Lucene search
K

181 matches found

ATTACKERKB
ATTACKERKB
added 2022/11/23 9:15 p.m.6 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References7
Prion
Prion
added 2022/11/23 9:15 p.m.21 views

Default credentials

DISPUTED The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access...

4.3CVSS7.7AI score0.00301EPSS
Exploits1References4Affected Software1
UbuntuCve
UbuntuCve
added 2022/11/23 9:15 p.m.58 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.47 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS8.5AI score0.00301EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

H2database 安全漏洞

H2database is an embeddable Rdbms written in Java. A security vulnerability exists in H2database version 2.1.214, which stems from the fact that the web-based administration console can be started via the CLI with the parameter -webAdminPassword, which allows a user to specify the password for th...

8.4CVSS7AI score0.00301EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.18 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References6
CVE
CVE
added 2022/11/23 12:0 a.m.204 views

CVE-2022-45868

CVE-2022-45868 affects H2 Database Engine prior to 2.2.220. The web-based admin console can be started from the CLI with the -webAdminPassword argument, allowing the password to be passed in cleartext and discovered by a local user or someone with local access by listing processes and their argum...

8.4CVSS7.7AI score0.00301EPSS
Exploits1References6Affected Software1
Debian CVE
Debian CVE
added 2022/11/23 12:0 a.m.26 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS7.1AI score0.00301EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.5 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.9 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Check Point Advisories
Check Point Advisories
added 2022/11/03 12:0 a.m.6 views

H2 Database Remote Code Execution (CVE-2022-23221)

A remote code execution vulnerability exists in H2 Database console. This vulnerability is due to improper input validation when handling a specific JDBC URL...

10CVSS2.4AI score0.64766EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.6 views

PT-2025-5826 · Apache · Apache Shardingsphere Elasticjob-Ui

Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions prior to 3.0.2 Description: The issue allows an attacker to perform remote code execution RCE by constructing a special JDBC URL of the H2 database. The premise of this attack is that the attacker...

8.5CVSS7.2AI score0.00671EPSS
Exploits0References7
NVD
NVD
added 2022/10/26 7:15 p.m.19 views

CVE-2022-39361

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

8.8CVSS0.00967EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 7:15 p.m.18 views

Design/Logic Flaw

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

6.5CVSS8.8AI score0.00967EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/26 12:0 a.m.75 views

CVE-2022-39361

Metabase (data visualization platform) contains a CVE-2022-39361 affecting H2 (Sample Database) prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, enabling Remote Code Execution when a user can write SQL queries against H2. The issue is mitigated by disallowing ...

8.8CVSS9AI score0.00967EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.5 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:54 p.m.9 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.2 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Rows per page
Query Builder