1172 matches found
CVE-2026-6213 Remote Spark SparkView RCE
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...
CVE-2026-6213
A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...
Remote Spark SparkView 安全漏洞
Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop access and terminal connections. Versions of Remote Spark SparkView prior to build 1122 contained security vulnerabilities. These vulnerabilities stemmed from bypassing local connection...
PT-2026-38902
Name of the Vulnerable Software and Affected Versions Remote Spark SparkView versions prior to build 1122 Description An issue in the local connection check allows an attacker to bypass security restrictions and achieve arbitrary code execution as root on the server side. Depending on the...
org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)
org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...
org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42809 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)
org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42809 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422853...
org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)
org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422548...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +922 more potentially affected by CVE-2026-34481 via org.apache.logging.log4j:log4j-layout-template-json (>=2.14.0 <=2.25.3)
org.apache.logging.log4j:log4j-layout-template-json MAVEN version =2.14.0, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.7.1 and more Source cves: CVE-2026-34481 Source...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7315 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)
org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =3.0.0, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisor...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +922 more potentially affected by CVE-2026-34481 via org.apache.logging.log4j:log4j-layout-template-json (>=2.14.0 <=2.25.3)
org.apache.logging.log4j:log4j-layout-template-json MAVEN version =2.14.0, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.7.1 and more Source cves: CVE-2026-34481 Source...
ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7315 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)
org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =3.0.0, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisor...
CVE-2025-54920 vulnerabilities
Vulnerabilities for packages: spark-fips...
GHSA-JWP6-CVJ8-FW65 vulnerabilities
Vulnerabilities for packages: spark-fips...
CLEANSTART-2026-NV84668 Security fixes for ghsa-84h7-rjj3-6jx4, ghsa-vc5p-v9hr-52mj applied in versions: 4.1.1-r1
Multiple security vulnerabilities affect the spark-sc213-jdk17-py314 package. These issues are resolved in later releases. See references for individual vulnerability details...
CLEANSTART-2026-NA08955 Security fixes for ghsa-84h7-rjj3-6jx4, ghsa-vc5p-v9hr-52mj applied in versions: 4.1.1-r1
Multiple security vulnerabilities affect the spark-sc213-jdk17-py311 package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2026-33870 vulnerabilities
Vulnerabilities for packages: seata, management-api-for-apache-cassandra-4.0, opensearch, apache-pulsar, reposilite, management-api-for-apache-cassandra-4.1, infinispan, kafka-bridge-fips, apache-camel-karavan-devmode, elasticsearch-fips, opensearch-fips, kafbat-ui, hono, kayenta-fips,...
CVE-2025-60012
Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...
Apache Spark Deserialization Vulnerability
Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...
Apache Livy Input Validation Error Vulnerability
Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...
BIT-SPARK-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...