49 matches found
PYSEC-2026-352 H2O.ai H2O vulnerable to deserialization attacks via a JDBC Connection URL
H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connectionurl property with a...
PYSEC-2026-351 H2O Deserialization of Untrusted Data Vulnerability
A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulnerability exists in the endpoints POST /99/ImportSQLTable and POST /3/SaveToHiveTable, where user-controlled JDBC URLs are...
H2O 代码注入漏洞
H2O is an open-source memory platform for distributed, scalable machine learning developed by H2O.ai. Versions of H2O 3.46.0.9 and earlier contained a code injection vulnerability. This vulnerability stemmed from insufficient security controls in the parameter blacklist mechanism. Attackers could...
fluoriclogppka (>=0.1.0 <=0.2.7), h2o-wave-ml (>=0.3.0 <=0.5.0) +3 more potentially affected by CVE-2024-5986 via h2o (>=3.18.0.8 <=3.44.0.3)
h2o PYPI version =3.18.0.8, =0.1.0, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5986 Source advisory: OSV:GHSA-WJ3H-WX8G-X699...
H2O has an External Control of File Name or Path vulnerability
A vulnerability in h2oai/h2o-3 version 3.46.0.1 allows remote attackers to write arbitrary data to any file on the server. This is achieved by exploiting the /3/Parse endpoint to inject attacker-controlled data as the header of an empty file, which is then exported using the...
CVE-2022-35894
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. The SMI handler for the FwBlockServiceSmm driver uses an untrusted pointer as the location to copy data to an attacker-specified buffer, leading to information disclosure...
Ubuntu 20.04 LTS / 22.04 LTS : H2O vulnerability (USN-7892-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7892-1 advisory. It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to...
USN-7892-1: H2O vulnerability
It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...
USN-7892-1 h2o vulnerability
It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service...
EUVD-2016-5799
Malware in sbrugna...
EUVD-2018-1418
Malware in sbrugna...
EUVD-2017-2547
Malware in sbrugna...
EUVD-2017-2508
Malware in sbrugna...
EUVD-2016-2237
Malware in sbrugna...
amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2025-6544 via h2o (>=3.18.0.8 <=3.46.0.7)
h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...
H2O 代码问题漏洞
H2O is an in-memory platform for distributed, scalable machine learning open-sourced by H2O.ai. A code issue vulnerability exists in H2O version 3.47.0.99999, which stems from a deserialization issue that could lead to arbitrary code execution and system file reads...
Linux Distros Unpatched Vulnerability : CVE-2023-41337
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or...
CVE-2023-6013
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack...
USN-7469-4: H2O vulnerability
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for H2O. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to...
fluoriclogppka (>=0.1.0 <=0.2.7), h2o-wave-ml (>=0.3.0 <=0.5.0) +3 more potentially affected by CVE-2024-8616 via h2o (>=3.18.0.8 <=3.44.0.3)
h2o PYPI version =3.18.0.8, =0.1.0, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-8616 Source advisory: OSV:GHSA-G48V-3P35-88JR...