Security Bulletin: IBM Development Package for Apache Spark might create a remote exploitation vector against old Internet Explorer browsers through XSS

Summary IBM Development Package for Apache Spark addresses the following vulnerability. The vulnerability is a potential cross-site scripting XSS attack on a Web UI client; server-side analytical processing by Apache Spark is not affected and data is not compromised. Vulnerability Details CVEID:...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM® Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in April 2017. IBM Development Package for Apache Spark is providing an IBM Java SD...

Security Bulletin: Vulnerability in dependent component shipped in IBM Development Package for Apache Spark (CVE-2016-4970)

Summary The developerWorks download for IBM Development Package for Apache Spark is not vulnerable in its default configuration. However, IBM Development Package for Apache Spark could be vulnerable to a Denial of Service attack if the 'netty-tcnative' component is added and configured onto the...

Security Bulletin: Vulnerability in dependent component distributed in IBM Development Package for Apache Spark (CVE-2015-1832)

Summary Apache Derby versions up to 10.12.1.1 may be susceptible to an XML external entity XXE attack. Hive's metastore, where created, requires Derby when Apache Hadoop data sources are used with Apache Spark. Apache Derby is therefore included in the IBM Development Package for Apache Spark...

Security Bulletin: Vulnerability in legacy component distributed in IBM Development Package for Apache Spark (CVE-2012-5783)

Summary The Jakarta Commons httpclient version 3.x is known to be vulnerable to SSL spoofing, and is included in the IBM Development Package for Apache Spark, primarily to provide legacy support for Hadoop 2.2. A patch is applied to Jakarta Commons httpclient version 3.1 to fix the vulnerability...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is provided with IBM Development Package for Apache Spark. These issues are disclosed as part of the IBM Java SDK updates in July 2016. Vulnerability Details If you run Java code using the IBM runtim...

Security Bulletin: Vulnerability in Apache Groovy that could affect IBM Development Package for Apache Spark (CVE-2015-3253)

Summary Apache Groovy™ could allow a remote attacker to run arbitrary, untrusted code on the system. Vulnerability Details CVEID: CVE-2015-3253 DESCRIPTION: Apache Groovy could allow a remote attacker to run arbitrary, untrusted code on the system. This issue is caused by the failure to isolate...

Security Bulletin: Multiple Vulnerabilities in IBM SDK Java Technology Edition, Version 8.0 affect IBM Development Package for Apache Spark

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by IBM Development Package for Apache Spark. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details The IBM Development Package for Apache Spark ...

Security Bulletin: Vulnerability in IBM SDK Java Technology Edition affects IBM Development Package for Apache Spark (CVE-2015-7575)

Summary There is a vulnerability in IBM® SDK Java™ Technology Edition, Version 8.0 that is used by the IBM Development Package for Apache Spark. This vulnerability, commonly referred to as “SLOTH”, was disclosed as part of the IBM SDK updates in January 2016. Vulnerability Details CVEID:...

IBM Development Package for Apache Spark Denial of Service Vulnerability

IBM Development Package for Apache Spark is a software development kit. A denial of service vulnerability exists in IBM Development Package for Apache Spark, which can be exploited to launch a denial of service attack. In addition, the Apache Development Package for Apache Spark is vulnerable to ...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kdelibs-dev package of the Debian GNU/Linux operating system may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libavcodec-dev package for the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libssl-dev package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libxslt1-dev package of the Debian GNU/Linux operating system can be exploited, which may lead to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-devel package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Debian GNU/Linux operating system that allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities in the libsnmp9-dev package of the Debian GNU/Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system that allow attackers to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libvirt-devel-0.10.2 package of the Red Hat Enterprise Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the accessibility of protected information

The multiple vulnerabilities of the openssl-devel-1.0.1e package for the Red Hat Enterprise Linux operating system may lead to a violation of the accessibility of protected information. These vulnerabilities can be exploited remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the kernel-devel-2.6.32 package of the Red Hat Enterprise Linux operating system can be exploited, leading to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

The vulnerability of the Red Hat Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the subversion-devel-0.27.0 package for the Red Hat Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited remotely...