IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.3 of IBM Db2 contain security vulnerabilities. These vulnerabilities stem from improper allocation of system resources, which may allow authenticated users to cause denial-of-service...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

Linux Distros Unpatched Vulnerability : CVE-2025-36428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of servi...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36423 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

PT-2026-5457

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description The software may allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2021-2267

Vulnerability in the Oracle Labor Distribution product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Labor Distribution...

CVE-2021-2254

Vulnerability in the Oracle Project Contracts product of Oracle E-Business Suite component: Hold Management. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Contracts...

CVE-2025-36008

CVE-2025-36008 affects IBM Db2 on Linux/UNIX/Windows (including Db2 Connect Server) and is a denial-of-service vulnerability caused by improper resource allocation. An authenticated user could exhaust resources to disrupt availability. IBM’s advisories for Db2 Pacemaker and GKLM context indicate ...

CVE-2025-2534

CVE-2025-2534 affects IBM Db2 Big SQL on Cloud Pak for Data (versions 7.6–7.8 on CPD 4.8–5.2) and IBM Db2 Big SQL on Cloud Pak for Data; a specially crafted query can cause the server to crash (DoS). Remediation: upgrade to IBM Db2 Big SQL 8.3 or later (on Cloud Pak for Data 5.3+). Affected CPD v...

PT-2025-45487

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.3 Description The database monitor script in IBM Db2 may incorrectly detect that the instance is still starting under specific conditions, potentially allowing a local...

HCL Unica Campaign Cross-Site Scripting Vulnerability

HCL Technologies HCL Unica Campaign is a marketing campaign management solution from HCL Technologies. A security vulnerability exists in Unica Campaign versions prior to 12.1.3 that stems from the presence of a persistent cross-site scripting XSS vulnerability that allows an attacker to hijack a...

CVE-2021-2089

Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Runtime Catalog. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...

CVE-2020-2789

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport...

CVE-2019-2828

Vulnerability in the Oracle Field Service component of Oracle E-Business Suite subcomponent: Wireless. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2017-3442

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite subcomponent: User Interface. Supported versions that are affected are 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...