22 matches found
H2O has an External Control of File Name or Path vulnerability
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...
EUVD-2017-2512
Malware in sbrugna...
GHSA-5C8J-G96X-CJ78 H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request
A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...
H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing
In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...
fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6863 via h2o (=3.44.0.3)
h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6863 Source advisory: OSV:GHSA-M37H-8R48-2CXJ...
fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6854 via h2o (=3.44.0.3)
h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6854 Source advisory: OSV:GHSA-47F6-5P7H-5F3H...
H2O 资源管理错误漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/Parse endpoint and could lead to a denial of service...
H2O 安全漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/ParseSetup endpoint, which could lead to a denial of service...
H2O Vulnerable to Execution of Arbitrary Files
In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...
CVE-2024-5979
In h2oai/h2o-3 version 3.46.0, the runtool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of service...
h2o-wave-ml (>=0.3.0 <=0.5.0), insolver (>=0.4.5 <=0.4.15a1) +2 more potentially affected by CVE-2024-5550 via h2o (>=3.18.0.8 <=3.32.0.3)
h2o PYPI version =3.18.0.8, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5550 Source advisory: OSV:GHSA-X234-R5FG-X52M...
SUSE CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
CVE-2017-10872
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...
CVE-2017-10868
H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...
UBUNTU-CVE-2017-10872
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...
CVE-2017-10908
H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...