CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

IBM Security Bulletins•added 2020/11/17 10:0 p.m.•32 views

Security Bulletin: IBM® DB2® for LUW is affected by the OpenSSL vulnerability CVE-2014-3470

Summary Security vulnerabilities have been discovered in OpenSSL that were reported on June 5, 2014 by the OpenSSL Project. Vulnerability Details CVE-ID: CVE-2014-3470 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by the implementation of anonymous ECDH ciphersuites. A remote...

4.3CVSS0.3AI score0.91395EPSS

IBM Security Bulletins•added 2020/07/18 11:17 p.m.•27 views

Security Bulletin: BigInsights is affected by a vulnerability in DB2 (CVE-2014-0919, CVE-2016-0211)

Summary BigInsights is affected by a vulnerability in DB2 CVE-2014-0919, CVE-2016-0211. Vulnerability Details CVEID: CVE-2016-0211 DESCRIPTION: IBM DB2 LUW contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted...

4.3CVSS1.6AI score0.01549EPSS

IBM Security Bulletins•added 2020/01/15 1:9 a.m.•21 views

Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2019-4558)

Summary Db2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 5.0.x and 4.2.x that is used by Db2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System GPFS. Vulnerability Details CVEID: CVE-2019-4558 DESCRIPTION: A security...

8.1CVSS0.3AI score0.00148EPSS

IBM Security Bulletins•added 2020/01/09 8:32 p.m.•22 views

Security Bulletin: IBM® Db2® LUW on AIX and Linux Affected by a Vulnerability in IBM® Spectrum Scale (CVE-2018-1783).

Summary Db2 LUW is affected by a vulnerability in IBM® Spectrum Scale Version 4.1.x and 4.2.x that is used by Db2® pureScale™ Feature on AIX and Linux. IBM Spectrum Scale is previously known as General Parallel File System GPFS. Vulnerability Details CVEID: CVE-2018-1783 DESCRIPTION: IBM GPFS IBM...

5.5CVSS0.1AI score0.0005EPSS

NVD•added 2019/12/12 5:15 p.m.•10 views

CVE-2019-4606

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM...

7.8CVSS7.6AI score0.00169EPSS

Prion•added 2019/12/12 5:15 p.m.•10 views

Design/Logic Flaw

6.9CVSS7.7AI score0.00169EPSS

Cvelist•added 2019/12/12 4:30 p.m.•12 views

CVE-2019-4606

7.4CVSS7.7AI score0.00169EPSS

CVE•added 2019/12/12 4:30 p.m.•41 views

CVE-2019-4606

CVE-2019-4606 affects IBM DB2 High Performance Unload for LUW versions 6.1 and 6.5. The vulnerability is an untrusted search path issue that could allow a local attacker to execute arbitrary code by using an executable file. IBM and related advisories describe impact as local code execution with ...

7.8CVSS7.7AI score0.00169EPSS

NVD•added 2019/10/22 3:15 p.m.•8 views

CVE-2019-4523

IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481...

8.4CVSS8.2AI score0.00212EPSS

Prion•added 2019/10/22 3:15 p.m.•10 views

Buffer overflow

7.2CVSS7.8AI score0.00212EPSS

Cvelist•added 2019/10/22 2:27 p.m.•9 views

CVE-2019-4523

8.4CVSS7.8AI score0.00212EPSS

CVE•added 2019/10/22 2:27 p.m.•83 views

CVE-2019-4523

CVE-2019-4523 affects IBM DB2 High Performance Unload load for LUW 6.1 and 6.5. Root cause: a buffer overflow due to improper bounds checking, enabling a local user to run code with root privileges. IBM bulletin shows fixes: Interim Fixes 6.1.0.3.6 (for 6.1) and 6.5.0.0.1 (for 6.5); follow remedi...

8.4CVSS7.9AI score0.00212EPSS

NVD•added 2019/08/26 3:15 p.m.•16 views

CVE-2019-4448

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpumdebug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This...

8.4CVSS7.8AI score0.0004EPSS

NVD•added 2019/08/26 3:15 p.m.•14 views

CVE-2019-4447

IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpumdebug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a...

8.4CVSS8.1AI score0.00035EPSS

Prion•added 2019/08/26 3:15 p.m.•16 views

Code injection

7.2CVSS7.3AI score0.0004EPSS

CVE•added 2019/08/26 2:40 p.m.•38 views

CVE-2019-4447

CVE-2019-4447 affects IBM DB2 High Performance Unload on LUW versions 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2. The db2hpum_debug binary is setuid root and trusts PATH; a low-privilege user can hijack PATH to execute arbitrary commands as root, with a crash potentially tri...

8.4CVSS7.8AI score0.00035EPSS

Cvelist•added 2019/08/26 2:40 p.m.•12 views

CVE-2019-4448

8.4CVSS7.4AI score0.0004EPSS