49 matches found
GHSA-329J-JFVR-RHR6 Apache Spark vulnerable to Improper Privilege Management
In Apache Spark versions prior to versions 3.4.0 and 3.3.3, applications using spark-submit can specify a proxy-user to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the...
CVE-2023-22946
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
PYSEC-2023-44
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
Default configuration
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
PYSEC-2023-44
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
CVE-2023-22946 Apache Spark proxy-user privilege escalation from malicious configuration class
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...
PT-2023-8745 · Apache · Apache Spark
Name of the Vulnerable Software and Affected Versions: Apache Spark versions prior to 3.4.0 Description: The issue is related to insecure privilege management in the spark-submit function of Apache Spark. This allows an application to execute code with the privileges of the submitting user by...
Capsule8 Console SQL注入漏洞
Capsule Console is a web interface for Capsule8 from Capsule USA, Inc. It is used for event management, sensor configuration, and system analysis. A SQL injection vulnerability exists in Capsule8 Console 4.6.0 and 4.9.1, which originates from an authenticated and authorized proxy user can gain...
Squid 信任管理问题漏洞
Squid is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. Squid suffers from a trust management issue vulnerability that stems from incorrect certificate validation. An attacke...
EdgeX Foundry 安全漏洞
EdgeX Foundry is an open source project to build a common open framework for IoT edge computing. EdgeX Foundry suffers from a security vulnerability that stems from the fact that when the EdgeX API gateway is configured for OAuth2 authentication and a proxy user is created, the client id and clie...
The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite allows a perpetrator to gain access to data for reading purposes.
The vulnerability of the Proxy User Delegation sub-component of the Oracle User Management component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data through HTTP...
CVE-2021-2017
Vulnerability in the Oracle User Management product of Oracle E-Business Suite component: Proxy User Delegation. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Us...
Apache Hadoop web endpoint privilege escalation vulnerability
Apache Hadoop is a set of open source distributed systems infrastructure of the U.S. Apache Apache Software Foundation. The product is capable of distributed processing of large amounts of data and is characterized by high reliability, high scalability, high fault tolerance and so on. Apache Hado...
Authentication flaw
Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured...
CVE-2018-11764
A flaw was found in Apache Hadoop, where the Web endpoint authentication check is broken. This flaw allows authenticated users to impersonate any user even if no proxy user is configured...
CVE-2018-2691
Vulnerability in the Oracle User Management component of Oracle E-Business Suite subcomponent: Proxy User Delegation. Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows low privileged attacker with network access via...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2018-02403)
Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management, and so on a variety of management software collection, is a seamless integration of a management suite. An...
dirsearch - Brute Force Directories and Files in Websites
dirsearch is a simple command line tool designed to brute force directories and files in websites. Operating Systems supported Windows XP/7/8/10 GNU/Linux MacOSX Features Multithreaded Keep alive connections Support for multiple extensions -e|--extensions asp,php Reporting plain text, JSON...
CVE-2016-7442
The Frontend component in Sophos UTM with firmware 9.405-5 and earlier allows local administrators to obtain sensitive password information by reading the "value" field of the proxy user settings in "system settings / scan settings / anti spam" configuration tab...