Lucene search
K

1172 matches found

Cvelist
Cvelist
added 2026/05/08 9:4 a.m.52 views

CVE-2026-6213 Remote Spark SparkView RCE

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

10CVSS0.00326EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/08 9:4 a.m.10 views

CVE-2026-6213

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

10CVSS6.3AI score0.00326EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

Remote Spark SparkView 安全漏洞

Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop access and terminal connections. Versions of Remote Spark SparkView prior to build 1122 contained security vulnerabilities. These vulnerabilities stemmed from bypassing local connection...

10CVSS6.2AI score0.00326EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.19 views

PT-2026-38902

Name of the Vulnerable Software and Affected Versions Remote Spark SparkView versions prior to build 1122 Description An issue in the local connection check allows an attacker to bypass security restrictions and achieve arbitrary code execution as root on the server side. Depending on the...

10CVSS6.3AI score0.00326EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/04 6:30 p.m.12 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: OSV:GHSA-W76P-3CGP-QFCM...

9.9CVSS5.8AI score0.00364EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 5:28 p.m.9 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42809 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42809 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422853...

9.9CVSS5.8AI score0.00355EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/04 5:26 p.m.8 views

org.apache.polaris:polaris-extensions-auth-opa-tests (>=1.3.0-incubating <=1.4.0), org.apache.polaris:polaris-runtime-spark-tests (>=1.0.0-incubating <=1.4.0) +3 more potentially affected by CVE-2026-42812 via org.apache.polaris:polaris-runtime-service (>=1.0.0-incubating <=1.4.0)

org.apache.polaris:polaris-runtime-service MAVEN version =1.0.0-incubating, =1.3.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.0.0-incubating, =1.4.0 Source cves: CVE-2026-42812 Source advisory: SNYK:JAVA-ORGAPACHEPOLARIS-16422548...

9.9CVSS5.8AI score0.00364EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 6:31 p.m.18 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +922 more potentially affected by CVE-2026-34481 via org.apache.logging.log4j:log4j-layout-template-json (>=2.14.0 <=2.25.3)

org.apache.logging.log4j:log4j-layout-template-json MAVEN version =2.14.0, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.7.1 and more Source cves: CVE-2026-34481 Source...

7.5CVSS5.7AI score0.00555EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 6:31 p.m.9 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7315 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =3.0.0, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisor...

7.5CVSS6.3AI score0.00831EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 5:6 p.m.8 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +922 more potentially affected by CVE-2026-34481 via org.apache.logging.log4j:log4j-layout-template-json (>=2.14.0 <=2.25.3)

org.apache.logging.log4j:log4j-layout-template-json MAVEN version =2.14.0, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =9.0.0, =9.0.0, =9.0.0, =9.0.0, =9.7.1 and more Source cves: CVE-2026-34481 Source...

7.5CVSS5.7AI score0.00555EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/10 5:6 p.m.9 views

ai.catboost:catboost-spark_4.0_2.13 (=1.2.10), ai.catboost:catboost-spark_4.1_2.13 (=1.2.10) +7315 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=2.21.0 <=2.25.3)

org.apache.logging.log4j:log4j-core MAVEN version =2.21.0, =0.27.0, =0.26.0, =3.10.0.5, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =2.6.0-looktech.1, =3.0.0, =2.12.1, =2.12.3 and more Source cves: CVE-2026-34478 Source advisor...

7.5CVSS6.3AI score0.00831EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/02 1:17 a.m.4 views

CVE-2025-54920 vulnerabilities

Vulnerabilities for packages: spark-fips...

8.8CVSS5.8AI score0.05341EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/02 1:17 a.m.5 views

GHSA-JWP6-CVJ8-FW65 vulnerabilities

Vulnerabilities for packages: spark-fips...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/01 9:51 a.m.4 views

CLEANSTART-2026-NV84668 Security fixes for ghsa-84h7-rjj3-6jx4, ghsa-vc5p-v9hr-52mj applied in versions: 4.1.1-r1

Multiple security vulnerabilities affect the spark-sc213-jdk17-py314 package. These issues are resolved in later releases. See references for individual vulnerability details...

5.9AI score
Exploits0References3
OSV
OSV
added 2026/04/01 9:51 a.m.5 views

CLEANSTART-2026-NA08955 Security fixes for ghsa-84h7-rjj3-6jx4, ghsa-vc5p-v9hr-52mj applied in versions: 4.1.1-r1

Multiple security vulnerabilities affect the spark-sc213-jdk17-py311 package. These issues are resolved in later releases. See references for individual vulnerability details...

5.9AI score
Exploits0References3
Chainguard
Chainguard
added 2026/03/27 7:17 a.m.11 views

CVE-2026-33870 vulnerabilities

Vulnerabilities for packages: seata, management-api-for-apache-cassandra-4.0, opensearch, apache-pulsar, reposilite, management-api-for-apache-cassandra-4.1, infinispan, kafka-bridge-fips, apache-camel-karavan-devmode, elasticsearch-fips, opensearch-fips, kafbat-ui, hono, kayenta-fips,...

7.5CVSS6.7AI score0.0064EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.3 views

CVE-2025-60012

Malicious configuration can lead to unauthorized file access in Apache Livy. This issue affects Apache Livy 0.7.0 and 0.8.0 when connecting to Apache Spark 3.1 or later. A request that includes a Spark configuration value supported from Apache Spark version 3.1 can lead to users gaining access to...

6.3CVSS5.9AI score0.00488EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.30 views

Apache Spark Deserialization Vulnerability

Apache Spark is a large-scale data processing engine that supports acyclic data streaming and in-memory computing from the Apache Foundation. Apache Spark suffers from a deserialization vulnerability. The vulnerability stems from the Spark History Web UI's overly lax Jackson deserialization of...

8.8CVSS6.3AI score0.05341EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.3 views

Apache Livy Input Validation Error Vulnerability

Apache Livy is the United States Apache Apache Foundation, an application server . Provides support for programmatic , fault-tolerant , multi-tenant submission of Spark jobs from Web, mobile applications . Apache Livy suffers from an input validation error vulnerability. The vulnerability stems...

6.3CVSS5.8AI score0.00488EPSS
Exploits1References1
OSV
OSV
added 2026/03/18 8:54 a.m.6 views

BIT-SPARK-2025-54920 Apache Spark: Spark History Server Code Execution Vulnerability

This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to version 3.5.7 or 4.0.1 and above, which fixes the issue. Summary Apache Spark 3.5.4 and earlier versions contain a code execution vulnerability in the Spark History Web UI due to overly permissive Jackson...

8.8CVSS6.4AI score0.05341EPSS
Exploits1References6
Rows per page
Query Builder