Astra Linux - уязвимость в derby

A cleverly designed username can bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could allow an attacker to create unnecessary Derby databases, thereby filling up storage space. In LDAP-authenticated Derby installations, the attacker could also execute malware...

Security Bulletin: Due to the use of derby IBM webMethods BPM is vulnerable to unauthorized LDAP authentication

Summary IBM webMethods BPM is using derby which is affected by a known vulnerability CVE-2022-46337. This security bulletin provides guidance on addressing the vulnerability. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: A cleverly devised username might bypass LDAP authentication check...

EUVD-2022-5837

Malicious code in bioql PyPI...

EUVD-2022-2274

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-1832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows...

Linux Distros Unpatched Vulnerability : CVE-2009-4269

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the...

Security Bulletin: Vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis (CVE-2019-11358, CVE-2020-23064, CVE-2020-11023, CVE-2020-11022)

Summary Cross-site scriptingXSS vulnerabilities in Apache Ant and Apache Derby affect IBM Operations Analytics - Log Analysis. It allows remote attackers to execute a script in a victim's Web browser. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal,...

Security Bulletin: Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services [CVE-2022-46337]

Summary Apache Derby vulnerability addressed in IBM SPSS Collaboration and Deployment Services CVE-2022-46337 Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security restrictions, caused by a LDAP injection vulnerability in...

Security Bulletin: Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms

Summary Security vulnerability due to a vulnerability in the Apache Derby package shipped with IBM TXSeries for Multiplatforms. The Apache Derby package version has been updated. Vulnerability Details CVEID:CVE-2022-46337 DESCRIPTION: Apache Derby could allow a remote attacker to bypass security...

PT-2024-40174 · Derby · Derby

Name of the Vulnerable Software and Affected Versions: derby affected versions not specified Description: A prototype pollution issue in derby can cause the application to crash if the application author has atypical HTML templates that feed user input into an object key. Attribute keys are...

The vulnerability of the Apache Derby database management system arises from the lack of measures to neutralize special elements, allowing unauthorized access to the database.

The vulnerability of the Apache Derby database management system exists due to the lack of measures taken to neutralize special elements. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to the database...

Apache Derby Injection Vulnerability

Apache Derby is an open source database management system from the Apache Foundation. A security vulnerability exists in Apache Derby versions 10.1.1.0 through 10.16.1.1, which originates from the ability to bypass LDAP authentication checks, potentially allowing an attacker to view and destroy...

PT-2023-8191 · Apache +3 · Apache Derby +3

Name of the Vulnerable Software and Affected Versions: Apache Derby versions prior to 10.17.1.0 Description: A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker fill up the disk by creating junk Derby databases...

CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...