Vulnerabilities > H2O

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-14	CVE-2023-6569	Externally Controlled Reference to a Resource in Another Sphere vulnerability in H2O 3.40.0.4 External Control of File Name or Path in h2oai/h2o-3 network low complexity h2o CWE-610	8.2
2023-11-16	CVE-2023-6013	Unspecified vulnerability in H2O H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. network low complexity h2o	5.4
2023-11-16	CVE-2023-6017	Unspecified vulnerability in H2O H2O included a reference to an S3 bucket that no longer existed allowing an attacker to take over the S3 bucket URL. local low complexity h2o	7.1
2023-11-16	CVE-2023-6038	Missing Authorization vulnerability in H2O A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. network low complexity h2o CWE-862	7.5
2023-11-16	CVE-2023-6016	Unspecified vulnerability in H2O An attacker is able to gain remote code execution on a server hosting the H2O dashboard through it's POJO model import feature. network low complexity h2o critical	9.8

Vulnerabilities > H2O {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"H2O"}]}