Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mesos vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2020-9480
In Apache Spark 2.4.5 and previous versions, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application'...
Apache Spark
Oracle Business Intelligence 5.5.0.0.0
1 Github repository
9.3
CVSSv2
CVE-2019-0204
A specifically crafted Docker image running under the root user can overwrite the init helper binary of the container runtime and/or the command executor in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.2, 1.6.0 to 1.6.1, and 1.7.0 to 1.7.1. A malicious actor can ...
Apache Mesos
Apache Mesos 1.8.0
Redhat Fuse 7.5.0
5
CVSSv2
CVE-2018-11793
When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service ...
Apache Mesos 1.4.0
Apache Mesos
Apache Mesos 1.8.0
5
CVSSv2
CVE-2018-1330
When parsing a malformed JSON payload, libprocess in Apache Mesos versions 1.4.0 to 1.5.0 might crash due to an uncaught exception. Parsing chunked HTTP requests with trailers can lead to a libprocess crash too because of the mistakenly planted assertion. A malicious actor can th...
Apache Mesos
Apache Mesos 1.4.0
Apache Mesos 1.6.0
5
CVSSv2
CVE-2017-7687
When handling a decoding failure for a malformed URL path of an HTTP request, libprocess in Apache Mesos prior to 1.1.3, 1.2.x prior to 1.2.2, 1.3.x prior to 1.3.1, and 1.4.0-dev might crash because the code accidentally calls inappropriate function. A malicious actor can therefo...
Apache Mesos 1.4.0-dev
Apache Mesos 1.3.0
Apache Mesos 1.3.1
Apache Mesos 1.2.0
Apache Mesos 1.2.1
Apache Mesos
5
CVSSv2
CVE-2017-9790
When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos prior to 1.1.3, 1.2.x prior to 1.2.2, 1.3.x prior to 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. ...
Apache Mesos 1.4.0-dev
Apache Mesos 1.3.0
Apache Mesos 1.3.1
Apache Mesos 1.2.0
Apache Mesos 1.2.1
Apache Mesos
4.9
CVSSv2
CVE-2018-11770
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submission, in addition to the submission mechanism used by spark-submit. In standalone, the config property 'spark.authenticate.secret' establishes a shared secret for authentic...
Apache Spark
1 Github repository
4.3
CVSSv2
CVE-2018-8023
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is v...
Apache Mesos 1.5.0
Apache Mesos 1.5.1
Apache Mesos 1.6.0
Apache Mesos
4
CVSSv2
CVE-2018-1000421
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and previous versions in MesosCloud.java that allows attackers with Overall/Read access to initiate a test connection to an attacker-specified Mesos server with attacker-specified credentials IDs obtain...
Apache Mesos
4
CVSSv2
CVE-2018-1000420
An improper authorization vulnerability exists in Jenkins Mesos Plugin 0.17.1 and previous versions in MesosCloud.java that allows attackers with Overall/Read access to obtain credentials IDs for credentials stored in Jenkins.
Apache Mesos
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38298
CVE-2024-20356
CVE-2023-21987
CVE-2024-33217
bypass
CVE-2024-31804
CVE-2024-32660
unauthorized
SSRF
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started