PT-2019-16899 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7 through 11.0 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...

PT-2019-17054 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server version 11.1 Description: The issue allows an authenticated user to execute a function that would cause the server to crash. Recommendations: For IBM DB2 for Linux, UNIX and...

PT-2019-16895 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue allows low privilege users to potentially gain full access to root by loading a malicious shared library, as the binarie...

IBM DB2 Elevation of Privilege Vulnerability (CNVD-2019-07257)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server based on Linux, UNIX and Windo...

CVE-2019-4015

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893...

PT-2019-16843 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server versions 9.7, 10.1, 10.5, and 11.1 Description: The issue is a buffer overflow that could allow an authenticated local attacker to execute arbitrary code on the system as root...

CVE-2018-1977

IBM DB2 for Linux, UNIX and Windows 11.1 includes DB2 Connect Server contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032...

CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462...

CVE-2018-1834

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511...

CVE-2018-1857

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155...

CVE-2018-1780

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803...

CVE-2018-1857

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155...

IBM DB2 Information Disclosure Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in db2cacpy in IBM DB2 including DB2 Connect Server based on Linux,...

IBM DB2 Privilege Mobilization Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A format string vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...

IBM DB2 for Linux, UNIX and Windows File Overwrite Vulnerability (CNVD-2018-10562)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server for Linux, UNIX, and...

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

CVE-2018-1452

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047...

CVE-2018-1565

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022...

Code injection

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853...

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...