Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
HSQLDB: Malicious Database Files Can Write to Unintended Locations
OESA-2026-1487
Summary
A security update is available for HSQLDB, a free database software. An attacker could potentially use a malicious database file to write to any location on a system. This could allow an attacker to steal or corrupt sensitive data. Update to the latest version of HSQLDB to protect your system.
What to do
- Update hsqldb to version 2.4.0-6.oe2403sp2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | hsqldb | <= 2.4.0-6.oe2403sp2 | 2.4.0-6.oe2403sp2 |
Original title
hsqldb security update
Original description
HSQLdb is a relational database engine written in JavaTM , with a JDBC driver, supporting a subset of ANSI-92 SQL. It offers a small (about 100k), fast database engine which offers both in memory and disk based tables. Embedded and server modes are available. Additionally, it includes tools such as a minimal web server, in-memory query and management tools (can be run as applets or servlets, too) and a number of demonstration examples. Downloaded code should be regarded as being of production quality. The product is currently being used as a database and persistence engine in many Open Source Software projects and even in commercial projects and products! In it&apos;s current version it is extremely stable and reliable. It is best known for its small size, ability to execute completely in memory and its speed. Yet it is a completely functional relational database management system that is completely free under the Modified BSD License. Yes, that&apos;s right, completely free of cost or restrictions!
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
Security Fix(es):
A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.(CVE-2023-1183)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-1183 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026