Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2017-12612
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user a...
Apache Spark 2.0.2
Apache Spark 2.1.1
Apache Spark 1.6.1
Apache Spark 1.6.2
Apache Spark 1.6.3
Apache Spark 2.0.0
Apache Spark 1.6.0
Apache Spark 2.0.1
Apache Spark 2.1.0
NA
CVE-2022-31777
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and previous versions, and 3.3.0, allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs ren...
Apache Spark 3.3.0
Apache Spark
1.9
CVSSv2
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Apache Spark
Apache Spark 2.3.0
4.9
CVSSv2
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute...
Apache Spark
Apache Spark 2.3.0
Mozilla Firefox -
4
CVSSv2
CVE-2016-1323
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
Cisco Spark 2015-06 Base
5
CVSSv2
CVE-2016-1324
The REST interface in Cisco Spark 2015-06 allows remote malicious users to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
Cisco Spark 2015-06 Base
5
CVSSv2
CVE-2016-1322
The REST interface in Cisco Spark 2015-07-04 allows remote malicious users to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
Cisco Spark 2015-07-04 Base
5
CVSSv2
CVE-2018-9159
In Spark prior to 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Sparkjava Spark
NA
CVE-2023-32007
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a cod...
Apache Spark
4.3
CVSSv2
CVE-2017-7678
In Apache Spark prior to 2.2.0, it is possible for an malicious user to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data,...
Apache Spark
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »