Skip to main content

H2

5 CVEs product

Monthly

CVE-2023-26964 Cargo HIGH POC PATCH This Week

An issue was discovered in hyper v0.13.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2 Hyper
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2022-45868 Maven HIGH POC PATCH This Week

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-23463 Maven CRITICAL POC PATCH Act Now

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE H2
NVD GitHub
CVSS 3.1
9.1
EPSS
3.3%
CVE-2018-14335 MEDIUM POC THREAT This Month

An issue was discovered in H2 1.4.197. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
13.4%
CVE-2018-10054 Maven HIGH POC PATCH THREAT Act Now

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Datomic H2
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
35.0%
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in hyper v0.13.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service H2 Hyper
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub
EPSS 3% CVSS 9.1
CRITICAL POC PATCH Act Now

The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XXE H2
NVD GitHub
EPSS 13% CVSS 6.5
MEDIUM POC THREAT This Month

An issue was discovered in H2 1.4.197. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2
NVD GitHub Exploit-DB
EPSS 35% CVSS 8.8
HIGH POC PATCH THREAT Act Now

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Datomic +1
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy