Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
h2database h2 vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2018-14335
An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database file....
H2database H2 1.4.197
1 EDB exploit available
1 Github repository available
6.4
CVSSv2
CVE-2021-23463
The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource()...
H2database H2
3 Github repositories available
NA
CVE-2022-45868
The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained...
H2database H2
2 Github repositories available
6.5
CVSSv2
CVE-2018-10054
H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code....
H2database H2 1.4.197
Cognitect Datomic
1 Github repository available
10
CVSSv2
CVE-2022-23221
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392....
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Console 1.9.0
7 Github repositories available
10
CVSSv2
CVE-2021-42392
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited...
H2database H2
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Oracle Communications Cloud Native Core Policy 1.15.0
19 Github repositories available
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-25675
CVE-2023-21072
physical
CVE-2023-28446
encryption
CVE-2023-21076
server-side request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon