310 matches found
CVE-2025-27899
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system...
Security Bulletin: IBM Database Operator for FoundationDB is affected by zlib vulnerability (CVE-2018-25032)
Summary Foundation DB will ship an updated zlib to address this CVE. Though zlib is used for internal communication and vulnerability dislcoed here does not impact Foundation DB. Vulnerability Details CVEID:CVE-2018-25032 DESCRIPTION: Zlib is vulnerable to a denial of service, caused by a memory...
CVE-2025-33130
IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack...
CVE-2025-27900
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a...
CVE-2025-27904
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts...
CVE-2025-27898
IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system...
CVE-2025-13108
CVE-2025-13108 affects IBM Db2 Merge Backup for Linux, UNIX and Windows, version 12.1.0.0. The root cause is a buffer not properly cleared, which could allow an attacker to access sensitive information stored in memory. The vulnerability is documented across multiple sources (IBM, Red Hat, NVD, e...
CVE-2025-13867
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...
CVE-2025-36247 IBM Db2 XML External Entity Reference
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...
CVE-2025-36425
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration...
CVE-2025-36425
CVE-2025-36425 is an IBM Db2 information-disclosure issue affecting IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.5.0–11.5.9 and 12.1.0–12.1.3. The vulnerability allows an authenticated user to obtain sensitive information under specific HADR configurations, per I...
CVE-2025-13867 IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...
CVE-2025-13867
CVE-2025-13867 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 11.5.0–11.5.9 and 12.1.0–12.1.3. An authenticated user can trigger a denial of service due to improper neutralization of special elements in data query logic. The connected IBM bulletins confirm DoS risk (and re...
CVE-2025-14689 IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...
CVE-2025-14689 IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.(CVE-2025-36407)
Summary IBM® Db2® is vulnerable to a denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36407 DESCRIPTION: IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...
IBM DB2 Merge Backup 安全漏洞
IBM DB2 Merge Backup is a database-assisted backup tool developed by IBM. Version 12.1.0.0 of IBM DB2 Merge Backup contains a security vulnerability. This vulnerability stems from an error in calculating buffer sizes, which could allow authenticated users to cause the program to crash...
PT-2026-20224
Name of the Vulnerable Software and Affected Versions IBM DB2 Merge Backup for Linux, UNIX and Windows version 12.1.0.0 Description A flaw exists in IBM DB2 Merge Backup for Linux, UNIX and Windows version 12.1.0.0 where a buffer does not properly clear resources, potentially allowing an attacker...
IBM Db2 代码问题漏洞
IBM Db2 is the United States International Business Machines IBM company developed a set of relational database management system, it is the main operating environment for UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, and Windows server versions. An XML external entit...
IBM Db2 输入验证错误漏洞
IBM DB2 is a relational database management system developed by IBM. The system can run on various operating systems such as UNIX, Linux, IBMi, z/OS, and Windows server versions. Version 5.5 Interim Fix 002 of IBM DB2 Recovery Expert for LUW contains a vulnerability related to input validation...