Vulnerabilities > IBM > DB2

DATE CVE VULNERABILITY TITLE RISK
2023-10-16 CVE-2023-38728 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement.
network
low complexity
ibm
7.5
2023-10-16 CVE-2023-38740 Unspecified vulnerability in IBM DB2 11.5/11.5.5.0/11.5.6
IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement.
network
low complexity
ibm
7.5
2023-10-16 CVE-2023-30987 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases.
network
low complexity
ibm
7.5
2023-10-16 CVE-2023-38720 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement.
network
low complexity
ibm
7.5
2023-07-17 CVE-2023-35012 Unspecified vulnerability in IBM DB2 11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking.
local
low complexity
ibm
6.7
2023-07-10 CVE-2023-23487 Unspecified vulnerability in IBM DB2 11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging.
network
low complexity
ibm
4.3
2023-07-10 CVE-2023-27558 Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path.
local
low complexity
ibm CWE-269
7.8
2023-07-10 CVE-2023-27867 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection.
network
low complexity
ibm CWE-94
8.8
2023-07-10 CVE-2023-27868 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes.
network
low complexity
ibm CWE-94
8.8
2023-07-10 CVE-2023-27869 Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5
IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection.
network
low complexity
ibm CWE-94
8.8