Lucene search
K

7 matches found

vulnersOsv
vulnersOsv
added 2025/08/03 12:30 p.m.10 views

org.apache.zeppelin:zeppelin-flink-cmd (>=0.10.0 <=0.11.2), org.apache.zeppelin:zeppelin-spark-submit (>=0.10.0 <=0.11.2) +1 more potentially affected by CVE-2024-51775 via org.apache.zeppelin:zeppelin-shell (>=0.10.0 <=0.11.2)

org.apache.zeppelin:zeppelin-shell MAVEN version =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.11.2 Source cves: CVE-2024-51775 Source advisory: SNYK:JAVA-ORGAPACHEZEPPELIN-11444035...

7.5CVSS5.8AI score0.00241EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/03/06 12:0 a.m.5 views

The vulnerability of the spark-submit function in the Apache Spark framework, which allows a hacker to execute arbitrary code.

The vulnerability of the spark-submit function in the Apache Spark framework is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9.9CVSS8.1AI score0.01109EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/11 2:19 p.m.47 views

Security Bulletin: IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities.

Summary IBM Operations Analytics Predictive Insights v1.3.6 ifix7 contains fixes for multiple security vulnerabilities, listed in the CVEs below. Vulnerability Details CVEID:CVE-2023-32007 DESCRIPTION: Apache Spark could allow a remote authenticated attacker to execute arbitrary commands on the...

9.9CVSS8.9AI score0.75792EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/10/04 12:0 a.m.22 views

Apache Spark < 3.4.0 Privilege Escalation (CVE-2023-22946)

In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-user' to run as, limiting privileges. The application can execute code with the privileges of the submitting user, however, by providing malicious configuration-related classes on the classpath. This...

9.9CVSS8.2AI score0.01109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/15 12:0 a.m.8 views

PT-2023-8745

Name of the Vulnerable Software and Affected Versions Apache Spark versions prior to 3.4.0 Description The issue is related to insecure privilege management in the spark-submit function of Apache Spark. This allows an application to execute code with the privileges of the submitting user by...

9.9CVSS8.4AI score0.01109EPSS
Exploits0References23
Prion
Prion
added 2017/09/13 4:29 p.m.20 views

Deserialization of untrusted data

In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the loc...

7.2CVSS7.9AI score0.00734EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/09/13 4:0 p.m.22 views

CVE-2017-12612

In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to arbitrary code execution by an attacker with access to any user account on the loc...

7.9AI score0.00734EPSS
Exploits0References2
Rows per page
Query Builder