Lucene search
K

180 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:54 p.m.12 views

CVE-2020-13921

Resolved Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases...

9.8CVSS7.8AI score0.33478EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/05 4:44 p.m.17 views

CVE-2025-3164

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

9.8CVSS7.8AI score0.00638EPSS
Exploits1References1
OSV
OSV
added 2025/04/03 4:15 p.m.5 views

CVE-2025-3164

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

9.8CVSS7.3AI score
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/04/03 3:31 p.m.9 views

CVE-2025-3164 Tencent Music Entertainment SuperSonic H2 Database Connection testConnect code injection

A vulnerability was found in Tencent Music Entertainment SuperSonic up to 0.9.8. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/semantic/database/testConnect of the component H2 Database Connection Handler. The manipulation leads to code...

5.8CVSS7.7AI score0.00638EPSS
Exploits1References5
CVE
CVE
added 2025/04/03 3:31 p.m.52 views

CVE-2025-3164

Vulnerability details (CVE-2025-3164): Tencent Music Entertainment SuperSonic versions up to 0.9.8 contain a flaw in the H2 Database Connection Handler, specifically in the /api/semantic/database/testConnect function. The issue arises from the manipulation of an unknown functionality, leading to ...

9.8CVSS7.7AI score0.00638EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.6 views

PT-2025-14772 · Unknown +1 · H2 Database Connection Handler +1

Name of the Vulnerable Software and Affected Versions: Tencent Music Entertainment SuperSonic versions up to 0.9.8 Description: A critical issue affects some unknown functionality of the file "/api/semantic/database/testConnect" of the component H2 Database Connection Handler, leading to code...

9.8CVSS5AI score0.00638EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.4 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
NVD
NVD
added 2025/02/06 3:15 p.m.35 views

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

8.5CVSS0.00671EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/06 2:23 p.m.8 views

CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

6.8AI score0.00671EPSS
Exploits0References1
CVE
CVE
added 2025/02/06 2:23 p.m.72 views

CVE-2022-31764

The CVE describes an RCE in Apache ShardingSphere ElasticJob-UI Lite UI, exploitable by constructing a special H2 JDBC URL. Affected versions are 3.0.1 and earlier; ElasticJob-UI 3.0.2 fixes the issue. The attack premise requires the attacker to have obtained the account credentials; without them...

8.5CVSS6.5AI score0.00671EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/05 10:28 p.m.8 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.7AI score0.00301EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 7:34 p.m.9 views

CVE-2022-39361

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

8.8CVSS7.9AI score0.00967EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2024/06/13 2:44 p.m.43 views

USN-6834-1: H2 vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS8.8AI score0.64766EPSS
Exploits6
OSV
OSV
added 2024/06/13 2:44 p.m.5 views

USN-6834-1 h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS7.4AI score0.64766EPSS
Exploits6References3
BDU FSTEC
BDU FSTEC
added 2024/03/22 12:0 a.m.7 views

Com.h2database:h2 vulnerability in the H2 database management system, which allows attackers to perform XXE attacks

The vulnerability of the com.h2database:h2 package in the H2 database management system is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows a remote attacker to perform XXE attacks...

8.5CVSS7.8AI score0.03284EPSS
Exploits1References6Affected Software3
Spring Security Advisories
Spring Security Advisories
added 2024/03/19 12:0 a.m.16 views

Hello, Java 22!

update I've since published a Spring Tips video on this very topic! If you'd prefer, you could watch that instead. Hi, Spring fans! Happy Java 22 release day, to those who celebrate! Did you get the bits already? Go, go, go! Java 22 is a significant improvement that I think is a worthy upgrade fo...

7.2AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2023/08/18 5:22 p.m.64 views

Metasploit Weekly Wrap-Up

Meterpreter Testing This week’s release adds new payload tests to our automated test suite. This is intended to help the team and community members identify issues and behavior discrepancies before changes are made. Payloads run on a variety of different platforms including Windows, Linux, and OS...

7.5CVSS9.7AI score0.98725EPSS
Exploits10
Metasploit
Metasploit
added 2023/08/16 7:50 p.m.850 views

H2 Web Interface Create Alias RCE

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

8.8CVSS7.3AI score0.34986EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/08/16 12:0 a.m.813 views

H2 Web Interface Create Alias Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'H2 Web Interface Create Alias RCE', 'Description' = %q The H2 database contains an alias function which allows for arbitrary Java code to be used...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/08/16 12:0 a.m.557 views

H2 Database Web Interface Create Alias Remote Code Execution Exploit

The H2 database contains an alias function which allows for arbitrary Java code to be used. This functionality can be abused to create an exec functionality to pull our payload down and execute it. H2's web interface contains restricts MANY characters, so injecting a payload directly is not...

7.4AI score
Exploits0
Rows per page
Query Builder