Apache Derby
8 CVEs affecting Apache Derby. Latest disclosed: 2023-11-20. Critical: 2, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-46337 | Critical | 9.8 | 2023-11-20 | A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk b… |
CVE-2015-1832 | Critical | 9.1 | 2016-10-03 | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-d… |
CVE-2010-2232 | High | 7.5 | 2017-10-23 | In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file. |
CVE-2018-1313 | Medium | 5.3 | 2018-05-07 | In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and… |
CVE-2009-4269 | | 2010-08-16 | The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the… | |
CVE-2006-7217 | | 2007-07-05 | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to… | |
CVE-2006-7216 | | 2007-07-05 | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privile… | |
CVE-2005-4849 | | 2005-12-31 | Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the outpu… |