Lucene search
K

191 matches found

CNNVD
CNNVD
added 2023/06/12 12:0 a.m.21 views

Apache NiFi 代码注入漏洞

Apache NiFi is a data processing and distribution system from the Apache USA Foundation. The system is primarily used for data routing, transformation, and system brokering logic. A code injection vulnerability exists in Apache NiFi versions 0.0.2 through 1.21.0 that originates from allowing...

8.8CVSS8.4AI score0.63633EPSS
Exploits9References6
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.5 views

SUSE CVE-2018-10054

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

8.8CVSS9.1AI score0.34986EPSS
Exploits2References3
Veracode
Veracode
added 2022/11/24 9:7 a.m.36 views

Information Disclosure

H2 Database Engine is vulnerable to information disclosure. The vulnerability is caused by the webAdminPassword argument, which allows an administrator to specify the password in plaintext. An attacker can get the password for the H2 web admin console by looking at the running processes...

8.4CVSS7.1AI score0.00301EPSS
Exploits1References7Affected Software1
vulnersOsv
vulnersOsv
added 2022/11/23 9:30 p.m.4 views

africa.absa:inception-application (>=1.0.0 <=1.2.0), africa.absa:inception-test (>=1.0.0 <=1.2.0) +4076 more potentially affected by CVE-2022-45868 via com.h2database:h2 (>=1.4.198 <=2.1.214)

com.h2database:h2 MAVEN version =1.4.198, =1.0.0, =1.0.0, =0.5.2, =0.5.2, =0.1.0, =0.2.0, =0.2.0, =0.9.6, =1.2.0, =1.0, =1.0.12 - br.com.caiquejh:spring-sample =1.0.0 and more Source cves: CVE-2022-45868 Source advisory: OSV:GHSA-22WJ-VF5F-WRVJ...

8.4CVSS7.1AI score0.00301EPSS
Exploits1
OSV
OSV
added 2022/11/23 9:30 p.m.26 views

GHSA-22WJ-VF5F-WRVJ Password exposure in H2 Database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

7.8CVSS7.8AI score0.00301EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2022/11/23 9:30 p.m.44 views

Password exposure in H2 Database

The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS7.3AI score0.00301EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2022/11/23 9:15 p.m.41 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS0.00301EPSS
Exploits1References6
OSV
OSV
added 2022/11/23 9:15 p.m.2 views

DEBIAN-CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

7.8CVSS7.5AI score0.00301EPSS
Exploits1References1
Prion
Prion
added 2022/11/23 9:15 p.m.22 views

Default credentials

DISPUTED The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access...

4.3CVSS7.7AI score0.00301EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/11/23 9:15 p.m.7 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References7
UbuntuCve
UbuntuCve
added 2022/11/23 9:15 p.m.60 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.49 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS8.5AI score0.00301EPSS
Exploits1References6
CVE
CVE
added 2022/11/23 12:0 a.m.205 views

CVE-2022-45868

CVE-2022-45868 affects H2 Database Engine prior to 2.2.220. The web-based admin console can be started from the CLI with the -webAdminPassword argument, allowing the password to be passed in cleartext and discovered by a local user or someone with local access by listing processes and their argum...

8.4CVSS7.7AI score0.00301EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2022/11/23 12:0 a.m.4 views

H2database 安全漏洞

H2database is an embeddable Rdbms written in Java. A security vulnerability exists in H2database version 2.1.214, which stems from the fact that the web-based administration console can be started via the CLI with the parameter -webAdminPassword, which allows a user to specify the password for th...

8.4CVSS7AI score0.00301EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2022/11/23 12:0 a.m.18 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS6.8AI score0.00301EPSS
Exploits1References6
OSV
OSV
added 2022/11/23 12:0 a.m.9 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS8.3AI score0.00301EPSS
Exploits1References8
Debian CVE
Debian CVE
added 2022/11/23 12:0 a.m.27 views

CVE-2022-45868

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user or an attacker that has obtained local access through...

8.4CVSS7.1AI score0.00301EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2022/11/03 3:14 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:55 p.m.6 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
RedHat Linux
RedHat Linux
added 2022/11/03 2:54 p.m.9 views

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

10CVSS7.4AI score0.63211EPSS
Exploits3References5
Rows per page
Query Builder