Lucene search
K

22 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/02/02 12:0 a.m.4 views

H2O has an External Control of File Name or Path vulnerability

A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...

9.1CVSS6.6AI score0.00629EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2017-2512

Malware in sbrugna...

6.5CVSS6.6AI score0.01941EPSS
Exploits0References4
OSV
OSV
added 2025/03/20 12:32 p.m.7 views

GHSA-5C8J-G96X-CJ78 H2O Vulnerable to Denial of Service (DoS) via `HEAD` Request

A vulnerability in the typeahead endpoint of h2oai/h2o-3 version 3.46.0 allows for a denial of service. The endpoint performs a HEAD request to verify the existence of a specified resource without setting a timeout. An attacker can exploit this by sending multiple requests to an attacker-controll...

7.5CVSS7AI score0.00446EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/03/20 12:32 p.m.11 views

H2O Vulnerable to Denial of Service (DoS) via Large GZIP Parsing

In h2oai/h2o-3 version 3.46.0.2, a vulnerability exists where uploading and repeatedly parsing a large GZIP file can cause a denial of service. The server becomes unresponsive due to memory exhaustion and a large number of concurrent slow-running jobs. This issue arises from the improper handling...

7.5CVSS6.7AI score0.00719EPSS
Exploits1References4Affected Software2
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.2 views

fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6863 via h2o (=3.44.0.3)

h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6863 Source advisory: OSV:GHSA-M37H-8R48-2CXJ...

6.5CVSS6.5AI score0.0033EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.3 views

fluoriclogppka (>=0.1.0 <=0.2.7) potentially affected by CVE-2024-6854 via h2o (=3.44.0.3)

h2o PYPI version =3.44.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on h2o and may be impacted: - fluoriclogppka =0.1.0, =0.2.7 Source cves: CVE-2024-6854 Source advisory: OSV:GHSA-47F6-5P7H-5F3H...

7.1CVSS7AI score0.00693EPSS
Exploits1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

H2O 资源管理错误漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A resource management error vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/Parse endpoint and could lead to a denial of service...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

H2O 安全漏洞

H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A security vulnerability exists in H2O version 3.46.0.1, which stems from the use of a user-specified regular expression in the /3/ParseSetup endpoint, which could lead to a denial of service...

7.5CVSS7.4AI score0.00588EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2025/03/20 12:0 a.m.10 views

H2O Vulnerable to Execution of Arbitrary Files

In h2oai/h2o-3 version 3.46.0, an endpoint exposing a custom EncryptionTool allows an attacker to encrypt any files on the target server with a key of their choosing. The chosen key can also be overwritten, resulting in ransomware-like behavior. This vulnerability makes it possible for an attacke...

6.5CVSS6.8AI score0.0033EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/06/27 7:15 p.m.5 views

CVE-2024-5979

In h2oai/h2o-3 version 3.46.0, the runtool command in the rapids component allows the main function of any class under the water.tools namespace to be called. One such class, MojoConvertTool, crashes the server when invoked with an invalid argument, causing a denial of service...

7.5CVSS6.9AI score
Exploits0References2
vulnersOsv
vulnersOsv
added 2024/06/06 9:30 p.m.3 views

h2o-wave-ml (>=0.3.0 <=0.5.0), insolver (>=0.4.5 <=0.4.15a1) +2 more potentially affected by CVE-2024-5550 via h2o (>=3.18.0.8 <=3.32.0.3)

h2o PYPI version =3.18.0.8, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5550 Source advisory: OSV:GHSA-X234-R5FG-X52M...

5.3CVSS6AI score0.00835EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/02/15 4:43 a.m.3 views

SUSE CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.5AI score0.03636EPSS
Exploits0References3
NVD
NVD
added 2017/12/22 2:29 p.m.18 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.3AI score0.03636EPSS
Exploits0References2
NVD
NVD
added 2017/12/22 2:29 p.m.22 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.5CVSS7.3AI score0.03467EPSS
Exploits0References2
OSV
OSV
added 2017/12/22 2:29 p.m.19 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.5CVSS7.6AI score
Exploits0References2
OSV
OSV
added 2017/12/22 2:29 p.m.16 views

CVE-2017-10872

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...

6.5CVSS6.6AI score
Exploits0References2
OSV
OSV
added 2017/12/22 2:29 p.m.15 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.6AI score
Exploits0References2
UbuntuCve
UbuntuCve
added 2017/12/22 2:29 p.m.20 views

CVE-2017-10868

H2O version 2.2.2 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/1 header...

7.5CVSS7.1AI score0.03467EPSS
Exploits0References2
OSV
OSV
added 2017/12/22 2:29 p.m.4 views

UBUNTU-CVE-2017-10872

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via unspecified vectors...

6.5CVSS7.2AI score0.01941EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2017/12/22 2:0 p.m.19 views

CVE-2017-10908

H2O version 2.2.3 and earlier allows remote attackers to cause a denial of service in the server via specially crafted HTTP/2 header...

7.5CVSS7.4AI score0.03636EPSS
Exploits0
Rows per page
Query Builder