17 matches found
CVE-2013-3475
CVE-2013-3475 is a local privilege-escalation flaw in the DB2 Audit Facility. The issue affects IBM DB2/DB2 Connect versions 9.1, 9.5, 9.7, 9.8, and 10.1 deployed with IBM Smart Analytics System and related products (e.g., InfoSphere Balanced Warehouse, Balanced Warehouse on C3000/C4000, D5100, a...
CVE-2013-4033
CVE-2013-4033 affects IBM DB2 and DB2 Connect (versions 9.7 FP8, 9.8 FP5, 10.1 FP2, 10.5 FP1). An authenticated user with EXPLAIN authority can temporarily gain SELECT/INSERT/UPDATE/DELETE on a table without DATAACCESS authority, by exploiting EXPLAIN-related privileges. IBM security notices list...
CVE-2013-6717
Summary of CVE-2013-6717 : The IBM DB2 OLAP query engine (affecting DB2 9.7 FP9, 9.8 FP3a/FP4, 10.1 FP3, 10.5 FP2/FP3, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition) contains a vulnerability that could allow a remote, authenticated user to cause a denial of service by terminatin...
CVE-2013-5466
CVE-2013-5466 affects IBM DB2/DB2 Connect XSLT library, enabling a remote authenticated user to cause a denial of service via unspecified vectors. Affected versions include DB2/DB2 Connect 9.5–10.5 and DB2 pureScale Feature 9.8 for Enterprise Server Edition. Remediation is available: fixes exist ...
CVE-2017-1297
CVE-2017-1297 affects IBM DB2 for Linux/UNIX/Windows (including DB2 Connect Server). The vulnerability is a stack-based buffer overflow caused by improper bounds checking in the CLP path, which could allow a local attacker to execute arbitrary code. In affected IBM DB2 LUW releases (notably 9.2/1...
CVE-2012-3324
IBM DB2 on Windows (DB2 10.1 and DB2 Connect 10.1) is affected by a directory traversal vulnerability in the UTL_FILE module. The issue arises from how file names are processed, allowing a remote authenticated user to view, modify, or delete arbitrary files outside the intended directory via a cr...
CVE-2017-1105
IBM DB2 LUW (on Linux/UNIX/Windows, including DB2 Connect Server) is affected by a local buffer overflow (CVE-2017-1105) across multiple tracked releases (9.2, 10.1, 10.5, 11.1). The issue could allow a local user to overwrite DB2 files or cause a denial of service; impact is described as affecte...
CVE-2017-1434
CVE-2017-1434 (IBM DB2 LUW/DB2 Connect Server) allows a local user to view highly sensitive information in the error log under certain conditions. IBM notes exposure occurs when upgrading Db2 to v11.x fails, writing the connection string in clear to db2diag.log; affected versions include DB2 LUW ...
CVE-2017-1451
IBM DB2 LUW 9.7, 10.1, 10.5, and 11.1 (including DB2 Connect Server) are affected by CVE-2017-1451. A local user with DB2 instance owner privileges could obtain root access due to a privilege-escalation flaw. Affected IBM products include DB2 LUW on Linux/Unix/Windows; several IBM security bullet...
CVE-2016-5995
CVE-2016-5995 affects IBM DB2: Untrusted search path allow local privilege escalation via a Trojan horse library loaded by setuid/setgid binaries. Affected DB2 releases on Linux/AIX/HP-UX include 9.7 FP11, 10.1 FP5, 10.5 before FP8, and 11.1 GA. IBM remediation varies by release (e.g., 9.7 FP11 s...
CVE-2016-0211
CVE-2016-0211 affects IBM DB2 LUW: remote authenticated users can crash the DB2 server by sending a crafted DRDA message. Impact is a denial of service. Affected products/versions include IBM DB2 LUW on Linux/UNIX/Windows (e.g., DB2 9.7 up to FP11, 9.8, 10.1 up to FP5, 10.5 up to FP7). IBM and re...
CVE-2017-1452
CVE-2017-1452 affects IBM DB2 LUW (Linux/UNIX/Windows) including DB2 Connect Server and allows a local user to escalate privileges and overwrite DB2 files. Affected: DB2 9.7, 10.1, 10.5, 11.1; Windows is noted as not vulnerable in one bulletin. Base score ~6.7 (CVSS v3.0) with local, high-impact ...
CVE-2017-1439
CVE-2017-1439 affects IBM DB2 LUW (DB2 Connect Server) across 9.7, 10.1, 10.5, and 11.1. Description: a local user with DB2 instance owner privileges could obtain root access. Connected IBM advisories confirm vulnerability presence and provide remediation paths: apply fix packs/fixes for each rel...
CVE-2014-6210
CVE-2014-6210 affects IBM DB2 LUW products (e.g., DB2 9.7, 9.8, 10.1, 10.5) where a remote, authenticated user can crash the DB2 server by issuing multiple ALTER TABLE statements on the same column. Root cause: vulnerability in processing ALTER TABLE on identity/specified columns that leads to ab...
CVE-2017-1520
CVE-2017-1520 affects IBM Db2 9.7, 10.1, 10.5, and 11.1. A local/remote issue allows an unauthorized command to activate the database when authentication type is CLIENT. CVSS v3 base score is 3.7 (low); vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N. IBM bulletins document multiple fix-pack remediat...
CVE-2017-1438
CVE-2017-1438 is an IBM DB2 LUW local privilege-escalation vulnerability. Reports indicate a local user with DB2 instance owner privileges could obtain root access on DB2 LUW servers (versions 9.7, 10.1, 10.5, 11.1; includes DB2 Connect Server). Public details describe the underlying issue as a p...
CVE-2017-1519
This CVE-2017-1519 affects IBM DB2 10.5 and 11.1 (including DB2 Connect Server). It is a denial-of-service vulnerability where a remote attacker can disrupt service given a specific configuration. IBM security bulletins specify remediations: apply DB2 fixes FP9 for V10.5 (10.5 FP9) and FP2 for V1...