Security Bulletin: IBM OpenPages is affected by multiple security vulnerabilities of DB2 Database Server (February 2026)

Summary IBM® Db2® Database Server is shipped as a supporting program of IBM OpenPages. Information about security vulnerabilities affecting IBM Db2 Database Server has been published in multiple security bulletins. Vulnerability Details Refer to the security bulletins listed in the...

CVE-2025-33124

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server

Summary IBM DB2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affect...

CVE-2025-36423

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-36070 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables...

resource-agents security update

4.9.0-54.27 - bundled urllib3: fix CVE-2025-66471 - bundled urllib3: fix CVE-2026-21441 Resolves: RHEL-139760, RHEL-140787 4.9.0-54.24 - bundled urllib3: fix CVE-2025-66418 Resolves: RHEL-136031 4.9.0-54.23 - nfsserver: add ability to set e.g. 'pipefs-directory=/run/nfs/rpcpipefs' in /etc/nfs.con...

EUVD-2025-36386

IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due an out of bounds write...

PT-2025-44071

Name of the Vulnerable Software and Affected Versions IBM DB2 High Performance Unload versions 5.1, 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1 Description An authenticated user can cause the program to crash due to an out-of-bounds write condition. Recommendations IBM DB2 High...

PT-2025-44069

Name of the Vulnerable Software and Affected Versions IBM DB2 High Performance Unload versions 5.1.0.1, 6.1, 6.1.0.1, 6.1.0.2, 6.1.0.3, 6.5, and 6.5.0.0 IF1 Description An authenticated user can cause the program to crash due to a buffer overflow when a buffer is allocated on the stack...

DataEase DB2/MongoDB JNDI Code Injection Vulnerability

DataEase is a set of Java-based development of open source data visualization and analysis tools to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . A code injection vulnerability exists in DataEase DB2/MongoDB JDBC...

EUVD-2025-30382

Malicious code in bioql PyPI...

CVE-2025-10771 jeecgboot JimuReport DB2 JDBC testConnection deserialization

A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack...

JimuReport 代码问题漏洞

JimuReport is a free reporting tool open source by JEECG in China. A code issue vulnerability exists in JimuReport 2.1.2 and earlier versions, which stems from improper manipulation of the parameter clientRerouteServerListJNDIName in the file /drag/onlDragDataSource/testConnection in the componen...

CVE-2025-58045 Dataease server-side request forgery via unfiltered DB2 JDBC ldap parameter

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12, the patch introduced to mitigate DB2 JDBC deserialization remote code execution attacks only blacklisted the rmi parameter. The ldap parameter in the DB2 JDBC connection string was not...

CVE-2025-57773 Dataease DB2 Aspectweaver Deserialization Arbitrary File Write Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system from International Business Machines IBM. The system's execution environments are mainly UNIX, Linux, IBMi, z/OS, and Windows server versions. A denial of service vulnerability exists in IBM Db2, which can be exploited by an attacker to cause a...

CVE-2023-30448

IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437...

IBM DB2 安全漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. An information disclosure vulnerability exists in IBM DB2 that stems from improper privilege...

IBM DB2 Competitive Conditions Issue Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. IBM DB2 Competitive Conditions Issue Vulnerability. A local attacker could exploit this vulnerability ...

IBM DB2 Special Message Denial of Service Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. There is a security vulnerability in IBM DB2. An attacker can exploit this vulnerability by sending...