Every CVE whose affected-product data names Apache Derby, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-46337 — CVSS 9.8 (critical): A cleverly devised username might bypass LDAP authentication checks. In LDAP-authenticated Derby installations, this could let an attacker…
CVE-2015-1832 — CVSS 9.1 (critical): XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in…
CVE-2010-2232 — CVSS 7.5 (high): In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.
CVE-2018-1313 — CVSS 5.3 (medium): In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network packet can be used to request the Derby Network Server to boot a…
CVE-2005-4849 — CVSS 5.0 (medium): Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC…
CVE-2006-7217 — CVSS 4.0 (medium): Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote…
CVE-2006-7216 — CVSS 4.0 (medium): Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does…
CVE-2009-4269 — CVSS 2.1 (low): The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a…