Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-10172
A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
Fasterxml Jackson-mapper-asl
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Fuse 7.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Apache Spark 3.0.1
1 Github repository
4.7
CVSSv3
CVE-2018-0119
A vulnerability in certain authentication controls in the account services of Cisco Spark could allow an authenticated, remote malicious user to interact with and view information on an affected device that would normally be prohibited. The vulnerability is due to the improper di...
Cisco Conference Director 2017-08-30
4.4
CVSSv3
CVE-2017-12306
A vulnerability in the upgrade process of Cisco Spark Board could allow an authenticated, local malicious user to install an unverified upgrade package, aka Signature Verification Bypass. The vulnerability is due to insufficient upgrade package validation. An attacker could explo...
Cisco Conference Director 2017-08-15
4.8
CVSSv3
CVE-2020-27218
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request ...
Eclipse Jetty 11.0.0
Eclipse Jetty 10.0.0
Eclipse Jetty
Netapp Snap Creator Framework -
Netapp Oncommand System Manager
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Pricing Design Center 12.0.0.3.0
Oracle Rest Data Services
Oracle Communications Converged Application Server - Service Controller 6.2
Oracle Communications Session Route Manager
Oracle Siebel Core - Automation
Oracle Retail Eftlink 20.0.0
Oracle Hyperion Infrastructure Technology 11.1.2.6.0
Oracle Blockchain Platform
Apache Kafka 2.7.0
Apache Spark 2.4.8
Apache Spark 3.0.3
Debian Debian Linux 10.0
5.3
CVSSv3
CVE-2020-27223
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high ...
Eclipse Jetty 9.4.6
Eclipse Jetty 9.4.36
Eclipse Jetty
Eclipse Jetty 10.0.0
Eclipse Jetty 11.0.0
Apache Spark 3.1.1
Apache Nifi 1.13.0
Netapp Snap Creator Framework -
Netapp Snapcenter -
Netapp Snapmanager -
Netapp Hci -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp E-series Santricity Web Services -
Netapp Element Plug-in For Vcenter Server -
Netapp E-series Santricity Os Controller
Netapp Management Services For Element Software -
Debian Debian Linux 10.0
Apache Solr 8.8.1
Oracle Rest Data Services
2 Github repositories
9.8
CVSSv3
CVE-2019-10095
bash command injection vulnerability in Apache Zeppelin allows an malicious user to inject system commands into Spark interpreter settings. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
Apache Zeppelin
7.8
CVSSv3
CVE-2020-9875
An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted...
Apple Mac Os X
Apple Tvos
Apple Iphone Os
Apple Icloud
Apple Itunes
Apple Watchos
Apple Ipados
1 Article
6.1
CVSSv3
CVE-2020-35200
Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.jsp Reflective XSS.
Igniterealtime Openfire 4.6.0
7.5
CVSSv3
CVE-2017-9326
The keystore password for the Spark History Server may be exposed in unsecured files under the /var/run/cloudera-scm-agent directory managed by Cloudera Manager. The keystore file itself is not exposed.
Cloudera Cloudera Manager 5.11.0
7.8
CVSSv3
CVE-2023-46674
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users. Elastic would like to thank Yakov Shafranovich, with Amazon Web Services for reporting this issue.
Elastic Elasticsearch
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27802
template injection
CVE-2024-0044
code injection
CVE-2024-35474
CVE-2024-27857
CVE-2024-23251
CVE-2024-23692
physical
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »