Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2020-12772
An issue exists in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with th...
Igniterealtime Spark 2.8.3
1 Github repository
NA
CVE-2023-24451
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Cisco Spark
9.3
CVSSv2
CVE-2018-0692
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and previous versions allows an malicious user to gain privileges via a Trojan horse DLL in an unspecified directory.
Baidu Spark Browser
7.2
CVSSv2
CVE-2019-15417
The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthoriz...
Tecno Spark Pro Firmware -
NA
CVE-2024-23347
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.
Facebook Meta Spark Studio
5
CVSSv2
CVE-2014-5349
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote malicious users to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
Baidu Spark Browser 26.5.9999.3511
1 EDB exploit
NA
CVE-2023-40195
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to confi...
Apache Airflow Spark Provider
NA
CVE-2022-46415
DJI Spark 01.00.0900 allows remote malicious users to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, t...
Dji Spark Firmware 01.00.0900
5.4
CVSSv2
CVE-2014-5867
The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sparkpay Capital One Spark 0.9.81
4.3
CVSSv2
CVE-2015-6303
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and...
Cisco Spark 2015-07-04 Base
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »