15 matches found
Astra Linux - уязвимость в h2database
The H2 Console before version 2.1.210 allowed remote attackers to execute arbitrary code through a jdbc:h2:mem JDBC URL that contained the IGNOREUNKNOWNSETTINGS=TRUE;FORBID CREATION=FALSE;INIT=RUNSCRIPT substring. This is a different vulnerability than CVE-2021-42392. source-iocs-preserved...
Ubuntu: Security Advisory (USN-6834-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
h2database.com Improper Access Control vulnerability OBB-3705252
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
h2database.com Improper Access Control vulnerability OBB-3198031
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Ubuntu: Security Advisory (USN-5365-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
h2database.com Improper Access Control vulnerability OBB-2424438
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Debian: Security Advisory (DSA-5076-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-5076-1 : h2database - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5076 advisory. Security researchers of JFrog Security and Ismail Aydemir discovered two remote code execution vulnerabilities in the H2 Java SQL database engine which can b...
Debian: Security Advisory (DLA-2923-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 5076-1] h2database security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5076-1 [email protected] https://www.debian.org/security/ Markus Koschany February 15, 2022 https://www.debian.org/security/faq -...
[SECURITY] [DLA 2923-1] h2database security update
Debian LTS Advisory DLA-2923-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany February 15, 2022 https://wiki.debian.org/LTS Package : h2database Version : 1.4.193-1+deb9u1 CVE ID : CVE-2021-42392 CVE-2022-23221 Debian Bug : 1003894 Security researchers of JFrog...
Debian DLA-2923-1 : h2database - LTS security update
The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2923 advisory. - The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass ...
Exploit for Deserialization of Untrusted Data in H2Database H2
CVE-2021-42392-Detect About The script detects vulnerable H2...
CVE-2021-23463
A flaw was found in the h2database. This flaw allows an attacker to benefit from XML External Entity XXE Injection via the org.h2.jdbc.JdbcSQLXML class object. A user may trigger the vulnerability by sending malicious data...
POODLE Attack
h2database is vulnerable to POODLE attacks. The library defaults to SSLv3 for secure anonymous connections which is vulnerable to POODLE attacks...