Lucene search
K

191 matches found

Check Point Advisories
Check Point Advisories
added 2022/11/03 12:0 a.m.24 views

H2 Database Remote Code Execution (CVE-2022-23221)

A remote code execution vulnerability exists in H2 Database console. This vulnerability is due to improper input validation when handling a specific JDBC URL...

10CVSS2.4AI score0.64766EPSS
Exploits4
Positive Technologies
Positive Technologies
added 2022/11/01 12:0 a.m.7 views

PT-2025-5826 · Apache · Apache Shardingsphere Elasticjob-Ui

Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions prior to 3.0.2 Description: The issue allows an attacker to perform remote code execution RCE by constructing a special JDBC URL of the H2 database. The premise of this attack is that the attacker...

8.5CVSS7.2AI score0.00671EPSS
Exploits0References7
NVD
NVD
added 2022/10/26 7:15 p.m.19 views

CVE-2022-39361

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

8.8CVSS0.00967EPSS
Exploits0References1
Prion
Prion
added 2022/10/26 7:15 p.m.18 views

Design/Logic Flaw

Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...

6.5CVSS8.8AI score0.00967EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2022/10/26 12:0 a.m.77 views

CVE-2022-39361

Metabase (data visualization platform) contains a CVE-2022-39361 affecting H2 (Sample Database) prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, enabling Remote Code Execution when a user can write SQL queries against H2. The issue is mitigated by disallowing ...

8.8CVSS9AI score0.00967EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2022/10/04 4:2 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 4:0 p.m.5 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:54 p.m.9 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/06/06 3:11 p.m.3 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
GithubExploit
GithubExploit
added 2022/06/04 4:46 p.m.452 views

Exploit for Path Traversal in Wso2 Api_Manager

Better CVE-2022-29464 Certain WSO2 products allow unrestricte...

10CVSS10AI score0.99999EPSS
Exploits22
OSV
OSV
added 2022/04/05 3:14 p.m.5 views

USN-5365-1 h2database vulnerabilities

It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...

10CVSS7.4AI score0.64766EPSS
Exploits6References3
RedHat Linux
RedHat Linux
added 2022/03/22 3:33 p.m.3 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2022/02/22 12:0 a.m.268 views

H2 Database JNDI Lookup RCE (CVE-2021-42392)

Binary data h2databasecve-2021-42392.nbin...

10CVSS9.7AI score0.63211EPSS
Exploits3References4
0day.today
0day.today
added 2022/01/25 12:0 a.m.364 views

H2 Database Console Remote Code Execution Exploit

The H2 Database console suffers from an unauthenticated remote code execution vulnerability. Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL databas...

9.8CVSS0.9AI score0.64766EPSS
Exploits4
Packet Storm
Packet Storm
added 2022/01/25 12:0 a.m.320 views

H2 Database Console Remote Code Execution

Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...

0.1AI score0.64766EPSS
Exploits4
Check Point Advisories
Check Point Advisories
added 2022/01/23 12:0 a.m.13 views

H2 Database Console Remote Code Execution (CVE-2021-42392)

A remote code execution vulnerability exists in H2 Database Console. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.7AI score0.63211EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2022/01/21 11:7 p.m.7 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +5756 more potentially affected by CVE-2022-23221 via com.h2database:h2 (>=1.0.63 <=2.0.206)

com.h2database:h2 MAVEN version =1.0.63, =1.0.0, =1.0.0, =0.5.0, =0.5.0, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.5.2, =0.9.6, =1.0, =1.0.0, =1.0.5 and more Source cves: CVE-2022-23221 Source advisory: OSV:GHSA-45HX-WFHJ-473X...

10CVSS7.1AI score0.64766EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2022/01/11 4:53 p.m.48 views

CVE-2021-42392

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS5.3AI score0.63211EPSS
Exploits3References4
CNVD
CNVD
added 2022/01/11 12:0 a.m.159 views

H2 database code issue vulnerability

H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...

10CVSS9.5AI score0.63211EPSS
Exploits3References1
hivepro
hivepro
added 2022/01/10 4:0 p.m.37 views

A similar vulnerability like Log4shell discovered in H2 database console

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...

10CVSS2.2AI score0.63211EPSS
Exploits3
Rows per page
Query Builder