rpm package
opensuse/derby&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/derby&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1832 | Cri | 9.1 | < 10.11.1.1-3.2 | 10.11.1.1-3.2 | Oct 3, 2016 | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlV | |
| CVE-2006-7217 | — | < 10.11.1.1-3.2 | 10.11.1.1-3.2 | Jul 5, 2007 | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | ||
| CVE-2006-7216 | — | < 10.11.1.1-3.2 | 10.11.1.1-3.2 | Jul 5, 2007 | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | ||
| CVE-2005-4849 | — | < 10.11.1.1-3.2 | 10.11.1.1-3.2 | Dec 31, 2005 | Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information. |
- affected < 10.11.1.1-3.2fixed 10.11.1.1-3.2
XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlV
- CVE-2006-7217Jul 5, 2007affected < 10.11.1.1-3.2fixed 10.11.1.1-3.2
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
- CVE-2006-7216Jul 5, 2007affected < 10.11.1.1-3.2fixed 10.11.1.1-3.2
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
- CVE-2005-4849Dec 31, 2005affected < 10.11.1.1-3.2fixed 10.11.1.1-3.2
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.