CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OSV•added 2018/11/30 3:29 p.m.•3 views

CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462...

7.8CVSS6.2AI score

OSV•added 2018/11/09 1:29 a.m.•1 views

CVE-2018-1834

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511...

7.8CVSS5.8AI score0.0045EPSS

OSV•added 2018/11/09 1:29 a.m.•3 views

CVE-2018-1857

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155...

6.5CVSS5.8AI score0.01665EPSS

OSV•added 2018/11/09 1:29 a.m.•1 views

CVE-2018-1780

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803...

7.8CVSS5.8AI score0.00467EPSS

Cvelist•added 2018/11/09 12:0 a.m.•25 views

CVE-2018-1857

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155...

4.8CVSS6.3AI score0.01665EPSS

CNVD•added 2018/09/19 12:0 a.m.•2 views

IBM DB2 Information Disclosure Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in db2cacpy in IBM DB2 including DB2 Connect Server based on Linux,...

5.5CVSS5.7AI score0.00393EPSS

CNVD•added 2018/07/09 12:0 a.m.•2 views

IBM DB2 Privilege Mobilization Vulnerability

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A format string vulnerability exists in IBM DB2 including DB2 Connect Server on Linux, UNIX, and...

8.4CVSS8.2AI score0.00474EPSS

CNVD•added 2018/05/29 12:0 a.m.•2 views

IBM DB2 for Linux, UNIX and Windows File Overwrite Vulnerability (CNVD-2018-10562)

IBM DB2 is a set of relational database management system from IBM in the United States. The main execution environments for this system are UNIX, Linux, IBM i, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 including DB2 Connect Server for Linux, UNIX, and...

5.5CVSS6.7AI score0.00383EPSS

OSV•added 2018/05/25 2:29 p.m.•3 views

CVE-2018-1459

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: 140210...

7.8CVSS6.2AI score0.00514EPSS

OSV•added 2018/05/25 2:29 p.m.•1 views

CVE-2018-1452

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047...

5.5CVSS5.9AI score0.00383EPSS

OSV•added 2018/05/25 2:29 p.m.•2 views

CVE-2018-1565

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022...

7.8CVSS6AI score0.00397EPSS

OSV•added 2018/03/22 12:29 p.m.•1 views

CVE-2018-1428

IBM GSKit IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073...

5.5CVSS5.8AI score0.00294EPSS

OSV•added 2018/03/22 12:29 p.m.•3 views

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853...

5.5CVSS5.8AI score0.00257EPSS

Prion•added 2018/03/22 12:29 p.m.•12 views

Code injection

2.1CVSS5.3AI score0.00257EPSS

Exploits0References3Affected Software1

OSV•added 2017/09/12 9:29 p.m.•1 views

CVE-2017-1451

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 includes DB2 Connect Server could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178...

7.8CVSS5.8AI score0.00373EPSS

CNVD•added 2017/09/11 12:0 a.m.•2 views

Local Elevation of Privilege Vulnerability in Multiple IBM DB2 Products

IBM DB2 and DB2 Connect Server for Linux, UNIX, and Windows are database products for Linux, UNIX, and Windows platforms from IBM, U.S.A. DB2 is a relational database management system for use in large application environments.DB2 Connect Server is a DB2 Connect Server is a mainframe database...

7.2CVSS6.9AI score0.00379EPSS

CNVD•added 2017/09/11 12:0 a.m.•3 views

Local elevation of privilege vulnerability in multiple IBM DB2 products (CNVD-2017-32877)

IBM DB2 and DB2 Connect Server for Linux, UNIX, and Windows are database products for Linux, UNIX, and Windows platforms from IBM Corporation, U.S.A. DB2 is a relational database management system for use in large application environments.DB2 Connect Server is a DB2 Connect Server is a mainframe...

7.8CVSS7.6AI score0.00373EPSS