Lucene search
K

339 matches found

CVE
CVE
added 2013/06/05 1:0 a.m.329 views

CVE-2013-3475

CVE-2013-3475 is a local privilege-escalation flaw in the DB2 Audit Facility. The issue affects IBM DB2/DB2 Connect versions 9.1, 9.5, 9.7, 9.8, and 10.1 deployed with IBM Smart Analytics System and related products (e.g., InfoSphere Balanced Warehouse, Balanced Warehouse on C3000/C4000, D5100, a...

7.2CVSS6.7AI score0.00432EPSS
CVE
CVE
added 2012/03/20 8:0 p.m.328 views

CVE-2012-0711

CVE-2012-0711 is a remote code execution/privilege-escalation vulnerability in the DB2 Administration Server (DAS) of IBM DB2. The issue is a heap-based buffer overflow caused by an integer signedness error in the db2dasrrm process and affects UNIX platforms on: DB2 9.1 GA through FP11, DB2 9.5 G...

7.5CVSS7.5AI score0.04627EPSS
CVE
CVE
added 2012/03/20 8:0 p.m.327 views

CVE-2012-0709

IBM DB2 for Linux, UNIX and Windows is affected by CVE-2012-0709. A remote authenticated user can bypass viewing restrictions on table data by exploiting CREATEIN privileges to execute crafted CREATE VARIABLE statements. Affected: DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4. Root cau...

4CVSS7.2AI score0.01834EPSS
CVE
CVE
added 2015/05/08 1:0 a.m.326 views

CVE-2014-0919

CVE-2014-0919 affects IBM DB2 9.5–10.5 on Linux/UNIX/Windows, where passwords may be exposed during processing of certain SQL statements by the monitoring/audit facilities, exploitable by remote authenticated users. The issue is an information-disclosure vulnerability in the DB2 LUW monitoring/au...

4CVSS4.5AI score0.01901EPSS
CVE
CVE
added 2013/08/28 10:0 a.m.324 views

CVE-2013-4033

CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...

4.6CVSS6.5AI score0.01746EPSS
CVE
CVE
added 2012/06/20 10:0 a.m.323 views

CVE-2012-2180

CVE-2012-2180 concerns IBM DB2 DRDA chaining, where a crafted DRDA request can trigger a denial of service. The vulnerability exists in the DRDA module handling DRDA chaining on DB2 9.7 (GA through FP5) and 9.8 (GA through FP4/FP5 as per bulletin) and can cause a NULL pointer dereference, leading...

4.3CVSS6.6AI score0.02039EPSS
CVE
CVE
added 2011/10/18 1:0 a.m.320 views

CVE-2011-4061

CVE-2011-4061 affects IBM DB2 9.7 (and 9.5) when ITMA (Tivoli Monitoring Agent) is bundled with DB2 on UNIX/Linux platforms. The vulnerability arises from insecure DT_RPATH-based loading of libkbb.so via the SUID-root binary kbbacf1 in the ITMA component, allowing a local user to escalate privile...

6.9CVSS6.6AI score0.00412EPSS
CVE
CVE
added 2012/08/24 10:0 a.m.319 views

CVE-2012-0713

The CVE-2012-0713 entry concerns IBM DB2 XML Feature information disclosure. IBM’s advisory states that IBM DB2 products (DB2 9.7, including Express/Workgroup/Enterprise editions, and DB2 Connect variants, plus affected 9.8/9.5 lines) can be exploited remotely by a user with valid credentials who...

3.5CVSS6AI score0.01209EPSS
CVE
CVE
added 2012/07/25 10:0 a.m.318 views

CVE-2012-2197

CVE-2012-2197 affects IBM DB2 Java Stored Procedure infrastructure across multiple DB2 releases (9.1 before FP12, 9.5–FP9, 9.7–FP6, 9.8–FP5, 10.1). The vulnerability is a stack-based buffer overflow that could allow remote authenticated execution of arbitrary code by exploiting CONNECT and EXECUT...

7.1CVSS7.5AI score0.04487EPSS
CVE
CVE
added 2013/12/19 10:0 p.m.318 views

CVE-2013-6717

Summary of CVE-2013-6717 : The IBM DB2 OLAP query engine (affecting DB2 9.7 FP9, 9.8 FP3a/FP4, 10.1 FP3, 10.5 FP2/FP3, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition) contains a vulnerability that could allow a remote, authenticated user to cause a denial of service by terminatin...

4CVSS6.4AI score0.02402EPSS
CVE
CVE
added 2012/07/25 10:0 a.m.317 views

CVE-2012-2196

CVE-2012-2196 affects IBM DB2 LUW 9.1 (before FP12), 9.5 (through FP9), 9.7 (through FP6), 9.8 (through FP5), and 10.1 (through FP1). Affected routines GET_WRAP_CFG_C and GET_WRAP_CFG_C2 allow an authenticated user, without proper authority, to read XML files accessible to the DB2 fenced ID. Impa...

5CVSS6.5AI score0.02404EPSS
CVE
CVE
added 2012/03/20 8:0 p.m.313 views

CVE-2012-0712

CVE-2012-0712 affects IBM DB2 XML Feature in DB2 9.5 (before FP9), 9.7 (through FP5), and 9.8 (through FP4). The flaw allows a remote authenticated user to cause a denial of service (infinite loop) by invoking XMLPARSE with a crafted string expression. IBM’s bulletin notes the vulnerability requi...

4CVSS6.2AI score0.02062EPSS
CVE
CVE
added 2012/10/20 10:0 a.m.313 views

CVE-2012-4826

CVE-2012-4826 is a DB2 SQL/PSM Stored Procedure debugging buffer‑overflow vulnerability. IBM's advisory details a stack‑based overflow in the SQL/PSM debugging infrastructure that could be triggered by an authenticated user with appropriate privileges, potentially enabling remote code execution. ...

8.5CVSS7.5AI score0.04908EPSS
CVE
CVE
added 2012/07/25 10:0 a.m.311 views

CVE-2012-2194

CVE-2012-2194 : IBM DB2 stores vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure on Windows. Affected: DB2 9.1 (pre FP12), 9.5 (pre FP9), 9.7 (pre FP6), 9.8 (pre FP5), 10.1. Description: directory traversal allows a remote attacker with valid DB2 credentials to overwrite JAR files by cal...

5CVSS6.4AI score0.03145EPSS
CVE
CVE
added 2013/12/18 11:0 a.m.309 views

CVE-2013-5466

CVE-2013-5466 affects IBM DB2/DB2 Connect XSLT library, enabling a remote authenticated user to cause a denial of service via unspecified vectors. Affected versions include DB2/DB2 Connect 9.5–10.5 and DB2 pureScale Feature 9.8 for Enterprise Server Edition. Remediation is available: fixes exist ...

4CVSS6.3AI score0.02158EPSS
CVE
CVE
added 2023/02/17 4:57 p.m.163 views

CVE-2022-43929

CVE-2022-43929 affects IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5. The vulnerability allows a Denial of Service when processing a specially crafted Load command. Public IBM/Red Hat bulletins corroborate the issue and outline remediation paths. Connected documents indicate the issue is addr...

7.5CVSS5.9AI score0.00739EPSS
CVE
CVE
added 2023/07/09 11:58 p.m.162 views

CVE-2023-30431

CVE-2023-30431 – IBM Db2 buffer overflow Affected products: IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) at versions 10.5, 11.1, and 11.5. Issue: db2set is vulnerable to a buffer overflow caused by improper bounds checking, enabling a local attacker to overflow a buffer and exec...

8.4CVSS8.2AI score0.0031EPSS
CVE
CVE
added 2023/04/26 7:2 p.m.154 views

CVE-2023-27559

CVE-2023-27559 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1 and 11.5. A denial of service may occur when a specially crafted subquery is used, potentially crashing the server. IBM advisories reference multiple remediation paths: upgrade to fixed DB2 releases (...

7.5CVSS5.8AI score0.00946EPSS
CVE
CVE
added 2023/02/17 4:51 p.m.152 views

CVE-2022-43927

CVE-2022-43927 affects IBM Db2 for Linux, UNIX and Windows running on Cloud Pak for Data environments. The vulnerability is an information disclosure caused by improper privilege management when a specially crafted table access is used. Affected versions include Db2 on Linux/UNIX/Windows 10.5, 11...

7.5CVSS6.3AI score0.00641EPSS
CVE
CVE
added 2022/06/24 4:45 p.m.150 views

CVE-2022-22390

CVE-2022-22390 affects IBM Db2 for Linux, UNIX and Windows (versions 9.7, 10.1, 10.5, 11.1, 11.5). The issue is an information disclosure caused by improper privilege management when a table function is used, allowing an authenticated user to access restricted data. The IBM security bulletins ind...

7.5CVSS7AI score0.00899EPSS
CVE
CVE
added 2023/07/10 12:1 a.m.150 views

CVE-2023-30442

Summary of CVE-2023-30442 (IBM Db2 federated server DoS) : The vulnerability affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.1 and 11.5 federated server. A specially crafted wrapper using certain options can cause a denial of service, potentially crashing the server....

7.5CVSS6.3AI score0.01075EPSS
CVE
CVE
added 2024/12/19 1:4 a.m.142 views

CVE-2023-30443

CVE-2023-30443 affects IBM Db2 for Linux/ UNIX/ Windows (incl. Db2 Connect Server) on 10.5, 11.1, and 11.5, with denial of service caused by a specially crafted query. Connected sources consistently describe multiple variants of the same vulnerability across IBM Db2 components and related Cloud P...

6.5CVSS5AI score0.00382EPSS
CVE
CVE
added 2023/07/09 11:32 p.m.139 views

CVE-2023-27558

CVE-2023-27558 affects IBM Db2 on Windows (10.5, 11.1, 11.5) with a privilege-escalation path via an unquoted service path. A local attacker could insert an executable in the service path to gain SYSTEM/elevated privileges. IBM X-Force ID: 249194. The vulnerability details and related entries exi...

8.4CVSS7.9AI score0.00229EPSS
CVE
CVE
added 2022/06/24 4:45 p.m.137 views

CVE-2022-22389

CVE-2022-22389 affects IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5, where an authenticated user can trigger a denial of service by executing specially crafted SQL statements. The connected IBM bulletins confirm this specific DoS impact and tie it to Db2 components...

6.5CVSS6.4AI score0.01453EPSS
CVE
CVE
added 2026/06/30 8:2 p.m.135 views

CVE-2026-10109

CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...

9.8CVSS6.4AI score0.0086EPSS
CVE
CVE
added 2023/02/17 5:4 p.m.129 views

CVE-2022-43930

CVE-2022-43930 concerns IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 where an Information Disclosure could cause sensitive data to appear in a log file (IBM X-Force ID 241677). Affected platforms include Db2 on Linux/UNIX/Windows; root cause is not explicitly detailed in the provided ...

7.5CVSS6.3AI score0.00492EPSS
CVE
CVE
added 2024/01/07 6:58 p.m.114 views

CVE-2023-47145

CVE-2023-47145 affects IBM Db2 family (Windows including Db2 Connect Server) where a local user can escalate privileges to SYSTEM via the MSI repair functionality.根本原因: MSI repair handling allows a local user to gain SYSTEM-level access. 受影响版本/范围: Db2 on Windows and Db2 Connect Server across 10.5...

8.4CVSS7.3AI score0.0018EPSS
CVE
CVE
added 2024/01/22 6:44 p.m.112 views

CVE-2023-50308

CVE-2023-50308 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5. Under certain conditions, an authenticated user issuing a statement on columnar tables could cause a denial of service. The vulnerability is documented across IBM/Red Hat/IBM X-Force sources and is ass...

6.5CVSS6.2AI score0.00774EPSS
CVE
CVE
added 2023/10/16 10:53 p.m.110 views

CVE-2023-30991

CVE-2023-30991 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5. It is a denial-of-service vulnerability triggered by a specially crafted query, potentially impacting availability. The issue is confirmed in IBM product bulletins; remediation requir...

7.5CVSS7.2AI score0.00849EPSS
CVE
CVE
added 2024/01/22 8:5 p.m.110 views

CVE-2023-47158

CVE-2023-47158 : IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service via a specially crafted query. IBM X-Force ID: 270750. CVSS v3.1 base scores quoted as MEDIUM with availabi...

6.5CVSS6.1AI score0.00738EPSS
CVE
CVE
added 2024/10/23 1:9 a.m.110 views

CVE-2024-31880

CVE-2024-31880 : IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to DoS under certain configurations when authenticated users send a crafted SQL statement, potentially crashing the server. Connected IBM bulletins/CPD advisories tie this set to IBM Db2...

6.5CVSS5.6AI score0.00394EPSS
CVE
CVE
added 2023/04/28 6:23 p.m.107 views

CVE-2023-26021

CVE-2023-26021 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) at versions 11.1 and 11.5, where a specially crafted SQL query using a LIMIT clause can cause the server to crash (denial of service). The issue’s root cause is not fully described in the provided text, but ...

7.5CVSS7.4AI score0.01018EPSS
CVE
CVE
added 2021/06/24 6:45 p.m.105 views

CVE-2021-29703

CVE-2021-29703 affects IBM Db2 LUW (Linux/UNIX/Windows) and Db2 Connect Server. The issue allows a denial of service because the server can terminate abnormally when executing a specially crafted SELECT statement. IBM security bulletins document the vulnerability and provide fixes; remediation is...

7.5CVSS7.2AI score0.01692EPSS
CVE
CVE
added 2021/06/24 6:45 p.m.104 views

CVE-2021-20579

CVE-2021-20579 affects IBM Db2 for Linux, UNIX and Windows (Db2 LUW) and Db2 Connect Server, across versions 9.7, 10.1, 10.5, 11.1, and 11.5. The vulnerability arises when a user who can create a view or inline SQL function can expose sensitive information if AUTO_REVAL is set to DEFFERED_FORCE. ...

6.5CVSS6.8AI score0.0111EPSS
CVE
CVE
added 2024/01/22 6:42 p.m.103 views

CVE-2023-47746

CVE-2023-47746 affects IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) across versions 10.5, 11.1 and 11.5. An authenticated user with CONNECT privileges could cause a denial of service via a specially crafted query. Remediation: upgrade to Db2 Warehouse/Db2 version 11.5.9.0 or late...

6.5CVSS6.2AI score0.00738EPSS
CVE
CVE
added 2023/04/28 5:35 p.m.102 views

CVE-2023-25930

CVE-2023-25930 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) version 10.1, 11.1, and 11.5. The issue causes a denial of service under rare conditions when a special register is set, potentially terminating the Db2 server abnormally. The available connected doc details...

5.9CVSS5.5AI score0.00963EPSS
CVE
CVE
added 2023/10/16 8:48 p.m.102 views

CVE-2023-30987

CVE-2023-30987 : IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 10.5, 11.1, and 11.5 are vulnerable to denial of service via a specially crafted query on certain databases. Root cause: improper input handling in the affected Db2 components can be triggered by crafted ...

7.5CVSS6AI score0.00782EPSS
CVE
CVE
added 2023/04/26 12:56 p.m.100 views

CVE-2023-29257

CVE-2023-29257 affects IBM Db2 on Linux/UNIX/Windows (including Db2 Connect) across 10.5, 11.1 and 11.5. Description: remote code execution where a DBA of one database may execute code or read/write files in another database within the same instance. CVSS base score 7.2 (HIGH). Remediation: upgra...

7.2CVSS7.2AI score0.01513EPSS
CVE
CVE
added 2019/07/01 3:5 p.m.97 views

CVE-2019-4057

CVE-2019-4057 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server) on versions 9.7, 10.1, 10.5, and 11.1. A local attacker with access to the DB2 instance account can leverage a fenced execution process to execute arbitrary code as root. Multiple IBM security bulletins document t...

7.2CVSS7.1AI score0.00459EPSS
CVE
CVE
added 2024/04/03 12:24 p.m.97 views

CVE-2024-27254

CVE-2024-27254 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions in the 3.0/4.x line as listed in the remediation table) with a denial-of-service condition from a specially crafted query. The connected Red Hat entry confirms the vulnerability details and scop...

6.5CVSS5.2AI score0.00653EPSS
CVE
CVE
added 2024/01/22 7:57 p.m.96 views

CVE-2023-47747

CVE-2023-47747 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 10.1, 10.5, and 11.1. An authenticated user with CONNECT privileges can cause a denial of service by issuing a specially crafted query. The available documents describe the impact as DoS with a craf...

6.5CVSS6.2AI score0.00738EPSS
CVE
CVE
added 2023/10/16 9:27 p.m.95 views

CVE-2023-38728

CVE-2023-38728 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5. Description: denial of service via a specially crafted XML query statement. Classified with a base CVSS about MEDIUM–HIGH depending on vector, and IBM X-Force ID 262258. Connected sources indic...

7.5CVSS6AI score0.00782EPSS
CVE
CVE
added 2023/10/16 11:5 p.m.94 views

CVE-2023-38719

CVE-2023-38719 affects IBM Db2 11.5 with local access privileges; a local user can cause a denial of service during database deactivation on DPF. Remediation: upgrade to Db2 11.5.9 (or later) per IBM security bulletins.

5.1CVSS4.8AI score0.00194EPSS
CVE
CVE
added 2023/10/16 8:52 p.m.94 views

CVE-2023-38720

CVE-2023-38720 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.5 (and 11.5) and Denial of Service via a specially crafted ALTER TABLE statement. The IBM security bulletins indicate the issue can lead to a DoS with basic authentication and network access, with CVSS v3...

7.5CVSS6AI score0.00782EPSS
CVE
CVE
added 2020/02/19 3:15 p.m.93 views

CVE-2020-4230

CVE-2020-4230 affects IBM DB2 for Linux/UNIX/Windows (DB2 Connect Server) 11.1 and 11.5. An authenticated local attacker with special permissions can escalate privileges by executing specially crafted Db2 commands. IBM bulletins provide fixes via release-specific fix packs (e.g., DB2 11.1 FP6 and...

6.7CVSS6.8AI score0.0038EPSS
CVE
CVE
added 2020/11/20 1:50 p.m.93 views

CVE-2020-4739

CVE-2020-4739 is a DLL search order hijacking vulnerability in IBM Db2 on Windows client components. The CVE affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) across multiple releases (9.7, 10.1, 10.5, 11.1, 11.5) and requires a local authenticated user to place a crafted...

7.8CVSS7.6AI score0.0045EPSS
CVE
CVE
added 2021/06/24 6:45 p.m.93 views

CVE-2021-29777

IBM Db2 LUW (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, 11.5 is affected by CVE-2021-29777 among related CVEs. Under very specific conditions — when a table is dropped while it is being accessed in another session — an authenticated user could cause a denial of service. Related entries (...

6.5CVSS6.5AI score0.01369EPSS
CVE
CVE
added 2024/04/03 12:14 p.m.93 views

CVE-2024-25030

CVE-2024-25030 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (v3.5–refresh 10, v4.0–refresh 9, v4.5–refresh 3, v4.6–refresh 6, v4.7–refresh 4, v4.8–refresh 4). The issue is that 11.1 releases store potentially sensitive information in log files readable by a local ...

6.2CVSS5.4AI score0.00191EPSS
CVE
CVE
added 2024/04/03 12:27 p.m.92 views

CVE-2023-38729

CVE-2023-38729 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) across multiple releases. The vulnerability enables sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. Affected versions include Db2 10.5, 11.1, and 11.5; exploitation details are t...

6.8CVSS6.5AI score0.00567EPSS
CVE
CVE
added 2023/10/16 10:47 p.m.92 views

CVE-2023-40374

CVE-2023-40374 affects IBM Db2 for Linux, UNIX and Windows (Db2 Connect Server) 11.5. It is a denial-of-service vulnerability triggered by a specially crafted query statement. Root cause: the connected documents describe a DoS condition without giving exploit specifics beyond the crafted query. A...

7.5CVSS6AI score0.00782EPSS
Total number of security vulnerabilities339