Every CVE whose affected-product data names H2database H2, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-42392 — CVSS 9.8 (critical): The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database…
CVE-2022-23221 — CVSS 9.8 (critical): H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the…
CVE-2018-10054 — CVSS 8.8 (high): H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary…
CVE-2022-45868 — CVSS 8.4 (high): The web-based admin console in H2 Database Engine before 2.2.220 can be started via the CLI with the argument -webAdminPassword, which…
CVE-2021-23463 — CVSS 8.1 (high): The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the…
CVE-2018-14335 — CVSS 6.5 (medium): An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files…