Nacos <1.4.1 - Authentication Bypass

Nacos before version 1.4.1 is vulnerable to authentication bypass because the ConfigOpsController lets the user perform management operations like querying the database or even wiping it out. While the /data/remove endpoint is properly protected with the @Secured annotation, the /derby endpoint i...

Unity Linux 20.1060e / 20.1070e Security Update: derby (UTSA-2026-016640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016640 advisory. In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

Astra Linux - уязвимость в derby

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...

Security Bulletin: Multiple vulnerabilties affects IBM DB2 Data Management Console

Summary sshd-common-2.10.0.jar, dompurify-2.2.7.tgz, derby-10.16.1.1.jar, ion-java-1.2.0.jar dependency packages are being used by IBM Db2 Data Management Console. This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-41909 DESCRIPTION:...

CVE-2025-65951

CVE-2025-65951 affects Inside Track / Entropy Derby. Before commit 2d38d2f , the VDF-based timelock encryption did not enforce sequential delay against the betting operator, enabling bettors to pre-compute the Wesolowski VDF and include the output in encrypted bets. This allowed the house to decr...

CVE-2025-65951 Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage

Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted...

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

EUVD-2006-7195

Malware in sbrugna...

EUVD-2022-5308

Malicious code in bioql PyPI...

EUVD-2022-5628

Malicious code in bioql PyPI...

EUVD-2022-5206

Malicious code in bioql PyPI...

EUVD-2022-3779

Malicious code in bioql PyPI...

EUVD-2022-5837

Malicious code in bioql PyPI...

EUVD-2022-2274

Malicious code in bioql PyPI...

EUVD-2023-3026

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-1832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows...

Linux Distros Unpatched Vulnerability : CVE-2018-1313

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

Linux Distros Unpatched Vulnerability : CVE-2009-4269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...

Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)

Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...

CVE-2022-46337

A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases. In LDAP-authenticated Derby installations, this could also allow the attacker to execute malware which was...