Org.apache.derby:derby
This hub aggregates every CVE we track for Org.apache.derby:derby, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
7
CVEs tracked
2
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM3CRITICAL2LOW1HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 7 most recently published vulnerabilities affecting Org.apache.derby:derby.
- CVE-2022-46337Apache Derby: LDAP injection vulnerability in authenticator9.8
- CVE-2018-1313In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a database whose location and contents are under the user's control...5.3
- CVE-2010-2232In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.7.5
- CVE-2015-1832XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary f...9.1
- CVE-2009-4269The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, wh...2.1
- CVE-2006-7217Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statemen...4.0
- CVE-2005-4849Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL funct...5.0
Product normalization is registry-driven with AI assist and human review. How it works