PT-2026-43979

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when a specially crafted query is executed using range partitioned tables. Recommendations At the moment, there is no...

Denial of Service Vulnerability in IBM Db2

IBM Db2 is a set of relational database management system developed by the United States International Business Machines IBM Corporation, and its main operating environments are UNIX including IBM's own AIX, Linux, IBM i formerly known as OS/400, z/OS, as well as Windows server versions. A denial...

CVE-2025-14689

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects...

CVE-2025-36423

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

UBUNTU-CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

PT-2026-5457

Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description The software may allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

PT-2026-5454

Name of the Vulnerable Software and Affected Versions IBM Db2 for Windows versions 12.1.0 through 12.1.3 Description IBM Db2 for Windows versions 12.1.0 through 12.1.3 may allow a local user with filesystem access to escalate their privileges. This is due to the use of an unquoted search path...

IBM DB2 Privilege Escalation (7250486) (Unix)

According to its self-reported version number, IBM Db2 on Unix may be affected by a vulnerability: - IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privilege...

CVE-2025-36186

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...

PT-2025-45489

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 12.1.0 through 12.1.3 Description IBM Db2, under specific configurations, may allow a local user to execute malicious code and escalate privileges to root. This is due to the execution of operations at a higher privilege level...

CVE-2025-5115 MadeYouReset HTTP/2 vulnerability

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

IBM Db2 for Linux 安全漏洞

IBM Db2 for Linux is a relational database management system from IBM. A stack-based buffer overflow vulnerability exists in IBM Db2 for Linux versions 12.1.0, 12.1.1, and 12.1.2, which stems from the db2fm component not adequately checking boundaries. A local user can exploit this vulnerability ...

CVE-2025-2518

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

CVE-2020-27726

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system...

Cross site scripting

In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system...

CVE-2020-5933

On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger a...

CVE-2020-5885

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability HA pair transfer sensitive cryptographic objects over an insecure communications channel. This is a control plane issue which is exposed only o...

Cisco Email Security Appliance AsyncOS Input Validation Error Vulnerability

Cisco Email Security Appliance ESA is an email security appliance from Cisco in the U.S. AsyncOS Software is the operating system that runs on it. An input validation error vulnerability exists in the email filtering feature in Cisco AsyncOS Software versions 12.1.0-085 and 11.1.0-131, which stem...

PT-2019-18232 · F5 · F5 Big-Ip Apm

Name of the Vulnerable Software and Affected Versions: F5 BIG-IP ASM versions 11.5.1 through 11.5.9 F5 BIG-IP ASM versions 11.6.0 through 11.6.4 F5 BIG-IP ASM versions 12.1.0 through 12.1.4.1 F5 BIG-IP ASM versions 13.0.0 through 13.1.1.5 F5 BIG-IP ASM versions 14.0.0 through 14.0.0.5 F5 BIG-IP A...

CVE-2019-2750

Vulnerability in the MICROS Retail-J component of Oracle Retail Applications subcomponent: Internal Operations. Supported versions that are affected are 12.1.0, 12.1.1, 12.1.2 and 13.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...