Lucene search
+L

130 matches found

Cvelist
Cvelist
added 2023/11/20 8:49 a.m.41 views

CVE-2022-46337 Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

10AI score0.01418EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/11/20 8:49 a.m.16 views

CVE-2022-46337 Apache Derby: LDAP injection vulnerability in authenticator

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

9.8AI score0.01418EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/11/19 12:0 a.m.5 views

PT-2023-8191

Name of the Vulnerable Software and Affected Versions Apache Derby versions prior to 10.17.1.0 Description A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. ...

10CVSS6.9AI score0.01418EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2023/11/03 12:0 a.m.5 views

PT-2023-8980

Name of the Vulnerable Software and Affected Versions Ivanti Avalanche Printer Device Service affected versions not specified Description The issue is related to errors in the configuration of Apache Derby used by the Printer Device Service. Exploitation of this issue may allow an attacker to...

7.8CVSS7.3AI score0.0046EPSS
Exploits0References11
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/31 2:10 p.m.58 views

Security Bulletin: Multiple vulnerabilities in Open Source software used by Cloud Pak System

Summary Multiple vulnerabilities in Open Source software used by Cloud Pak System. IBM Cloud Pak System has addressed those vulnerabilities. Vulnerability Details CVEID:CVE-2015-1832 DESCRIPTION: Apache Derby could allow a remote attacker to obtain sensitive information, caused by a XML external...

9.5AI score0.42983EPSS
Exploits16Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.6 views

SUSE CVE-2005-4849

Apache Derby before 10.1.2.1 exposes the 1 user and 2 password attributes in cleartext via a the RDBNAM parameter of the ACCSEC command and b the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information...

5CVSS7.1AI score0.02451EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-7216

Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables...

4CVSS7.2AI score0.02175EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.4 views

SUSE CVE-2006-7217

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

4CVSS8AI score0.01953EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2022/11/02 4:45 p.m.43 views

Security Bulletin: Vulnerability in Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2018-1313)

Summary Apache Derby 10.3.1.4 to 10.14.1.0 could allow a remote attacker to bypass security restrictions Vulnerability Details CVEID:CVE-2018-1313 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network packets received. By...

5.3CVSS6.6AI score0.04504EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/07/26 11:35 p.m.34 views

Security Bulletin: Apache Derby security vulnerabilities in IBM System Dashboard for Enterprise Content Manager (affected, not vulnerable)

Summary Apache Derby security vulnerabilities in IBM System Dashboard for Enterprise Content Manager affected, not vulnerable Vulnerability Details CVEID:CVE-2018-1313 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by improper validation of network...

5.3CVSS6.9AI score0.04504EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/07/26 3:0 a.m.8 views

OESA-2022-1780 derby security update

Apache Derby, an Apache DB sub-project, is a relational database implemented entirely in Java. Some key advantages include a small footprint, conformance to Java, JDBC, and SQL standards and embedded JDBC driver. Security Fixes: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network...

5.3CVSS7.4AI score0.04504EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/17 12:29 a.m.36 views

Improper Access Control in Apache Derby

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5CVSS3.8AI score0.03797EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/17 12:29 a.m.39 views

GHSA-XPRW-XVVM-VQMV Improper Access Control in Apache Derby

In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file...

7.5CVSS7.4AI score0.03797EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/05/13 1:14 a.m.34 views

Improper Restriction of XML External Entity Reference in Apace Derby

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

9.1CVSS8.6AI score0.12173EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2022/05/13 1:14 a.m.28 views

GHSA-WR69-G62G-2R9H Improper Restriction of XML External Entity Reference in Apace Derby

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

9.1CVSS8.9AI score0.12173EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/05/13 1:2 a.m.21 views

Improper Access Control in Apache Derby

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS1.7AI score0.04504EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2022/05/13 1:2 a.m.35 views

GHSA-42XW-P62X-HWCF Improper Access Control in Apache Derby

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

5.3CVSS6.7AI score0.04504EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2022/05/02 3:53 a.m.30 views

Use of Password Hash With Insufficient Computational Effort in Apache Derby

The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that makes it easier for local and possibly remote attackers to...

2.1CVSS2AI score0.01426EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/01 7:45 a.m.30 views

Apache Derby SQL Injection

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

4CVSS7.8AI score0.01953EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2022/05/01 7:45 a.m.40 views

GHSA-V7CQ-PQ7V-MH5V Apache Derby SQL Injection

Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...

4CVSS9.2AI score0.01953EPSS
Exploits0References7
Rows per page
Query Builder