Vulnerabilities > IBM > DB2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-16 | CVE-2023-38728 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. | 7.5 |
| 2023-10-16 | CVE-2023-38740 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. | 7.5 |
| 2023-10-16 | CVE-2023-30987 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. | 7.5 |
| 2023-10-16 | CVE-2023-38720 | Unspecified vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. | 7.5 |
| 2023-07-17 | CVE-2023-35012 | Stack-based Buffer Overflow vulnerability in IBM DB2 11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. | 6.7 |
| 2023-07-10 | CVE-2023-23487 | Unspecified vulnerability in IBM DB2 11.1/11.5 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. | 4.3 |
| 2023-07-10 | CVE-2023-27558 | Improper Privilege Management vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. | 7.8 |
| 2023-07-10 | CVE-2023-27867 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. | 8.8 |
| 2023-07-10 | CVE-2023-27868 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. | 8.8 |
| 2023-07-10 | CVE-2023-27869 | Code Injection vulnerability in IBM DB2 10.5.0.11/11.1.4.7/11.5 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. | 8.8 |