Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.5
CVSSv2

CVE-2018-10054

Published: 11/04/2018 Updated: 11/04/2024
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to H2

Vulnerability Summary

H2 1.4.197, as used in Datomic prior to 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

h2database h2 1.4.197

cognitect datomic

Vendor Advisories

Hitachi Security Advisories: Multiple Vulnerabilities in Hitachi Ops Center Analyzer viewpoint
Multiple vulnerabilities have been found in Hitachi Ops Center Analyzer viewpoint CVE-2018-10054, CVE-2018-14335, CVE-2018-20200, CVE-2019-10086, CVE-2019-12086, CVE-2019-12384, CVE-2019-12814, CVE-2019-14379, CVE-2019-14439, CVE-2019-14540, CVE-2019-14892, CVE-2019-14893, CVE-2019-16335, CVE-2019-16942, CVE-2019-16943, CVE-2019-17267, CVE-2019- ...

Github Repositories

https://github.com/guillermo-varela/example-scan-gradle-plugin

Examples of Usage for Sonatype Scan Gradle Plugin This a demo repository showing how to use the Scan Gradle Plugin to analyze open source dependencies in Gradle projects A dependency with vulnerabilities was added to show how the output looks like The file buildgradle has a simple Gradle setup applying the plugin For more options to configure (including usage with credentia

https://github.com/victorsempere/albums_and_photos

Listado de fotos por álbum

Introducción Microservicio en SpringBoot con 3 endpoints: albums-and-photos/db?useType=[arrayList|treeSet] -> Elimina la información que hubiera en memoria Realiza una carga de datos de la web Devuelve la lista de álbumes junto con las fotos que contiene a partir de la información almacenada en base de datos El parámetro useType es

References

CWE-20https://www.exploit-db.com/exploits/44422/https://mthbernardes.github.io/rce/2018/03/14/abusing-h2-database-alias.htmlhttps://forum.datomic.com/t/important-security-update-0-9-5697/379http://blog.datomic.com/2018/03/important-security-update.htmlhttps://lists.apache.org/thread.html/582d4165de6507b0be82d5a6f9a1ce392ec43a00c9fed32bacf7fe1e%40%3Cuser.ignite.apache.org%3Ehttps://lists.apache.org/thread.html/r8aaf4ee16bbaf6204731d4770d96ebb34b258cd79b491f9cdd7f2540%40%3Ccommits.nifi.apache.org%3Ehttps://github.com/h2database/h2database/issues/1225https://github.com/h2database/h2database/issues/3099https://github.com/h2database/h2database/issues/1808#issuecomment-599203115https://nvd.nist.govhttps://github.com/guillermo-varela/example-scan-gradle-pluginhttps://github.com/victorsempere/albums_and_photoshttps://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2020-109/index.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook