Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
spark vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-24451
A missing permission check in Jenkins Cisco Spark Notifier Plugin 1.1.1 and previous versions allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
Jenkins Cisco Spark
9.3
CVSSv2
CVE-2018-0692
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and previous versions allows an malicious user to gain privileges via a Trojan horse DLL in an unspecified directory.
Baidu Spark Browser
4
CVSSv2
CVE-2022-34808
Jenkins Cisco Spark Plugin 1.1.1 and previous versions stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
Jenkins Cisco Spark
NA
CVE-2023-40195
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider. When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to confi...
Apache Airflow Spark Provider
NA
CVE-2024-23347
Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.
Facebook Meta Spark Studio
5
CVSSv2
CVE-2014-5349
Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 allows remote malicious users to cause a denial of service (application crash) via nested calls to the window.print JavaScript function.
Baidu Spark Browser 26.5.9999.3511
1 EDB exploit
5.4
CVSSv2
CVE-2014-5867
The Capital One Spark Pay (aka com.capitalone.sparkpay) application 0.9.81 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate.
Sparkpay Capital One Spark 0.9.81
4.3
CVSSv2
CVE-2015-6303
The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle malicious users to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and...
Cisco Spark 2015-07-04 Base
NA
CVE-2023-40272
Apache Airflow Spark Provider, versions prior to 4.1.3, is affected by a vulnerability that allows an malicious user to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version...
Apache Apache-airflow-providers-apache-spark
NA
CVE-2023-28710
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: prior to 4.0.1.
Apache Apache-airflow-providers-apache-spark
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »