Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2017-12612
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user a...
Apache Spark 1.6.0
Apache Spark 1.6.1
Apache Spark 1.6.2
Apache Spark 1.6.3
Apache Spark 2.0.0
Apache Spark 2.0.1
Apache Spark 2.0.2
Apache Spark 2.1.0
Apache Spark 2.1.1
1.9
CVSSv2
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Apache Spark
Apache Spark 2.3.0
NA
CVE-2022-31777
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and previous versions, and 3.3.0, allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs ren...
Apache Spark 3.3.0
Apache Spark
4.9
CVSSv2
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute...
Apache Spark
Apache Spark 2.3.0
Mozilla Firefox -
4
CVSSv2
CVE-2016-1323
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
Cisco Spark 2015-06 Base
5
CVSSv2
CVE-2016-1324
The REST interface in Cisco Spark 2015-06 allows remote malicious users to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
Cisco Spark 2015-06 Base
5
CVSSv2
CVE-2016-1322
The REST interface in Cisco Spark 2015-07-04 allows remote malicious users to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
Cisco Spark 2015-07-04 Base
5
CVSSv2
CVE-2018-11804
Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from ex...
Apache Spark
NA
CVE-2022-33891
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can...
Apache Spark
1 Metasploit module
18 Github repositories
4.3
CVSSv2
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in P...
Apache Spark
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »