Lucene search
+L

285 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-0127

Malware in sbrugna...

4.7CVSS4.7AI score0.00504EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-0216

Malicious code in bioql PyPI...

7.5CVSS7.7AI score0.01817EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-0219

Malicious code in bioql PyPI...

9.9CVSS8.4AI score0.01109EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.16 views

EUVD-2022-2689

Malicious code in bioql PyPI...

7.5CVSS8.2AI score0.05696EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-0218

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.01473EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2025/08/21 5:17 p.m.6 views

Security Bulletin: Common vulnerabilities discovered in Spark2 executables released with Cloudera Observability on Premises with IBM Version 3.5.3

Summary Cloudera Observability on premises with IBM 3.5.3 ships with Spark 2 executables, however, the application runs on Spark 3. This security bulletin identifies a set of common vulnerabilities found in the Spark 2 libraries. Spark 2 has reached End of Support EOS. Clients are advised to use...

6.9AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:25 p.m.9 views

CVE-2021-38296

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

7.5CVSS7.1AI score0.01817EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:38 a.m.76 views

Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs

Summary Multiple vulnerabilities were fixed in IBM Cloud Pak for Watson AIOps version 3.7 Vulnerability Details CVEID:CVE-2023-0044 DESCRIPTION: Quarkus could allow a remote attacker to obtain sensitive information, caused by a flaw when the Form Authentication session cookie Path attribute is se...

7.8CVSS10AI score0.0486EPSS
Exploits6Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/14 10:18 a.m.12 views

CVE-2023-32007

UNSUPPORTED WHEN ASSIGNED The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in...

8.8CVSS7.5AI score0.92984EPSS
Exploits12References1
GithubExploit
GithubExploit
added 2025/01/30 5:5 p.m.522 views

Exploit for OS Command Injection in Apache Spark

CVE-2022-33891 - Apache Spark Command Injection Vulnerability...

8.8CVSS9.3AI score0.92984EPSS
Exploits12
BDU FSTEC
BDU FSTEC
added 2025/01/14 12:0 a.m.15 views

The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the CookieSigner class in the Apache Spark framework and the Apache Hive database is related to the disclosure of the digital signature of cookies due to an incorrect mechanism for generating error reports. Exploiting this vulnerability can allow a remote attacker to gain...

5.9CVSS5.5AI score0.01468EPSS
Exploits1References12Affected Software2
NVD
NVD
added 2024/12/23 4:15 p.m.41 views

CVE-2024-23945

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

5.9CVSS0.01468EPSS
Exploits1References9
Cvelist
Cvelist
added 2024/12/23 3:26 p.m.53 views

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

0.01468EPSS
Exploits1References8
CVE
CVE
added 2024/12/23 3:26 p.m.815 views

CVE-2024-23945

CVE-2024-23945 → CookieSigner exposes the correct cookie signature to end users when a signature mismatch occurs. Affected: Hive service component and Spark Hive-ThriftServer (versions tied to HIVE-9710 1.2.0 and SPARK-14987 2.0.0). Root cause: flawed CookieSigner logic allows exposure of the sig...

5.9CVSS6.7AI score0.01468EPSS
Exploits1References9Affected Software2
Vulnrichment
Vulnrichment
added 2024/12/23 3:26 p.m.28 views

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

7AI score0.01468EPSS
Exploits1References8
OSV
OSV
added 2024/12/23 3:26 p.m.15 views

CVE-2024-23945 Apache Hive, Apache Spark, Apache Spark: CookieSigner exposes the correct signature when message verification fails

Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive’s servic...

5.9CVSS6.3AI score0.01468EPSS
Exploits1References12
CNNVD
CNNVD
added 2024/12/23 12:0 a.m.73 views

Apache Hive和Apache Spark 安全漏洞

Apache Hive and Apache Spark are both products of the Apache Foundation, USA.Apache Hive is a suite of data warehouse software based on Hadoop Distributed Systems Infrastructure. The software provides a data integration approach and a high-level query language to support large-scale data analysis...

5.9CVSS6.5AI score0.01468EPSS
Exploits1References9
Qualys Blog
Qualys Blog
added 2024/05/22 5:53 p.m.24 views

TotalCloud Insights: Uncovering the Hidden Dangers in Google Cloud Dataproc

Summary The Apache Hadoop Distributed File System HDFS can be vulnerable to data compromise when a Compute Engine cluster is in a public-facing virtual private cloud VPC or shares the VPC with other Compute Engine instances. Google Cloud Platform GCP provides a default VPC called default. This VP...

8.3AI score
Exploits0
VulnCheck KEV
VulnCheck KEV
added 2024/05/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2020-9480

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster,...

9.8CVSS6.8AI score0.29157EPSS
Exploits0References1
OSV
OSV
added 2024/03/06 11:5 a.m.21 views

BIT-SPARK-2020-9480

In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...

9.8CVSS9.5AI score0.29157EPSS
Exploits0References7
Rows per page
Query Builder