CVE-2024-49194

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...

CVE-2024-49194

Databricks JDBC Driver 2.x before 2.6.40 could potentially allow remote code execution RCE by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achiev...

PT-2024-10170 · Databricks · Databricks Jdbc Driver

Name of the Vulnerable Software and Affected Versions: Databricks JDBC Driver versions prior to 2.6.40 Description: The issue is related to the improper handling of the krbJAASFile parameter, allowing a remote attacker to execute arbitrary code by triggering a JNDI injection via a JDBC URL...

com.databricks.labs:automl-toolkit (=0.8.1), ml.combust.mleap:mleap-avro_2.12 (>=0.14.0 <=0.23.0) +14 more potentially affected by CVE-2023-5245 via ml.combust.mleap:mleap-runtime_2.12 (>=0.14.0 <=0.23.0)

ml.combust.mleap:mleap-runtime2.12 MAVEN version =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.19.0, =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.19.0, =0.14.0, =0.17.0, =0.23.0 and more Source cves: CVE-2023-5245 Source advisory: OSV:GHSA-897X-XVJ8-42RQ...

Databricks Platform Cluster Isolation Bypass

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Bypassing cluster isolation through insecure defaults and shared storage product: Databricks Platform vulnerable version: PaaS version as of 2023-01-26 fixed version:...

Security Bulletin: IBM Workload Scheduler potentially affected by a vulnerability found in Json-smart library (CVE-2023-1370)

Summary IBM Workload Scheduler is potentially affected by a vulnerability found in Json-smart library that can cause a stack exhaustion stack overflow and software crash. Specifically, the following plugins can suffer from this issue: Azure Storage Job Executor, Azure Resource Manager Job Executo...

Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

GHSA-WP72-7HJ9-5265 Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs

Impact Users of the MLflow Open Source Project who are hosting the MLflow Model Registry using the mlflow server or mlflow ui commands using an MLflow version older than MLflow 2.2.1 may be vulnerable to a remote file existence check exploit if they are not limiting who can query their server for...

EAST - Extensible Azure Security Tool - Documentation

Extensible Azure Security Tool Later referred as E.A.S.T is tool for assessing Azure and to some extent Azure AD security controls. Primary use case of EAST is Security data collection for evaluation in Azure Assessments. This information JSON content can then be used in various reporting tools,...

CVE-2022-33891

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to...

Malicious code in protobufjs-databricks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ae198b4c60528a62453f589485b597ef1cfc87e25d9af4500e8445aac5b5c3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5489 Malicious code in protobufjs-databricks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ae198b4c60528a62453f589485b597ef1cfc87e25d9af4500e8445aac5b5c3b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ai.tripl:arc-jupyter_2.11 (>=0.0.13 <=0.0.14), ai.tripl:arc_2.11 (>=1.13.3 <=1.15.0) +45 more potentially affected by CVE-2020-16971 via com.microsoft.azure:azure-eventhubs (>=0.10.0 <=3.2.0)

com.microsoft.azure:azure-eventhubs MAVEN version =0.10.0, =0.0.13, =1.13.3, =1.30.0, =1.20.0, =1.24.4, =1.4.0, =0.1.0, =0.6.0, =0.8.0, =3.3.0, =0.7.2, =3.0.0, =3.2.0 - com.microsoft.azure:azure-eventhubs-reactive2.12 =0.5.0 and more Source cves: CVE-2020-16971 Source advisory:...

KLA12392 RCE vulnerability in Microsoft Azure

Remote code execution vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-44228 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware is...