CVSS: 7.5EPSS: 0%CPEs: 23EXPL: 0CVE-2023-27559 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-27559
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249196 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985667 • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 23EXPL: 0CVE-2023-29257 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252011 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985691 •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43928 – IBM Db2 Mirror for i information disclosure
https://notcve.org/view.php?id=CVE-2022-43928
The IBM Toolbox for Java (Db2 Mirror for i 7.4 and 7.5) could allow a user to obtain sensitive information, caused by utilizing a Java string for processing. Since Java strings are immutable, their contents exist in memory until garbage collected. This means sensitive data could be visible in memory over an indefinite amount of time. IBM has addressed this issue by reducing the amount of time the sensitive data is visible in memory. IBM X-Force ID: 241675. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241675 https://www.ibm.com/support/pages/node/6981113 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-43930 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43930
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241677 https://www.ibm.com/support/pages/node/6953755 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2022-43929 – IBM Db2 for Linux, UNIX and Windows denial of service
https://notcve.org/view.php?id=CVE-2022-43929
IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241676 https://www.ibm.com/support/pages/node/6953763 • CWE-20: Improper Input Validation •