Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-12612
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user a...
Apache Spark 2.0.2
Apache Spark 2.1.1
Apache Spark 1.6.1
Apache Spark 1.6.2
Apache Spark 1.6.3
Apache Spark 2.0.0
Apache Spark 1.6.0
Apache Spark 2.0.1
Apache Spark 2.1.0
5.4
CVSSv3
CVE-2022-31777
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and previous versions, and 3.3.0, allows remote malicious users to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs ren...
Apache Spark 3.3.0
Apache Spark
4.7
CVSSv3
CVE-2018-1334
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application.
Apache Spark
Apache Spark 2.3.0
5.4
CVSSv3
CVE-2018-8024
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute...
Apache Spark
Apache Spark 2.3.0
Mozilla Firefox -
4.3
CVSSv3
CVE-2016-1323
The REST interface in Cisco Spark 2015-06 allows remote authenticated users to obtain sensitive information via a request for an unspecified file, aka Bug ID CSCuv84048.
Cisco Spark 2015-06 Base
5.3
CVSSv3
CVE-2016-1324
The REST interface in Cisco Spark 2015-06 allows remote malicious users to cause a denial of service (resource outage) by accessing an administrative page, aka Bug ID CSCuv84125.
Cisco Spark 2015-06 Base
7.5
CVSSv3
CVE-2016-1322
The REST interface in Cisco Spark 2015-07-04 allows remote malicious users to bypass intended access restrictions and create arbitrary user accounts via unspecified web requests, aka Bug ID CSCuv72584.
Cisco Spark 2015-07-04 Base
8.8
CVSSv3
CVE-2023-32007
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a cod...
Apache Spark
9.9
CVSSv3
CVE-2023-22946
In Apache Spark versions before 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes o...
Apache Spark
5.3
CVSSv3
CVE-2018-9159
In Spark prior to 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark.
Sparkjava Spark
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »