Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache spark vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and previous versions, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. ...
Apache Spark
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0
9.8
CVSSv3
CVE-2019-10095
bash command injection vulnerability in Apache Zeppelin allows an malicious user to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Apache Zeppelin
5.3
CVSSv3
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
4.8
CVSSv3
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request ...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Oncommand System Manager
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Rest Data Services
Oracle Communications Converged Application Server - Service Controller 6.2
Oracle Communications Session Route Manager
Oracle Siebel Core - Automation
Oracle Retail Eftlink 20.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.6.0
Oracle Blockchain Platform
Apache Kafka 2.7.0
Apache Spark 2.4.8
Apache Spark 3.0.3
Debian Debian Linux 10.0
9.8
CVSSv3
CVE-2020-9480
In Apache Spark 2.4.5 and previous versions, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application'...
Apache Spark
Oracle Business Intelligence 5.5.0.0.0
1 Github repository
9.1
CVSSv3
CVE-2019-20445
HttpObjectDecoder.java in Netty prior to 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Netty Netty
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Redhat Jboss Amq Clients 2
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Apache Spark 2.4.7
Apache Spark 2.4.8
7.5
CVSSv3
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Fasterxml Jackson-mapper-asl
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 7.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apache Spark 3.0.1
1 Github repository
7.5
CVSSv3
CVE-2019-10099
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypted, even if spark.io.encryption.enabled=true. This includes cached blocks that are fetched to disk (controlled by spark.maxRemoteBlockSizeFetchToMem); in SparkR, using parallelize; in P...
Apache Spark
5.5
CVSSv3
CVE-2018-11760
When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1.
Apache Spark
9.8
CVSSv3
CVE-2018-17190
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the master can, ho...
Apache Spark
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »