CVE-2023-29255 – IBM DB2 for Linux, UNIX and Windows denial of service
https://notcve.org/view.php?id=CVE-2023-29255
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. • https://exchange.xforce.ibmcloud.com/vulnerabilities/251991 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985687 • CWE-20: Improper Input Validation •
CVE-2023-27559 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2023-27559
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. • https://exchange.xforce.ibmcloud.com/vulnerabilities/249196 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985667 • CWE-20: Improper Input Validation •
CVE-2023-29257 – IBM Db2 code execution
https://notcve.org/view.php?id=CVE-2023-29257
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. • https://exchange.xforce.ibmcloud.com/vulnerabilities/252011 https://security.netapp.com/advisory/ntap-20230511-0010 https://www.ibm.com/support/pages/node/6985691 •
CVE-2022-43930 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43930
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241677 https://www.ibm.com/support/pages/node/6953755 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVE-2022-43927 – IBM Db2 for Linux, UNIX and Windows information disclosure
https://notcve.org/view.php?id=CVE-2022-43927
IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671. • https://exchange.xforce.ibmcloud.com/vulnerabilities/241671 https://www.ibm.com/support/pages/node/6953759 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-269: Improper Privilege Management •