Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2018-0692
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and previous versions allows an malicious user to gain privileges via a Trojan horse DLL in an unspecified directory.
Baidu Spark Browser
4
CVSSv2
CVE-2022-34808
Jenkins Cisco Spark Plugin 1.1.1 and previous versions stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins Cisco Spark
NA
CVE-2023-24451
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Cisco Spark
5
CVSSv2
CVE-2014-5349
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote malicious users to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
Baidu Spark Browser 26.5.9999.3511
1 EDB exploit
NA
CVE-2024-23347
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.
Facebook Meta Spark Studio
NA
CVE-2023-40195
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to confi...
Apache Airflow Spark Provider
4.3
CVSSv2
CVE-2015-6303
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and...
Cisco Spark 2015-07-04 Base
5.4
CVSSv2
CVE-2014-5867
The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sparkpay Capital One Spark 0.9.81
NA
CVE-2023-40272
Apache Airflow Spark Provider, versions prior to 4.1.3, is affected by a vulnerability that allows an malicious user to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version...
Apache Apache-airflow-providers-apache-spark
9.3
CVSSv2
CVE-2020-9480
In Apache Spark 2.4.5 and previous versions, a standalone resource manager's master may be configured to require authentication (spark.authenticate) via a shared secret. When enabled, however, a specially-crafted RPC to the master can succeed in starting an application'...
Apache Spark
Oracle Business Intelligence 5.5.0.0.0
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000
CVE-2024-4439
unauthorized
CVE-2024-0042
CVE-2024-31848
CVE-2023-40694
cache poisoning
CVE-2024-23707
firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »