component, allowing for remote heap corruption and potential code execution. |
| CVE-2025-11206 |
High-severity heap buffer overflow in Google Chrome’s Video component, allowing for a remote sandbox escape via malicious HTML content. |
| CVE-2025-11211 | Medium-to-High severity out-of-bounds read in Google Chrome’s Media component, allowing for remote memory disclosure or browser crashes. |
| CVE-2025-11458 | High-severity heap buffer overflow in Google Chrome’s Sync component, allowing remote code execution via a crafted HTML page. |
| CVE-2025-11460 | High-severity use-after-free vulnerability in Google Chrome’s Storage component, allowing for remote code execution via crafted video files. |
| CVE-2025-11756 | High-severity use-after-free vulnerability in Google Chrome’s Safe Browsing component, allowing for remote code execution via a crafted HTML page. |
| High-severity out-of-bounds memory access in Google Chrome’s V8 engine, allowing remote code execution via a crafted HTML page. | |
| CVE-2025-12428 | High-severity type confusion vulnerability in Google Chrome’s V8 engine, allowing for remote arbitrary memory read/write and code execution (RCE). |
| CVE-2025-12429 | High-severity inappropriate implementation vulnerability in Google Chrome’s V8 engine, allowing for remote arbitrary memory read/write and code execution. |
| CVE-2025-12430 | High-severity object lifecycle issue in Google Chrome’s Media component, allowing for remote UI spoofing via a crafted HTML page. |
| Race condition in Chromium V8 engine leading to remote heap corruption. | |
| CVE-2025-12437 | Use-after-free in Chrome PageInfo component allowing remote heap corruption. |
| CVE-2025-12438 | Use-after-free in Chrome Ozone component allowing remote object corruption on Linux and ChromeOS. |
| CVE-2025-12725 | Out-of-bounds memory flaw in WebGPU allowing remote code execution. |
| CVE-2025-12727 | V8 engine implementation flaw in Chrome allowing remote heap corruption. |
| CVE-2025-12907 | Command injection in Chrome DevTools allows remote code execution through user interaction. |
| CVE-2025-13042 | V8 engine implementation flaw in Chrome allowing remote heap corruption. |
| CVE-2025-13223 | (KEV) Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13224 | Inappropriate implementation in WebAssembly. |
| CVE-2025-13226 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13227 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13228 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13229 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13230 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-13630 | Use-after-free in Blink rendering engine. |
| CVE-2025-13631 | Logic flaw in Google Updater on Mac allowing local privilege escalation. |
| CVE-2025-13633 | Use-after-free in Chrome Digital Credentials component leading to remote heap corruption. |
| CVE-2025-13638 | Use-after-free in Chrome Media Stream component leading to remote heap corruption. |
| CVE-2025-13639 | WebRTC implementation flaw in Chrome allowing remote arbitrary memory read/write. |
| CVE-2025-13720 | Bad cast in Chrome Loader component leading to remote heap corruption. |
| CVE-2025-13721 | Race condition in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-14174 | (KEV) Out-of-bounds memory access in ANGLE allowing remote code execution. |
| CVE-2025-14765 | Use-after-free in WebGPU in Chrome allowing remote heap corruption. |
| CVE-2025-14766 | Out-of-bounds memory access in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-6191 | Integer overflow in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-6192 | Use-after-free in Chrome Metrics component leading to remote heap corruption. |
| CVE-2025-6554 | (KEV) Type confusion in Chromium V8 engine allowing remote arbitrary memory read/write. |
| CVE-2025-6558 | (KEV) Insufficient input validation in ANGLE/GPU component allowing remote sandbox escape. |
| CVE-2025-7656 | Integer overflow in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-7657 | Use-after-free in Chrome WebRTC component leading to remote heap corruption. |
| CVE-2025-8010 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-8011 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-8292 | Use-after-free in Chrome Media Stream component leading to remote heap corruption. |
| CVE-2025-8576 | Use-after-free in Chrome Extensions component leading to remote heap corruption. |
| CVE-2025-8578 | Use-after-free in Chrome Cast component leading to remote heap corruption. |
| CVE-2025-8879 | Heap buffer overflow in libaom in Chrome leading to remote heap corruption. |
| CVE-2025-8880 | Race condition in Chromium V8 engine leading to remote code execution. |
| CVE-2025-8882 | Use-after-free in Chrome Aura component leading to remote heap corruption. |
| CVE-2025-8901 | Out-of-bounds write in ANGLE component leading to remote heap corruption. |
| CVE-2025-9132 | Out-of-bounds write in Chromium V8 engine leading to remote heap corruption. |
| CVE-2025-9478 | Use-after-free in ANGLE component leading to remote heap corruption. |
| CVE-2025-9866 | Inappropriate implementation in Chrome Extensions allowing remote CSP bypass. |
| CVE-2026-0628 | Insufficient policy enforcement in WebView tag allowing privileged UI hijacking. |
| CVE-2026-0899 | Out-of-bounds memory access in Chromium V8 engine leading to remote code execution. |
| CVE-2026-0900 | Inappropriate implementation in Chromium V8 engine leading to remote object corruption. |
| CVE-2026-0902 | Inappropriate implementation in Chromium V8 engine leading to remote out-of-bounds memory read. |
| CVE-2026-0905 | Insufficient policy enforcement in Chrome Network component allowing sensitive data exposure. |
| CVE-2026-0906 | Incorrect security UI in Google Chrome allowing remote Omnibox (URL bar) spoofing. |
| CVE-2026-0907 | Incorrect security UI in Split View in Google Chrome allowing remote UI spoofing. |
| CVE-2026-0908 | Use-after-free in Chrome ANGLE component leading to remote heap corruption. |
| CVE-2026-1861 | Heap buffer overflow in libvpx in Google Chrome leading to remote heap corruption. |
| CVE-2026-1862 | Type confusion in Chromium V8 engine leading to remote heap corruption. |
| CVE-2026-2313 | Use-after-free in Chrome CSS engine leading to remote heap corruption. |
| CVE-2026-2314 | Heap buffer overflow in Chrome Codecs component leading to remote heap corruption. |
| CVE-2026-2315 | Inappropriate implementation in WebGPU in Google Chrome leading to remote out-of-bounds memory access. |
| CVE-2026-2319 | Race condition in Chrome DevTools leading to remote object corruption. |
| CVE-2026-2321 | Use-after-free in Chrome Ozone component leading to remote heap corruption. |
| CVE-2026-2441 | (KEV) Use-after-free in Chrome CSS engine leading to remote code execution (Zero-Day). |
| CVE-2026-2648 | Heap buffer overflow in PDFium in Google Chrome leading to remote heap corruption. |
| CVE-2026-2649 | Heap buffer overflow in PDFium in Google Chrome leading to remote heap corruption. |
| CVE-2026-2650 | Heap buffer overflow in Chrome Media component leading to remote heap corruption. |
| CVE-2026-3061 | Out-of-bounds read in Chrome Media component leading to remote memory disclosure. |
| CVE-2026-3062 | Out-of-bounds read and write in Tint in Google Chrome leading to remote heap corruption. |
| CVE-2026-3536 | Integer overflow in Chrome ANGLE component leading to remote out-of-bounds memory access. |
| CVE-2026-3537 | Object lifecycle issue in PowerVR in Google Chrome leading to remote heap corruption. |
| CVE-2026-3538 | Integer overflow in Skia in Google Chrome leading to remote out-of-bounds memory access. |
| CVE-2026-3539 | Object lifecycle issue in Chrome DevTools leading to remote heap corruption. |
| CVE-2026-3540 | Inappropriate implementation in WebAudio in Google Chrome leading to remote out-of-bounds memory access. |
| CVE-2026-3541 | Inappropriate implementation in Chrome CSS engine leading to remote out-of-bounds memory read. |
| CVE-2026-3542 | Inappropriate implementation in WebAssembly in Google Chrome leading to remote out-of-bounds memory access. |
| CVE-2026-3543 | Inappropriate implementation in Chromium V8 engine leading to remote out-of-bounds memory access. |
| CVE-2026-3544 | Heap buffer overflow in WebCodecs in Google Chrome leading to remote heap corruption. |
| CVE-2026-3545 | Insufficient data validation in Chrome Navigation component allowing for a remote sandbox escape. |
| CVE-2025-59681 | SQL injection in Django QuerySet methods (on MySQL and MariaDB) leading to remote database compromise. |
| CVE-2025-64458 | Denial of Service (DoS) in Django on Windows due to slow Unicode normalization in redirect functions. |
| CVE-2025-64459 | SQL injection in Django via the _connector keyword argument in
QuerySets and Q objects. |
| CVE-2025-47950 | Goroutine exhaustion in CoreDNS DNS-over-QUIC (DoQ) server leading to remote Denial of Service (DoS). |
| CVE-2025-58063 | TTL confusion in CoreDNS etcd plugin leading to permanent DNS cache pinning and Denial of Service (DoS). |
| CVE-2025-22235 | Security bypass in Spring Boot actuator matchers leading to unauthorized access to the
/null path. |
| CVE-2025-27820 | Public Suffix List (PSL) validation bypass in Apache HttpClient 5.4.x disabling critical domain checks. |
| CVE-2025-11082 | Heap-based buffer overflow in GNU Binutils Linker leading to local code execution or system crash. |
| CVE-2025-11083 | Heap-based buffer overflow in GNU Binutils Linker leading to remote code execution or system crash. |
| CVE-2025-7545 | Heap-based buffer overflow in GNU Binutils objcopy leading to local denial of service or code execution. |
| CVE-2025-7546 | Out-of-bounds write in GNU Binutils BFD library leading to local memory corruption or code execution. |
| CVE-2025-24813 | (KEV) Path equivalence vulnerability in Apache Tomcat allowing unauthenticated remote code execution (RCE) via partial PUT requests and session persistence. |
| CVE-2025-31650 | Improper input validation in Apache Tomcat’s HTTP/2 implementation leading to a remote memory leak and Denial of Service (DoS). |
| CVE-2025-31651 | Security constraint bypass in Apache Tomcat via the Rewrite Valve using specially crafted requests. |
| CVE-2025-46701 | Security constraint bypass in Apache Tomcat's CGI servlet via improper handling of case sensitivity in the pathInfo component. |
| CVE-2025-48988 | Allocation of resources without limits in Apache Tomcat's multipart upload handling, leading to a remote Denial of Service (DoS). |
| CVE-2025-48989 | Improper resource release in Apache Tomcat’s HTTP/2 implementation leading to a MadeYouReset Denial of Service (DoS). |
| CVE-2025-49124 | Untrusted search path vulnerability in the Apache Tomcat Windows installer leading to local privilege escalation. |
| CVE-2025-49125 | Authentication bypass in Apache Tomcat via alternate paths for PreResources and PostResources mounted outside the web application root. |
| CVE-2025-52520 | Integer overflow in Apache Tomcat’s multipart upload handling leading to a bypass of file size limits and remote Denial of Service (DoS). |
| CVE-2025-53506 | Uncontrolled resource consumption in Apache Tomcat’s HTTP/2 implementation leading to a remote Denial of Service (DoS). |
| CVE-2025-55752 | Directory traversal in Apache Tomcat via the Rewrite Valve, potentially leading to remote code execution. if HTTP PUT is enabled. |
| CVE-2025-55754 | Console and clipboard manipulation in Apache Tomcat via unescaped ANSI sequences in log messages. |
| CVE-2025-12183 | Out-of-bounds memory operations in lz4-java leading to remote Denial of Service (DoS) and information disclosure. |
| CVE-2024-25638 | Improper response validation in dnsjava allowing DNSSEC bypass and DNS
cache poisoning. |
