V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Filters

All vulnerabilities

29 / 29
Product: apache:spark×Clear all
8.8
CVE-2022-33891DEB KEV
The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.ac…
2022-01-01KEV
EPSS93.0%
pct 99
5.3
CVE-2020-27223DEB
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty…
2020-01-01Pre-auth
EPSS78.0%
pct 99
8.8
CVE-2023-32007DEB
** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via t…
2023-01-01
EPSS75.8%
pct 99
6.5
CVE-2018-11770DEB
From version 1.3.0 onward, Apache Spark's standalone master exposes a REST API for job submissi…
2018-01-01Pre-auth
EPSS65.9%
pct 99
9.8
CVE-2020-9480DEB
In Apache Spark 2.4.5 and earlier, a standalone resource manager's master may be configured to …
2020-01-01Pre-auth
EPSS29.2%
pct 97
5.9
CVE-2019-10172DEB
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entit…
2019-01-01Pre-auth
EPSS17.0%
pct 96
7.5
CVE-2019-20445DEB
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied …
2019-01-01Pre-auth
EPSS13.5%
pct 95
9.8
CVE-2018-17190DEB
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a '…
2018-01-01Pre-auth
EPSS8.7%
pct 94
4.8
CVE-2020-27218DEB
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0…
2020-01-01Pre-auth
EPSS8.1%
pct 94
7.5
CVE-2018-11804DEB
Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and…
2018-01-01Pre-auth
EPSS5.7%
pct 92
5.4
CVE-2018-8024ANC
In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user t…
2018-01-01
EPSS5.5%
pct 91
8.8
CVE-2025-54920ANC
This issue affects Apache Spark: before 3.5.7 and 4.0.1. Users are recommended to upgrade to ve…
2025-01-01
EPSS5.3%
pct 91
6.1
CVE-2017-7678DEB
In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trus…
2017-01-01Pre-auth
EPSS3.4%
pct 87
7.5
CVE-2021-38296DEB
Apache Spark supports end-to-end encryption of RPC connections via "spark.authenticate" and "sp…
2021-01-01Pre-auth
EPSS1.8%
pct 75
5.4
CVE-2022-31777DEB
A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0,…
2022-01-01
EPSS1.5%
pct 70
5.9
CVE-2024-23945ANC
Signing cookies is an application security feature that adds a digital signature to cookie data…
2024-01-01Pre-auth
EPSS1.4%
pct 69
7.5
CVE-2019-10099DEB
Prior to Spark 2.3.3, in certain situations Spark would write user data to local disk unencrypt…
2019-01-01Pre-auth
EPSS1.3%
pct 66
9.9
CVE-2023-22946DEB
In Apache Spark versions prior to 3.4.0, applications using spark-submit can specify a 'proxy-u…
2023-01-01
EPSS1.1%
pct 61
7.8
CVE-2017-12612DEB
In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data rec…
2017-01-01
EPSS0.7%
pct 49
7.1
CVE-2018-11760DEB
When using PySpark , it's possible for a different local user to connect to the Spark applicati…
2018-01-01
EPSS0.6%
pct 44
4.7
CVE-2018-1334DEB
In Apache Spark 1.0.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, when using PySpark or SparkR, it's p…
2018-01-01
EPSS0.5%
pct 38
6.5
CVE-2025-55039ANC
This issue affects Apache Spark versions before 3.4.4, 3.5.2 and 4.0.0. Apache Spark versio…
2025-01-01Pre-auth
EPSS0.2%
pct 13
6.3
BDU:2026-04646BDU
Уязвимость функции spark-submit фреймворка Apache Spark связана с недостатками механизма десери…
2026-01-01apache software foundation
EPSS0.0%
pct 0
9.8
BDU:2025-09903BDU
Уязвимость компонента Analytics Server программной платформы Oracle Business Intelligence Enter…
2025-01-01apache software foundationPre-auth
EPSS0.0%
pct 0
5.9
BDU:2025-00249BDU
Уязвимость класса CookieSigner фреймворка Apache Spark и СУБД Apache Hive связана с раскрытием …
2025-01-01apache software foundationPre-auth
EPSS0.0%
pct 0
9.9
BDU:2024-01784BDU
Уязвимость функции spark-submit фреймворка Apache Spark связана с небезопасным управлением прив…
2024-01-01apache software foundation
EPSS0.0%
pct 0
7.3
BDU:2022-04514BDU
Уязвимость интерфейса фреймворка Apache Spark связана с недостаточной проверкой аргументов, пер…
2022-01-01apache software foundationPre-auth
EPSS0.0%
pct 0
5.5
BDU:2020-00135BDU
Уязвимость интерфейса PySpark фреймворка Apache Spark связана с недостатками разграничения дост…
2020-01-01apache software foundation
EPSS0.0%
pct 0
9.8
BDU:2020-00063BDU
Уязвимость фреймворка Apache Spark связана с недостатками процедуры аутентификации. Эксплуатаци…
2020-01-01the linux foundationPre-auth
EPSS0.0%
pct 0
Select a vulnerability on the left to open the preview.