Unity Linux 20.1060e / 20.1070e Security Update: derby (UTSA-2026-016640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016640 advisory. In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and...

EUVD-2014-0178

Malware in sbrugna...

EUVD-2022-5628

Malicious code in bioql PyPI...

EUVD-2022-45047

Malicious code in bioql PyPI...

EUVD-2022-2274

Malicious code in bioql PyPI...

EUVD-2022-3098

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2015-1832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

JBoss Seam 2 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Seam 2 Remote Command Execution', 'Description' = %q JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for R...

SUSE CVE-2018-1313

In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control. If the Derby Network Server is not running with a Java Security Manager policy file, the attack is...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

Information disclosure

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

CVE-2022-41917 Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a...

OESA-2022-1780 derby security update

Apache Derby, an Apache DB sub-project, is a relational database implemented entirely in Java. Some key advantages include a small footprint, conformance to Java, JDBC, and SQL standards and embedded JDBC driver. Security Fixes: In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network...

GHSA-845H-985R-JRQH Improper Authentication in Hibernate Validator

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

Improper Authentication in Hibernate Validator

ReflectionHelper org.hibernate.validator.util.ReflectionHelper in Hibernate Validator 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 allows attackers to bypass Java Security Manager JSM restrictions and execute restricted reflection calls via a crafted application...

Improper Restriction of XML External Entity Reference in Elasticsearch

Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's findfilestructure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content ...

Improper Restriction of XML External Entity Reference in Apace Derby

XML external entity XXE vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service resource consumption via vectors involving XmlVTI and the XML dataty...

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 jboss-seam2, as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured...