191 matches found
H2 Database Remote Code Execution (CVE-2022-23221)
A remote code execution vulnerability exists in H2 Database console. This vulnerability is due to improper input validation when handling a specific JDBC URL...
PT-2025-5826 · Apache · Apache Shardingsphere Elasticjob-Ui
Name of the Vulnerable Software and Affected Versions: Apache ShardingSphere ElasticJob-UI versions prior to 3.0.2 Description: The issue allows an attacker to perform remote code execution RCE by constructing a special JDBC URL of the H2 database. The premise of this attack is that the attacker...
CVE-2022-39361
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...
Design/Logic Flaw
Metabase is data visualization software. Prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, H2 Sample Database could allow Remote Code Execution RCE, which can be abused by users able to write SQL queries on H2 databases. This issue is patched in versions 0.44.5...
CVE-2022-39361
Metabase (data visualization platform) contains a CVE-2022-39361 affecting H2 (Sample Database) prior to versions 0.44.5, 1.44.5, 0.43.7, 1.43.7, 0.42.6, 1.42.6, 0.41.9, and 1.41.9, enabling Remote Code Execution when a user can write SQL queries against H2. The issue is mitigated by disallowing ...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
Exploit for Path Traversal in Wso2 Api_Manager
Better CVE-2022-29464 Certain WSO2 products allow unrestricte...
USN-5365-1 h2database vulnerabilities
It was discovered that H2 was vulnerable to deserialization of untrusted data. An attacker could possibly use this issue to execute arbitrary code. CVE-2021-42392 It was discovered that H2 incorrectly handled some specially crafted connection URLs. An attacker could possibly use this issue to...
h2: Remote Code Execution in Console
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
H2 Database JNDI Lookup RCE (CVE-2021-42392)
Binary data h2databasecve-2021-42392.nbin...
H2 Database Console Remote Code Execution Exploit
The H2 Database console suffers from an unauthenticated remote code execution vulnerability. Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL databas...
H2 Database Console Remote Code Execution
Document Title =============== Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221. Product Description =============== The H2 Console Application The Console lets you access a SQL database using a browser interface. Homepage: http://www.h2database.com/html/quickstart.html Affecte...
H2 Database Console Remote Code Execution (CVE-2021-42392)
A remote code execution vulnerability exists in H2 Database Console. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +5756 more potentially affected by CVE-2022-23221 via com.h2database:h2 (>=1.0.63 <=2.0.206)
com.h2database:h2 MAVEN version =1.0.63, =1.0.0, =1.0.0, =0.5.0, =0.5.0, =0.1.0, =0.2.0, =0.2.0, =1.0.0, =0.5.2, =0.9.6, =1.0, =1.0.0, =1.0.5 and more Source cves: CVE-2022-23221 Source advisory: OSV:GHSA-45HX-WFHJ-473X...
CVE-2021-42392
A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...
H2 database code issue vulnerability
H2 database is an embeddable Rdbms written in Java . A code issue vulnerability exists in H2 database, which stems from the H2 database's getConnection method taking the driver's class name and the database's URL as parameters, which can be exploited by an attacker to pass the name of the JNDI...
A similar vulnerability like Log4shell discovered in H2 database console
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An unauthenticated remote code execution vulnerability similar to Log4shell has been discovered in H2 Database a popular Java SQL database console and has been assigned CVE-2021-42392. It is claimed to be similar to the...