25 matches found
h2database-rce-poc
H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...
USN-6834-1: H2 vulnerabilities
It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...
Ubuntu 16.04 LTS / 18.04 LTS : H2 vulnerabilities (USN-6834-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6834-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 9
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 8
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of none. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.1 security update on RHEL 7
New Red Hat Single Sign-On 7.6.1 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
RHEL 7 : Red Hat Single Sign-On 7.5.3 security update on RHEL 7 (Moderate) (RHSA-2022:6782)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6782 advisory. Red Hat Single Sign-On 7.5 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update on RHEL 7
New Red Hat Single Sign-On 7.5.3 packages are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.3 security update
A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
RHEL 7 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 7 (Moderate) (RHSA-2022:4918)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4918 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
RHEL 8 : Red Hat JBoss Enterprise Application Platform 7.4.5 security update on RHEL 8 (Moderate) (RHSA-2022:4919)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4919 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release o...
USN-5365-1: H2 vulnerabilities
It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...
Ubuntu 20.04 LTS : H2 vulnerabilities (USN-5365-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5365-1 advisory. It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code...
H2 Database JNDI Lookup RCE (CVE-2021-42392)
Binary data h2databasecve-2021-42392.nbin...
Debian DSA-5076-1 : h2database - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5076 advisory. Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can b...
[SECURITY] [DSA 5076-1] h2database security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5076-1 [email protected] https://www.debian.org/security/ Markus Koschany February 15, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2923-1] h2database security update
Debian LTS Advisory DLA-2923-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 15, 2022 https://wiki.debian.org/LTS Package : h2database Version : 1.4.193-1+deb9u1 CVE ID : CVE-2021-42392 CVE-2022-23221 Debian Bug : 1003894 Security researchers of JFrog...
H2 Database Console Remote Code Execution (CVE-2021-42392)
A remote code execution vulnerability exists in H2 Database Console. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Arbitrary code execution in H2 Console
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNOREUNKNOWNSETTINGS=TRUE;FORBIDCREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392...