PT-2026-5602

A vulnerability has been found in DJI Mavic Mini, Spark and Mini SE up to 01.00.0500. Affected by this vulnerability is an unknown functionality of the component Enhanced Wi-Fi Pairing. The manipulation leads to authentication bypass by capture-replay. The attack must be carried out from within t...

CVE-2025-55039

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

ai.catboost:catboost-spark_3.5_2.12 (>=1.2.3 <=1.2.10), ai.djl.spark:spark_2.12 (=0.29.0) +265 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.5.0 <=3.5.1)

org.apache.spark:spark-network-common2.12 MAVEN version =3.5.0, =1.2.3, =3.44.0.1-1-3.5, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =0.6.17, =0.0.3, =14.0.0, =14.0.0, =14.0.0, =14.17.1 - bio.ferlab:obo-parser2.12 =1.3.1 and more Source cves: CVE-2025-55039 Source advisory:...

CVE-2025-55039 Apache Spark, Apache Spark: RPC encryption defaults to unauthenticated AES-CTR mode, enabling man-in-the-middle ciphertext modification attacks

This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versions before 4.0.0, 3.5.2 and 3.4.4 use an insecure default network encryption cipher for RPC communication between nodes. When spark.network.crypto.enabled is set to true it is set to false by default, but...

EUVD-2021-18917

Malware in sbrugna...

EUVD-2018-0765

Malware in sbrugna...

EUVD-2023-0219

Malicious code in bioql PyPI...

Apache Spark 命令注入漏洞

Apache Spark is a large-scale data processing engine from the Apache Foundation that supports acyclic data streaming and in-memory computing. A command injection vulnerability exists in Apache Spark versions prior to 3.4.0, which stems from the fact that if ACLs are enabled, a code path in the...

SUSE CVE-2018-9159

In Spark before 2.7.2, a remote attacker can read unintended static files via various representations of absolute or relative pathnames, as demonstrated by file: URLs and directory traversal sequences. NOTE: this product is unrelated to Ignite Realtime Spark...

PYSEC-2022-186

Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "spark.network.crypto.enabled". In versions 3.1.2 and earlier, it uses a bespoke mutual authentication protocol that allows for full encryption key recovery. After an initial interactive attack, this would...

ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8), ai.catboost:catboost-spark_3.2_2.12 (>=1.0.6 <=1.2.10) +7009 more potentially affected by CVE-2021-21295 +1 more via io.netty:netty (>=3.10.0.Final <=3.10.6.Final)

io.netty:netty MAVEN version =3.10.0.Final, =1.0.1, =1.0.6, =1.0.6, =1.1, =1.1.1, =1.2, =1.2, =1.2.3, =1.2.3, =0.1.7, =0.1.7, =0.10.0, =0.10.0, =0.10.0, =0.15.0 and more Source cves: CVE-2021-21295, CVE-2021-21409 Source advisory: OSV:GHSA-F256-J965-7F32...

GHSA-FVXV-9XXR-H7WJ Pyspark User Impersonation Vulnerability

When using PySpark , it's possible for a different local user to connect to the Spark application and impersonate the user running the Spark application. This affects versions 1.x, 2.0.x, 2.1.x, 2.2.0 to 2.2.2, and 2.3.0 to 2.3.1...

ai.grakn:client-java (=1.3.0), ai.grakn:grakn-bootup (>=1.1.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +645 more potentially affected by CVE-2017-7678 via org.apache.spark:spark-core_2.10 (>=0.9.0-incubating <=2.1.3)

org.apache.spark:spark-core2.10 MAVEN version =0.9.0-incubating, =1.1.0, =0.12.0, =1.2.0, =0.12.0, =1.0.0, =1.0.0, =1.2.0, =0.17.0, =0.10.0, =0.15.0, =0.6.1, =0.17.0, =1.1.0 and more Source cves: CVE-2017-7678 Source advisory: OSV:GHSA-R34R-F84J-5X4Xhttps://vulners.com/osv/O...

CVE-2016-9177

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...

CVE-2016-9177

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. dot dot in the URI...