339 matches found
CVE-2013-3475
CVE-2013-3475 is a local privilege-escalation flaw in the DB2 Audit Facility. The issue affects IBM DB2/DB2 Connect versions 9.1, 9.5, 9.7, 9.8, and 10.1 deployed with IBM Smart Analytics System and related products (e.g., InfoSphere Balanced Warehouse, Balanced Warehouse on C3000/C4000, D5100, a...
CVE-2012-0711
CVE-2012-0711 is a remote code execution/privilege-escalation vulnerability in the DB2 Administration Server (DAS) of IBM DB2. The issue is a heap-based buffer overflow caused by an integer signedness error in the db2dasrrm process and affects UNIX platforms on: DB2 9.1 GA through FP11, DB2 9.5 G...
CVE-2012-0709
IBM DB2 for Linux, UNIX and Windows is affected by CVE-2012-0709. A remote authenticated user can bypass viewing restrictions on table data by exploiting CREATEIN privileges to execute crafted CREATE VARIABLE statements. Affected: DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4. Root cau...
CVE-2014-0919
CVE-2014-0919 affects IBM DB2 9.5–10.5 on Linux/UNIX/Windows, where passwords may be exposed during processing of certain SQL statements by the monitoring/audit facilities, exploitable by remote authenticated users. The issue is an information-disclosure vulnerability in the DB2 LUW monitoring/au...
CVE-2013-4033
CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...
CVE-2012-2180
CVE-2012-2180 concerns IBM DB2 DRDA chaining, where a crafted DRDA request can trigger a denial of service. The vulnerability exists in the DRDA module handling DRDA chaining on DB2 9.7 (GA through FP5) and 9.8 (GA through FP4/FP5 as per bulletin) and can cause a NULL pointer dereference, leading...
CVE-2011-4061
CVE-2011-4061 affects IBM DB2 9.7 (and 9.5) when ITMA (Tivoli Monitoring Agent) is bundled with DB2 on UNIX/Linux platforms. The vulnerability arises from insecure DT_RPATH-based loading of libkbb.so via the SUID-root binary kbbacf1 in the ITMA component, allowing a local user to escalate privile...
CVE-2012-0713
The CVE-2012-0713 entry concerns IBM DB2 XML Feature information disclosure. IBM’s advisory states that IBM DB2 products (DB2 9.7, including Express/Workgroup/Enterprise editions, and DB2 Connect variants, plus affected 9.8/9.5 lines) can be exploited remotely by a user with valid credentials who...
CVE-2012-2197
CVE-2012-2197 affects IBM DB2 Java Stored Procedure infrastructure across multiple DB2 releases (9.1 before FP12, 9.5–FP9, 9.7–FP6, 9.8–FP5, 10.1). The vulnerability is a stack-based buffer overflow that could allow remote authenticated execution of arbitrary code by exploiting CONNECT and EXECUT...
CVE-2013-6717
Summary of CVE-2013-6717 : The IBM DB2 OLAP query engine (affecting DB2 9.7 FP9, 9.8 FP3a/FP4, 10.1 FP3, 10.5 FP2/FP3, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition) contains a vulnerability that could allow a remote, authenticated user to cause a denial of service by terminatin...
CVE-2012-2196
CVE-2012-2196 affects IBM DB2 LUW 9.1 (before FP12), 9.5 (through FP9), 9.7 (through FP6), 9.8 (through FP5), and 10.1 (through FP1). Affected routines GET_WRAP_CFG_C and GET_WRAP_CFG_C2 allow an authenticated user, without proper authority, to read XML files accessible to the DB2 fenced ID. Impa...
CVE-2012-0712
CVE-2012-0712 affects IBM DB2 XML Feature in DB2 9.5 (before FP9), 9.7 (through FP5), and 9.8 (through FP4). The flaw allows a remote authenticated user to cause a denial of service (infinite loop) by invoking XMLPARSE with a crafted string expression. IBM’s bulletin notes the vulnerability requi...
CVE-2012-4826
CVE-2012-4826 is a DB2 SQL/PSM Stored Procedure debugging buffer‑overflow vulnerability. IBM's advisory details a stack‑based overflow in the SQL/PSM debugging infrastructure that could be triggered by an authenticated user with appropriate privileges, potentially enabling remote code execution. ...
CVE-2012-2194
CVE-2012-2194 : IBM DB2 stores vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure on Windows. Affected: DB2 9.1 (pre FP12), 9.5 (pre FP9), 9.7 (pre FP6), 9.8 (pre FP5), 10.1. Description: directory traversal allows a remote attacker with valid DB2 credentials to overwrite JAR files by cal...
CVE-2013-5466
CVE-2013-5466 affects IBM DB2/DB2 Connect XSLT library, enabling a remote authenticated user to cause a denial of service via unspecified vectors. Affected versions include DB2/DB2 Connect 9.5–10.5 and DB2 pureScale Feature 9.8 for Enterprise Server Edition. Remediation is available: fixes exist ...
CVE-2022-43929
CVE-2022-43929 affects IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5. The vulnerability allows a Denial of Service when processing a specially crafted Load command. Public IBM/Red Hat bulletins corroborate the issue and outline remediation paths. Connected documents indicate the issue is addr...
CVE-2023-30431
CVE-2023-30431 – IBM Db2 buffer overflow Affected products: IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) at versions 10.5, 11.1, and 11.5. Issue: db2set is vulnerable to a buffer overflow caused by improper bounds checking, enabling a local attacker to overflow a buffer and exec...
CVE-2023-27559
CVE-2023-27559 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1 and 11.5. A denial of service may occur when a specially crafted subquery is used, potentially crashing the server. IBM advisories reference multiple remediation paths: upgrade to fixed DB2 releases (...
CVE-2022-43927
CVE-2022-43927 affects IBM Db2 for Linux, UNIX and Windows running on Cloud Pak for Data environments. The vulnerability is an information disclosure caused by improper privilege management when a specially crafted table access is used. Affected versions include Db2 on Linux/UNIX/Windows 10.5, 11...
CVE-2022-22390
CVE-2022-22390 affects IBM Db2 for Linux, UNIX and Windows (versions 9.7, 10.1, 10.5, 11.1, 11.5). The issue is an information disclosure caused by improper privilege management when a table function is used, allowing an authenticated user to access restricted data. The IBM security bulletins ind...
CVE-2023-30442
Summary of CVE-2023-30442 (IBM Db2 federated server DoS) : The vulnerability affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.1 and 11.5 federated server. A specially crafted wrapper using certain options can cause a denial of service, potentially crashing the server....
CVE-2023-30443
CVE-2023-30443 affects IBM Db2 for Linux/ UNIX/ Windows (incl. Db2 Connect Server) on 10.5, 11.1, and 11.5, with denial of service caused by a specially crafted query. Connected sources consistently describe multiple variants of the same vulnerability across IBM Db2 components and related Cloud P...
CVE-2023-27558
CVE-2023-27558 affects IBM Db2 on Windows (10.5, 11.1, 11.5) with a privilege-escalation path via an unquoted service path. A local attacker could insert an executable in the service path to gain SYSTEM/elevated privileges. IBM X-Force ID: 249194. The vulnerability details and related entries exi...
CVE-2022-22389
CVE-2022-22389 affects IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5, where an authenticated user can trigger a denial of service by executing specially crafted SQL statements. The connected IBM bulletins confirm this specific DoS impact and tie it to Db2 components...
CVE-2026-10109
CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...
CVE-2022-43930
CVE-2022-43930 concerns IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 where an Information Disclosure could cause sensitive data to appear in a log file (IBM X-Force ID 241677). Affected platforms include Db2 on Linux/UNIX/Windows; root cause is not explicitly detailed in the provided ...
CVE-2023-47145
CVE-2023-47145 affects IBM Db2 family (Windows including Db2 Connect Server) where a local user can escalate privileges to SYSTEM via the MSI repair functionality.根本原因: MSI repair handling allows a local user to gain SYSTEM-level access. 受影响版本/范围: Db2 on Windows and Db2 Connect Server across 10.5...
CVE-2023-50308
CVE-2023-50308 affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) 11.5. Under certain conditions, an authenticated user issuing a statement on columnar tables could cause a denial of service. The vulnerability is documented across IBM/Red Hat/IBM X-Force sources and is ass...
CVE-2023-30991
CVE-2023-30991 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.1 and 11.5. It is a denial-of-service vulnerability triggered by a specially crafted query, potentially impacting availability. The issue is confirmed in IBM product bulletins; remediation requir...
CVE-2023-47158
CVE-2023-47158 : IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service via a specially crafted query. IBM X-Force ID: 270750. CVSS v3.1 base scores quoted as MEDIUM with availabi...
CVE-2024-31880
CVE-2024-31880 : IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to DoS under certain configurations when authenticated users send a crafted SQL statement, potentially crashing the server. Connected IBM bulletins/CPD advisories tie this set to IBM Db2...
CVE-2023-26021
CVE-2023-26021 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) at versions 11.1 and 11.5, where a specially crafted SQL query using a LIMIT clause can cause the server to crash (denial of service). The issue’s root cause is not fully described in the provided text, but ...
CVE-2021-29703
CVE-2021-29703 affects IBM Db2 LUW (Linux/UNIX/Windows) and Db2 Connect Server. The issue allows a denial of service because the server can terminate abnormally when executing a specially crafted SELECT statement. IBM security bulletins document the vulnerability and provide fixes; remediation is...
CVE-2021-20579
CVE-2021-20579 affects IBM Db2 for Linux, UNIX and Windows (Db2 LUW) and Db2 Connect Server, across versions 9.7, 10.1, 10.5, 11.1, and 11.5. The vulnerability arises when a user who can create a view or inline SQL function can expose sensitive information if AUTO_REVAL is set to DEFFERED_FORCE. ...
CVE-2023-47746
CVE-2023-47746 affects IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) across versions 10.5, 11.1 and 11.5. An authenticated user with CONNECT privileges could cause a denial of service via a specially crafted query. Remediation: upgrade to Db2 Warehouse/Db2 version 11.5.9.0 or late...
CVE-2023-25930
CVE-2023-25930 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) version 10.1, 11.1, and 11.5. The issue causes a denial of service under rare conditions when a special register is set, potentially terminating the Db2 server abnormally. The available connected doc details...
CVE-2023-30987
CVE-2023-30987 : IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 10.5, 11.1, and 11.5 are vulnerable to denial of service via a specially crafted query on certain databases. Root cause: improper input handling in the affected Db2 components can be triggered by crafted ...
CVE-2023-29257
CVE-2023-29257 affects IBM Db2 on Linux/UNIX/Windows (including Db2 Connect) across 10.5, 11.1 and 11.5. Description: remote code execution where a DBA of one database may execute code or read/write files in another database within the same instance. CVSS base score 7.2 (HIGH). Remediation: upgra...
CVE-2019-4057
CVE-2019-4057 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server) on versions 9.7, 10.1, 10.5, and 11.1. A local attacker with access to the DB2 instance account can leverage a fenced execution process to execute arbitrary code as root. Multiple IBM security bulletins document t...
CVE-2024-27254
CVE-2024-27254 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (versions in the 3.0/4.x line as listed in the remediation table) with a denial-of-service condition from a specially crafted query. The connected Red Hat entry confirms the vulnerability details and scop...
CVE-2023-47747
CVE-2023-47747 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 10.1, 10.5, and 11.1. An authenticated user with CONNECT privileges can cause a denial of service by issuing a specially crafted query. The available documents describe the impact as DoS with a craf...
CVE-2023-38728
CVE-2023-38728 affects IBM Db2 for Linux, UNIX and Windows (incl. Db2 Connect Server) 10.5, 11.1, 11.5. Description: denial of service via a specially crafted XML query statement. Classified with a base CVSS about MEDIUM–HIGH depending on vector, and IBM X-Force ID 262258. Connected sources indic...
CVE-2023-38719
CVE-2023-38719 affects IBM Db2 11.5 with local access privileges; a local user can cause a denial of service during database deactivation on DPF. Remediation: upgrade to Db2 11.5.9 (or later) per IBM security bulletins.
CVE-2023-38720
CVE-2023-38720 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.5 (and 11.5) and Denial of Service via a specially crafted ALTER TABLE statement. The IBM security bulletins indicate the issue can lead to a DoS with basic authentication and network access, with CVSS v3...
CVE-2020-4230
CVE-2020-4230 affects IBM DB2 for Linux/UNIX/Windows (DB2 Connect Server) 11.1 and 11.5. An authenticated local attacker with special permissions can escalate privileges by executing specially crafted Db2 commands. IBM bulletins provide fixes via release-specific fix packs (e.g., DB2 11.1 FP6 and...
CVE-2020-4739
CVE-2020-4739 is a DLL search order hijacking vulnerability in IBM Db2 on Windows client components. The CVE affects IBM Db2 for Linux, UNIX and Windows (including DB2 Connect Server) across multiple releases (9.7, 10.1, 10.5, 11.1, 11.5) and requires a local authenticated user to place a crafted...
CVE-2021-29777
IBM Db2 LUW (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, 11.5 is affected by CVE-2021-29777 among related CVEs. Under very specific conditions — when a table is dropped while it is being accessed in another session — an authenticated user could cause a denial of service. Related entries (...
CVE-2024-25030
CVE-2024-25030 affects IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data (v3.5–refresh 10, v4.0–refresh 9, v4.5–refresh 3, v4.6–refresh 6, v4.7–refresh 4, v4.8–refresh 4). The issue is that 11.1 releases store potentially sensitive information in log files readable by a local ...
CVE-2023-38729
CVE-2023-38729 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) across multiple releases. The vulnerability enables sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. Affected versions include Db2 10.5, 11.1, and 11.5; exploitation details are t...
CVE-2023-40374
CVE-2023-40374 affects IBM Db2 for Linux, UNIX and Windows (Db2 Connect Server) 11.5. It is a denial-of-service vulnerability triggered by a specially crafted query statement. Root cause: the connected documents describe a DoS condition without giving exploit specifics beyond the crafted query. A...