DSA-5995-1 hsqldb1.8.0 - security update

Bulletin has no description...

Linux Distros Unpatched Vulnerability : CVE-2022-41853

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution...

HPE AutoPass License Server 安全漏洞

HPE AutoPass License Server is a license management system from HPE America. A security vulnerability exists in HPE AutoPass License Server versions prior to 9.17, which stems from an hsqldb-related vulnerability that could lead to remote code execution...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

PT-2024-37762 · Filecatalyst · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions up to 5.1.6 Build 139 Description: The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to ...

Huawei EulerOS: Security Advisory for hsqldb (EulerOS-SA-2023-2147)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

SUSE CVE-2022-41853

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

Amazon Linux 2 : hsqldb (ALAS-2023-1914)

The version of hsqldb installed on the remote host is prior to 1.8.1.3-15. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1914 advisory. Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be...

openSUSE 15 Security Update : hsqldb (SUSE-SU-2022:3823-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:3823-1 advisory. - Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code...

hsqldb: Untrusted input may lead to RCE attack

A flaw was found in the HSQLDB package. This flaw allows untrusted inputs to execute remote code due to any static method of any Java class in the classpath, resulting in code execution by default...

Oracle Linux 7 : hsqldb (ELSA-2022-8560)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8560 advisory. 1:1.8.1.3-15 - Fix possible remote code execution vulnerability - Resolves: CVE-2022-41853 Tenable has extracted the preceding description block directly from t...

SUSE SLES12 Security Update : hsqldb (SUSE-SU-2022:3864-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3864-1 advisory. - Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a...

Remote Code Execution

HyperSQL Database is vulnerable to remote code execution. The vulnerability exists in the supportsJavaMethod function of HsqlDatabaseProperties.java due to the untrusted input process allowing an attacker to execute remote codes in the system...

GHSA-77XX-RXVH-Q682 HyperSQL DataBase vulnerable to remote code execution when processing untrusted input

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

UBUNTU-CVE-2022-41853

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

CVE-2022-41853 Remote code execution in HyperSQL DataBase

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

CVE-2022-41853 Remote code execution in HyperSQL DataBase

Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb HyperSQL DataBase to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can...

GHSA-5WM5-8Q42-RHXG File system access via H2 in Apache Ignite

Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem...

SolarWinds Log and Event Manager Static Credentials (CVE-2014-5504)

A policy bypass vulnerability has been reported in SolarWinds Log and Event Manager. The vulnerability is due to the usage of static/default credentials to access the HyperSQL database. A remote attacker can exploit this vulnerability to access the database with administrator privileges...