285 matches found
EUVD-2018-0127
Malware in sbrugna...
EUVD-2022-0216
Malicious code in bioql PyPI...
EUVD-2023-0219
Malicious code in bioql PyPI...
EUVD-2022-2689
Malicious code in bioql PyPI...
EUVD-2022-0218
Malicious code in bioql PyPI...
Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3
Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...
CVE-2021-38296
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...
CVE-2023-32007
UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...
Exploit for OS Command Injection in Apache Spark
CVE-2022-33891 - Apache Spark Command Injection Vulnerability...
The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database is related to the disclosure of the digital signature of cookies due to an incorrect mechanism for generating error reports. Exploiting this vulnerability can allow a remote attacker to gain...
CVE-2024-23945
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
CVE-2024-23945
CVE-2024-23945 → CookieSigner exposes the correct cookie signature to end users when a signature mismatch occurs. Affected: Hive service component and Spark Hive-ThriftServer (versions tied to HIVE-9710 1.2.0 and SPARK-14987 2.0.0). Root cause: flawed CookieSigner logic allows exposure of the sig...
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...
Apache Hive和Apache Spark 安全漏洞
Apache Hive and Apache Spark are both products of the Apache Foundation, USA.Apache Hive is a suite of data warehouse software based on Hadoop Distributed Systems Infrastructure. The software provides a data integration approach and a high-level query language to support large-scale data analysis...
TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc
Summary The Apache Hadoop Distributed File System HDFS can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud VPC or shares the VPC with other Compute Engine instances. Google Cloud Platform GCP provides a default VPC called default. This VP...
VulnCheck KEV: CVE-2020-9480
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster,...
BIT-SPARK-2020-9480
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...