Lucene search
K

192 matches found

hivepro
hivepro
added 2022/01/10 4:0 p.m.37 views

A similar vulnerability like Log4shell discovered in H2 database console

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...

10CVSS2.2AI score0.63211EPSS
Exploits3
ATTACKERKB
ATTACKERKB
added 2022/01/10 2:10 p.m.3 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

10CVSS6.3AI score0.63211EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2022/01/10 2:10 p.m.45 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

9.8CVSS7.6AI score
Exploits0References7
OSV
OSV
added 2022/01/10 2:10 p.m.2 views

DEBIAN-CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

9.8CVSS8.9AI score0.63211EPSS
Exploits3References1
NVD
NVD
added 2022/01/10 2:10 p.m.28 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

10CVSS0.63211EPSS
Exploits3References7
UbuntuCve
UbuntuCve
added 2022/01/10 2:10 p.m.50 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

10CVSS7.5AI score0.63211EPSS
Exploits3References5
Prion
Prion
added 2022/01/10 2:10 p.m.23 views

Remote code execution

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

10CVSS9.6AI score0.63211EPSS
Exploits3References7Affected Software3
OSV
OSV
added 2022/01/10 2:10 p.m.3 views

UBUNTU-CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

9.8CVSS7.4AI score0.63211EPSS
Exploits3References6
CNNVD
CNNVD
added 2022/01/10 12:0 a.m.15 views

H2database代码问题漏洞

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

10CVSS8.4AI score0.63211EPSS
Exploits3References24
ThreatPost
ThreatPost
added 2022/01/07 3:12 p.m.98 views

Log4J-Related RCE Flaw in H2 Database Earns Critical Warning

Researchers discovered a bug related to the Log4J logging library vulnerability, which in this case opens the door for an adversary to execute remote code on vulnerable systems. However, this flaw does not pose the same risk as the previously identified in Log4Shell, they said. JFrog security...

10CVSS9.8AI score0.99999EPSS
Exploits355References14
The Hacker News
The Hacker News
added 2022/01/07 9:31 a.m.58 views

Log4Shell-like Critical RCE Flaw Discovered in H2 Database Console

Researchers have disclosed a security flaw affecting H2 database consoles that could result in remote code execution in a manner that echoes the Log4j "Log4Shell" vulnerability that came to light last month. The issue, tracked as CVE-2021-42392, is the "first critical issue published since...

10CVSS1.4AI score0.63211EPSS
Exploits3
Cvelist
Cvelist
added 2022/01/07 12:0 a.m.43 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

9.9AI score0.63211EPSS
Exploits3References7
NCSC
NCSC
added 2022/01/07 12:0 a.m.5 views

Vulnerability fixed in H2 Database Console

A vulnerability has been found in the Console component of H2 Database. This vulnerability allows a local malicious person to to execute arbitrary code under application privileges. Researchers at JFrog found this vulnerability during additional research on Java vulnerabilities following Log4j. S...

10CVSS7.4AI score0.63211EPSS
Exploits3
Debian CVE
Debian CVE
added 2022/01/07 12:0 a.m.37 views

CVE-2021-42392

The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various atta...

10CVSS9.6AI score0.63211EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/01/06 11:55 p.m.7 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +5739 more potentially affected by CVE-2021-42392 via com.h2database:h2 (>=1.1.101 <=2.0.204)

com.h2database:h2 MAVEN version =1.1.101, =1.0.0, =1.0.0, =0.5.0, =0.5.0, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.5.2, =0.9.6, =1.0, =1.0.0, =1.0.5 and more Source cves: CVE-2021-42392 Source advisory: OSV:GHSA-H376-J262-VHQ6...

10CVSS7.4AI score0.63211EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2021/12/16 2:29 p.m.3 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +2467 more potentially affected by CVE-2021-23463 via com.h2database:h2 (>=1.4.198 <=1.4.200)

com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.0, =1.0.0, =0.0.1-alpha, =0.0.2-alpha, =0.0.6-alpha and more Source cves: CVE-2021-23463 Source advisory: OSV:GHSA-7RPJ-HG47-CX62...

9.1CVSS7.2AI score0.03284EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2021/12/10 12:0 a.m.3 views

PT-2021-8014 · H2Database · H2

Name of the Vulnerable Software and Affected Versions: com.h2database:h2 versions 1.4.198 through 2.0.202 Description: The issue is related to XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. This occurs when the object receives parsed string data from the...

9.1CVSS9AI score0.03284EPSS
Exploits1References15
CNNVD
CNNVD
added 2021/12/10 12:0 a.m.3 views

Markdown To Pdf 代码问题漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. Markdown To Pdf in the code problematic vulnerability, the vulnerability stems from the service using org.h2.jdbc.JdbcResultSet.getSQLXML method to get...

9.1CVSS7.9AI score0.03284EPSS
Exploits1References6
OSV
OSV
added 2021/11/30 7:15 p.m.3 views

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. I...

6.5CVSS5.8AI score0.00969EPSS
Exploits0References1
NVD
NVD
added 2021/11/30 7:15 p.m.18 views

CVE-2021-44230

PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might lead to privilege escalation. This issue can be exploited by an adversary who has already compromised a valid Windows account on the server via separate means. I...

6.5CVSS0.00969EPSS
Exploits0References1
Rows per page
Query Builder