USN-5365-1: H2 vulnerabilities

Read Time:16 Second

It was discovered that H2 was vulnerable to deserialization of
untrusted data. An attacker could possibly use this issue to
execute arbitrary code. (CVE-2021-42392)

It was discovered that H2 incorrectly handled some specially
crafted connection URLs. An attacker could possibly use this
issue to execute arbitrary code. (CVE-2022-23221)

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Posted by Artur Janicki via Fulldisclosure on Apr 26 [APOLOGIES FOR CROSS-POSTING] CALL FOR PAPERS 14th International Workshop on Cyber...

April 27, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Posted by Daniel Owens via Fulldisclosure on Apr 26 Inedo ProGet 2024.22 and below are vulnerable to unauthenticated denial of...

April 27, 2025

Ruby on Rails Cross-Site Request Forgery

Posted by Daniel Owens via Fulldisclosure on Apr 26 Good morning. All current versions and all versions since the 2022/2023...

April 27, 2025

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Posted by hyp3rlinx on Apr 26 [-] Microsoft ".library-ms" File / NTLM Information Disclosure Spoofing (Resurrected 2025) / CVE-2025-24054 [+]...

April 27, 2025

kappanhang-0-0.3.20250427gitdffb773.fc41

FEDORA-2025-eecb0ea534 Packages in this update: kappanhang-0-0.3.20250427gitdffb773.fc41 Update description: Update to git snapshot dffb773 Read More

April 27, 2025

A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution

A vulnerability has been discovered in SAP NetWeaver Visual Composer, which could allow for remote code execution. SAP NetWeaver Visual...

April 25, 2025

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

Popular LLMs Found to Produce Vulnerable Code by Default

Hackers access sensitive SIM card data at South Korea’s largest telecoms company

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Ruby on Rails Cross-Site Request Forgery

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

kappanhang-0-0.3.20250427gitdffb773.fc41

A Vulnerability in SAP NetWeaver Visual Composer Could Allow for Remote Code Execution