CVE-2025-27511 GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution RCE. Version 2.27.0 fixes...

CVE-2025-27511

CVE-2025-27511 affects the GeoServer DB2 DataStore Extension. According to the connected advisories, prior to version 2.27.0, an authenticated administrator could perform a JNDI attack via a specially crafted DB2 JDBC URL, leading to Remote Code Execution (RCE). The issue is the JNDI injection vu...

Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (February 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2025-33124

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

CVE-2025-36423

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-36070 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables...

resource-agents security update

4.9.0-54.27 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139760, RHEL-140787 4.9.0-54.24 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136031 4.9.0-54.23 - nfsserver: add ability to set e.g. 'pipefs-directory=/run/nfs/rpcpipefs' in /etc/nfs.con...

EUVD-2025-36386

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write...

PT-2025-44069

Name of the Vulnerable Software and Affected Versions IBM DB2 High Performance Unload versions 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1 Description An authenticated user can cause the program to crash due to a buffer overflow when a buffer is allocated on the stack...

PT-2025-44071

Name of the Vulnerable Software and Affected Versions IBM DB2 High Performance Unload versions 5.1, 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1 Description An authenticated user can cause the program to crash due to an out-of-bounds write condition. Recommendations IBM DB2 High...

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

EUVD-2025-30382

Malicious code in bioql PyPI...

CVE-2025-10771 jeecgboot JimuReport DB2 JDBC testConnection deserialization

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

JimuReport 代码问题漏洞

JimuReport is a free reporting tool open source by JEECG in China. A code issue vulnerability exists in JimuReport 2.1.2 and earlier versions, which stems from improper manipulation of the parameter clientRerouteServerListJNDIName in the file /drag/onlDragDataSource/testConnection in the componen...

CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

The vulnerability of IBM DB2 database management systems and IBM DB2 Connect Server lies in buffer overflows in the stack, which allows attackers to cause service interruptions.

The vulnerability of IBM DB2 database management systems, including IBM DB2 Connect Server, is related to buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause service interruptions by sending specially crafted requests...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server, related to insufficient validation of input data, allows a perpetrator to cause service failures.

The vulnerability of the IBM DB2 database management system and the IBM DB2 Connect Server automatic redirection server is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending specially crafted reques...