Lucene search

K

70 matches found

CVE
CVE
added 2023/12/04 1:15 a.m.52 views

CVE-2023-46167

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

7.5CVSS6.3AI score0.00057EPSS
CVE
CVE
added 2008/10/22 6:0 p.m.51 views

CVE-2008-4693

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

5CVSS9AI score0.00477EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.51 views

CVE-2009-1905

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

2.6CVSS9.3AI score0.00499EPSS
CVE
CVE
added 2008/09/11 1:13 a.m.50 views

CVE-2008-3958

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-39...

7.5CVSS9AI score0.01342EPSS
CVE
CVE
added 2008/10/22 6:0 p.m.50 views

CVE-2008-4691

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

5CVSS8.9AI score0.005EPSS
CVE
CVE
added 2009/08/19 5:30 p.m.50 views

CVE-2009-2859

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

4.6CVSS8.9AI score0.00072EPSS
CVE
CVE
added 2010/04/27 3:30 p.m.50 views

CVE-2010-1560

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

4CVSS8.4AI score0.13602EPSS
CVE
CVE
added 2011/11/09 11:55 p.m.48 views

CVE-2011-1373

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

1.5CVSS8.1AI score0.00055EPSS
CVE
CVE
added 2009/04/03 6:30 p.m.47 views

CVE-2009-1239

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

5CVSS8.6AI score0.00301EPSS
CVE
CVE
added 2008/10/22 6:0 p.m.46 views

CVE-2008-4692

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

10CVSS9.3AI score0.01487EPSS
CVE
CVE
added 2023/12/04 2:15 a.m.45 views

CVE-2023-29258

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

7.5CVSS6AI score0.00051EPSS
CVE
CVE
added 2021/03/11 4:15 p.m.44 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

5.1CVSS5.4AI score0.00086EPSS
CVE
CVE
added 2007/10/23 9:47 p.m.42 views

CVE-2007-5652

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is ...

7.8CVSS9.2AI score0.00792EPSS
CVE
CVE
added 2008/09/11 1:13 a.m.42 views

CVE-2008-3959

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

5CVSS8.9AI score0.00885EPSS
CVE
CVE
added 2011/05/03 8:55 p.m.42 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE...

6.5CVSS8.9AI score0.01326EPSS
CVE
CVE
added 2021/06/16 5:15 p.m.42 views

CVE-2021-29702

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

7.5CVSS7.2AI score0.00755EPSS
CVE
CVE
added 2025/07/29 7:15 p.m.4 views

CVE-2025-33092

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

7.8CVSS7.5AI score0.00015EPSS
CVE
CVE
added 2025/07/29 7:15 p.m.3 views

CVE-2024-49828

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

6.5CVSS6.9AI score0.00044EPSS
CVE
CVE
added 2025/07/29 7:15 p.m.3 views

CVE-2024-51473

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

6.5CVSS6.9AI score0.00044EPSS
CVE
CVE
added 2025/07/29 7:15 p.m.3 views

CVE-2024-52894

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

4.9CVSS6.9AI score0.00048EPSS
Total number of security vulnerabilities70