1167 matches found
Apache Spark - Authentication Bypass
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to require authentication spark.authenticate via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application's resources on the Spark cluster, even...
Apache Spark UI - Cross-Site Scripting
Apache Spark UI before 2.3.2 is vulnerable to XSS via unsanitized query string parameters in the /jobs/ endpoint. id: CVE-2018-8024 info: name: Apache Spark UI - Cross-Site Scripting author: ritikchaddha severity: medium description: | Apache Spark UI before 2.3.2 is vulnerable to XSS via...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: kayenta-fips, management-api-for-apache-cassandra-5.0, druid, opensearch, logstash, spark-kubernetes-operator, docker-selenium, pinot-fips, logstash-fips, kayenta, reposilite, kserve-modelmesh, elasticsearch-fips, wazuh-indexer, spark, solr, knative-kafka-broker-fips...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: kayenta-fips, management-api-for-apache-cassandra-5.0, druid, opensearch, logstash, spark-kubernetes-operator, docker-selenium, pinot-fips, logstash-fips, kayenta, reposilite, kserve-modelmesh, elasticsearch-fips, wazuh-indexer, spark, solr, knative-kafka-broker-fips...
GHSA-4GRM-H2QV-H6W6 vulnerabilities
Vulnerabilities for packages: apache-hop, spark...
GHSA-4GRM-H2QV-H6W6 vulnerabilities
Vulnerabilities for packages: spark...
GHSA-CQ4Q-CV5G-R8Q5 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-48748 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-50009 vulnerabilities
Vulnerabilities for packages: spark...
CVE-2026-50560 vulnerabilities
Vulnerabilities for packages: docker-selenium, kserve-modelmesh, strimzi-kafka-operator, druid, spark, management-api-for-apache-cassandra-5.0...
GHSA-HVCG-QMG6-JM4C vulnerabilities
Vulnerabilities for packages: docker-selenium, opensearch, wildfly, kserve-modelmesh, strimzi-kafka-operator, druid, logstash, spark, management-api-for-apache-cassandra-5.0...
GHSA-563Q-J3CM-6JXM vulnerabilities
Vulnerabilities for packages: docker-selenium, kserve-modelmesh, strimzi-kafka-operator, druid, spark, management-api-for-apache-cassandra-5.0...
CVE-2026-50020 vulnerabilities
Vulnerabilities for packages: docker-selenium, opensearch, wildfly, kserve-modelmesh, strimzi-kafka-operator, druid, logstash, spark, management-api-for-apache-cassandra-5.0...
GHSA-C653-97M9-RCG9 vulnerabilities
Vulnerabilities for packages: docker-selenium, opensearch, solr, kserve-modelmesh, cassandra, druid, logstash, spark, management-api-for-apache-cassandra-5.0...
CVE-2026-50010 vulnerabilities
Vulnerabilities for packages: docker-selenium, opensearch, solr, kserve-modelmesh, cassandra, druid, logstash, spark, management-api-for-apache-cassandra-5.0...
Apache Spark UI - Remote Command Injection
Apache Spark UI is susceptible to remote command injection. ACLs can be enabled via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilte...
CVE-2026-50752 VPN site to site certificate bypass vulnerability in deprecated IKEv1 key exchange
Symptoms - A vulnerability in the certificate validation logic of the deprecated IKEv1 key exchange method may lead to a man-in-the-middle attack on the VPN site-to-site configuration. This vulnerability was discovered by Check Point security research team. There are no reported exploits of this...
EUVD-2026-33281
Path traversal vulnerability in Remote Spark https://www.Remotespark.Com/ SparkView allows reading and writing arbitrary files in all directories as root. This leads to RCE. The affected component is the RDP drive redirection. Depending on implementation, the vulnerability can be exploited by an...
Remote Spark SparkView 安全漏洞
Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop and terminal access. Versions of Remote Spark SparkView prior to build 1127 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in RDP driver redirection,...
CVE-2026-48132 - VPN service may restart unexpectedly when processing IKE traffic over NAT-T 4500/UDP
Symptoms - The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used 4500/UDP. As a result, a specially crafted or malformed packet can cause the VPN processing service to terminate unexpectedly, leading to denial of service temporary interruption o...