admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2021/42xxx/CVE-2021-42392.json

101 lines
3.9 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2021-10-14 19:00:58 +00:00
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2021-42392",
"-Synchronized-Data."
2022-01-07 23:01:05 +00:00
"ASSIGNER": "security@jfrog.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "h2database",
"product": {
"product_data": [
{
"product_name": "h2",
"version": {
"version_data": [
{
"version_name": "",
"version_affected": ">=",
"version_value": "1.1.000",
"platform": ""
},
{
"version_name": "",
"version_affected": "<=",
"version_value": "2.0.204",
"platform": ""
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502"
}
]
}
]
"-Synchronized-Data."
2021-10-14 19:00:58 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2022-01-07 23:01:05 +00:00
"value": "The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution."
"-Synchronized-Data."
2021-10-14 19:00:58 +00:00
}
]
"-Synchronized-Data."
2022-01-07 23:01:05 +00:00
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6",
"name": "https://github.com/h2database/h2database/security/advisories/GHSA-h376-j262-vhq6"
"-Synchronized-Data."
2022-01-12 17:01:06 +00:00
},
"-Synchronized-Data."
2022-02-15 02:01:17 +00:00
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"
"-Synchronized-Data."
2022-02-16 16:01:21 +00:00
},
{
"refsource": "DEBIAN",
"name": "DSA-5076",
"url": "https://www.debian.org/security/2022/dsa-5076"
Oracle Critical Patch Updates 2022 April 3rd party CVEs part2 Committer: BSITU <BSITU@BSITU-7320.us.oracle.com> On branch cna/Oracle/CPU2022Apr3rdPart2 Changes to be committed: modified: 2021/22xxx/CVE-2021-22897.json modified: 2021/22xxx/CVE-2021-22898.json modified: 2021/22xxx/CVE-2021-22901.json modified: 2021/22xxx/CVE-2021-22946.json modified: 2021/22xxx/CVE-2021-22947.json modified: 2021/23xxx/CVE-2021-23017.json modified: 2021/23xxx/CVE-2021-23450.json modified: 2021/23xxx/CVE-2021-23463.json modified: 2021/23xxx/CVE-2021-23839.json modified: 2021/23xxx/CVE-2021-23840.json modified: 2021/23xxx/CVE-2021-23841.json modified: 2021/25xxx/CVE-2021-25219.json modified: 2021/26xxx/CVE-2021-26291.json modified: 2021/27xxx/CVE-2021-27568.json modified: 2021/27xxx/CVE-2021-27807.json modified: 2021/27xxx/CVE-2021-27906.json modified: 2021/28xxx/CVE-2021-28163.json modified: 2021/28xxx/CVE-2021-28164.json modified: 2021/28xxx/CVE-2021-28165.json modified: 2021/28xxx/CVE-2021-28168.json modified: 2021/28xxx/CVE-2021-28169.json modified: 2021/28xxx/CVE-2021-28170.json modified: 2021/28xxx/CVE-2021-28657.json modified: 2021/29xxx/CVE-2021-29425.json modified: 2021/29xxx/CVE-2021-29505.json modified: 2021/29xxx/CVE-2021-29921.json modified: 2021/30xxx/CVE-2021-30129.json modified: 2021/30xxx/CVE-2021-30468.json modified: 2021/31xxx/CVE-2021-31799.json modified: 2021/31xxx/CVE-2021-31810.json modified: 2021/31xxx/CVE-2021-31811.json modified: 2021/31xxx/CVE-2021-31812.json modified: 2021/32xxx/CVE-2021-32066.json modified: 2021/32xxx/CVE-2021-32626.json modified: 2021/32xxx/CVE-2021-32627.json modified: 2021/32xxx/CVE-2021-32628.json modified: 2021/32xxx/CVE-2021-32672.json modified: 2021/32xxx/CVE-2021-32675.json modified: 2021/32xxx/CVE-2021-32687.json modified: 2021/32xxx/CVE-2021-32762.json modified: 2021/32xxx/CVE-2021-32785.json modified: 2021/32xxx/CVE-2021-32786.json modified: 2021/32xxx/CVE-2021-32791.json modified: 2021/32xxx/CVE-2021-32792.json modified: 2021/33xxx/CVE-2021-33037.json modified: 2021/33xxx/CVE-2021-33193.json modified: 2021/33xxx/CVE-2021-33560.json modified: 2021/33xxx/CVE-2021-33813.json modified: 2021/33xxx/CVE-2021-33880.json modified: 2021/34xxx/CVE-2021-34428.json modified: 2021/34xxx/CVE-2021-34429.json modified: 2021/34xxx/CVE-2021-34798.json modified: 2021/35xxx/CVE-2021-35043.json modified: 2021/35xxx/CVE-2021-35515.json modified: 2021/35xxx/CVE-2021-35516.json modified: 2021/35xxx/CVE-2021-35517.json modified: 2021/36xxx/CVE-2021-36090.json modified: 2021/36xxx/CVE-2021-36160.json modified: 2021/36xxx/CVE-2021-36373.json modified: 2021/36xxx/CVE-2021-36374.json modified: 2021/37xxx/CVE-2021-37136.json modified: 2021/37xxx/CVE-2021-37137.json modified: 2021/37xxx/CVE-2021-37714.json modified: 2021/38xxx/CVE-2021-38153.json modified: 2021/39xxx/CVE-2021-39139.json modified: 2021/39xxx/CVE-2021-39140.json modified: 2021/39xxx/CVE-2021-39141.json modified: 2021/39xxx/CVE-2021-39144.json modified: 2021/39xxx/CVE-2021-39145.json modified: 2021/39xxx/CVE-2021-39146.json modified: 2021/39xxx/CVE-2021-39147.json modified: 2021/39xxx/CVE-2021-39148.json modified: 2021/39xxx/CVE-2021-39149.json modified: 2021/39xxx/CVE-2021-39150.json modified: 2021/39xxx/CVE-2021-39151.json modified: 2021/39xxx/CVE-2021-39152.json modified: 2021/39xxx/CVE-2021-39153.json modified: 2021/39xxx/CVE-2021-39154.json modified: 2021/39xxx/CVE-2021-39275.json modified: 2021/3xxx/CVE-2021-3156.json modified: 2021/3xxx/CVE-2021-3200.json modified: 2021/3xxx/CVE-2021-3326.json modified: 2021/3xxx/CVE-2021-3449.json modified: 2021/3xxx/CVE-2021-3450.json modified: 2021/3xxx/CVE-2021-3517.json modified: 2021/3xxx/CVE-2021-3518.json modified: 2021/3xxx/CVE-2021-3520.json modified: 2021/3xxx/CVE-2021-3537.json modified: 2021/3xxx/CVE-2021-3572.json modified: 2021/3xxx/CVE-2021-3711.json modified: 2021/3xxx/CVE-2021-3712.json modified: 2021/3xxx/CVE-2021-3807.json modified: 2021/40xxx/CVE-2021-40438.json modified: 2021/40xxx/CVE-2021-40690.json modified: 2021/41xxx/CVE-2021-41099.json modified: 2021/41xxx/CVE-2021-41164.json modified: 2021/41xxx/CVE-2021-41165.json modified: 2021/41xxx/CVE-2021-41182.json modified: 2021/41xxx/CVE-2021-41183.json modified: 2021/41xxx/CVE-2021-41184.json modified: 2021/41xxx/CVE-2021-41617.json modified: 2021/41xxx/CVE-2021-41973.json modified: 2021/42xxx/CVE-2021-42013.json modified: 2021/42xxx/CVE-2021-42340.json modified: 2021/42xxx/CVE-2021-42392.json modified: 2021/42xxx/CVE-2021-42717.json modified: 2021/43xxx/CVE-2021-43527.json modified: 2021/43xxx/CVE-2021-43797.json modified: 2021/43xxx/CVE-2021-43818.json modified: 2021/43xxx/CVE-2021-43859.json modified: 2021/44xxx/CVE-2021-44224.json modified: 2021/44xxx/CVE-2021-44228.json modified: 2021/44xxx/CVE-2021-44531.json modified: 2021/44xxx/CVE-2021-44532.json modified: 2021/44xxx/CVE-2021-44533.json modified: 2021/44xxx/CVE-2021-44790.json modified: 2021/44xxx/CVE-2021-44832.json modified: 2021/45xxx/CVE-2021-45046.json modified: 2021/45xxx/CVE-2021-45105.json modified: 2021/4xxx/CVE-2021-4034.json modified: 2021/4xxx/CVE-2021-4104.json modified: 2021/4xxx/CVE-2021-4133.json modified: 2021/4xxx/CVE-2021-4160.json modified: 2021/4xxx/CVE-2021-4181.json modified: 2021/4xxx/CVE-2021-4182.json modified: 2021/4xxx/CVE-2021-4183.json modified: 2021/4xxx/CVE-2021-4184.json modified: 2021/4xxx/CVE-2021-4185.json modified: 2022/0xxx/CVE-2022-0391.json modified: 2022/0xxx/CVE-2022-0778.json modified: 2022/20xxx/CVE-2022-20612.json modified: 2022/20xxx/CVE-2022-20613.json modified: 2022/20xxx/CVE-2022-20614.json modified: 2022/20xxx/CVE-2022-20615.json modified: 2022/21xxx/CVE-2022-21271.json modified: 2022/21xxx/CVE-2022-21375.json modified: 2022/21xxx/CVE-2022-21446.json modified: 2022/21xxx/CVE-2022-21461.json modified: 2022/21xxx/CVE-2022-21463.json modified: 2022/21xxx/CVE-2022-21493.json modified: 2022/21xxx/CVE-2022-21494.json modified: 2022/21xxx/CVE-2022-21716.json modified: 2022/21xxx/CVE-2022-21824.json modified: 2022/22xxx/CVE-2022-22719.json modified: 2022/22xxx/CVE-2022-22720.json modified: 2022/22xxx/CVE-2022-22721.json modified: 2022/22xxx/CVE-2022-22947.json modified: 2022/22xxx/CVE-2022-22963.json modified: 2022/22xxx/CVE-2022-22965.json modified: 2022/23xxx/CVE-2022-23181.json modified: 2022/23xxx/CVE-2022-23221.json modified: 2022/23xxx/CVE-2022-23302.json modified: 2022/23xxx/CVE-2022-23305.json modified: 2022/23xxx/CVE-2022-23307.json modified: 2022/23xxx/CVE-2022-23437.json modified: 2022/23xxx/CVE-2022-23852.json modified: 2022/23xxx/CVE-2022-23943.json modified: 2022/23xxx/CVE-2022-23990.json modified: 2022/24xxx/CVE-2022-24329.json modified: 2022/25xxx/CVE-2022-25235.json modified: 2022/25xxx/CVE-2022-25236.json modified: 2022/25xxx/CVE-2022-25313.json modified: 2022/25xxx/CVE-2022-25314.json modified: 2022/25xxx/CVE-2022-25315.json
2022-04-19 16:28:20 -07:00
},
{
"-Synchronized-Data."
2022-04-20 00:01:41 +00:00
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"refsource": "MISC",
"name": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/",
"url": "https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20220119-0001/",
"url": "https://security.netapp.com/advisory/ntap-20220119-0001/"
"-Synchronized-Data."
2022-01-07 23:01:05 +00:00
}
]
},
"impact": {
"cvssv3": {
"SCORE": "9.8"
}
"-Synchronized-Data."
2021-10-14 19:00:58 +00:00
}
}
Reference in New Issue Copy Permalink