Apache Derby

8 CVEs affecting Apache Derby. Latest disclosed: 2023-11-20. Critical: 2, High: 1.

Top CVEs affecting Apache Derby
CVESeverityScorePublishedSummary
CVE-2022-46337Critical9.82023-11-20A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk b…
CVE-2015-1832Critical9.12016-10-03XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-d…
CVE-2010-2232High7.52017-10-23In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2018-1313Medium5.32018-05-07In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and…
CVE-2009-42692010-08-16The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the…
CVE-2006-72172007-07-05Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to…
CVE-2006-72162007-07-05Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privile…
CVE-2005-48492005-12-31Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the outpu…