Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

PyPA
PyPAadded 2022/03/10 9:15 a.m.4 views

PYSEC-2022-186

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

7.5CVSS7.1AI score0.02147EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2022/03/10 9:15 a.m.0 views

PYSEC-2022-186

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

7.5CVSS7.2AI score0.02147EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2022/03/10 12:0 a.m.2 views

PT-2022-10712 · Apache · Apache Spark

Name of the Vulnerable Software and Affected Versions: Apache Spark versions 3.1.2 and earlier Description: Apache Spark supports end-to-end encryption of RPC connections via spark.authenticate and spark.network.crypto.enabled. In affected versions, it uses a bespoke mutual authentication protoco...

8.7CVSS7.5AI score0.02147EPSS
Exploits0References12
CNNVD
CNNVDadded 2022/03/10 12:0 a.m.1 views

Apache Spark 加密问题漏洞

Apache Spark is a multilingual engine for performing data engineering, data science, and machine learning on a single-node machine or cluster. Apache Spark is vulnerable to an encryption issue that stems from the program's use of a custom mutual authentication protocol that allows fully encrypted...

7.5CVSS5.6AI score0.02147EPSS
Exploits0References4
Packet Storm
Packet Stormadded 2014/04/24 12:0 a.m.22 views

mRemote Offline Password Decrypt

mRemote Offline Password Decrypt Based on Metasploit Module enummremotepwds.rb from David Maloney Autor: Adriano Marcio Monteiro E-mail: [email protected] Blog: adrianomarciomonteiro.blogspot.com.br Usage: ruby mRemoteOffPwdsDecrypt.rb confCons.xml require 'rexml/document' require...

0.9AI score
Exploits0
Metasploit
Metasploitadded 2013/11/06 7:45 p.m.75 views

Supermicro Onboard IPMI Static SSL Certificate Scanner

This module checks for a static SSL certificate shipped with Supermicro Onboard IPMI controllers. An attacker with access to the publicly-available firmware can perform man-in-the-middle attacks and offline decryption of communication to the controller. This module has been on a Supermicro Onboar...

8.1CVSS6.3AI score0.0946EPSS
Exploits2
Metasploit
Metasploitadded 2011/11/25 1:39 a.m.45 views

Multi Gather Mozilla Thunderbird Signon Credential Collection

This module will collect credentials from Mozilla Thunderbird by downloading the necessary files such as 'signons.sqlite', 'key3.db', and 'cert8.db' for offline decryption with third party tools. If necessary, you may also set the PARSE option to true to parse the sqlite file, which contains...

Exploits0
Rows per page
Query Builder