Db2@* Security Vulnerabilities and Issues — Page 2 of Db2@* CVE List

Lucene search

IbmDb2*

75 matches found

CVE•added 2011/02/02 11:0 p.m.•53 views

CVE-2011-0757

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

6.5CVSS8.9AI score0.01049EPSS

CVE•added 2011/05/03 8:55 p.m.•53 views

CVE-2011-1847

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third p...

4.9CVSS8.8AI score0.01241EPSS

CVE•added 2021/03/11 4:15 p.m.•52 views

CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

7.5CVSS7.1AI score0.01607EPSS

CVE•added 2023/12/04 1:15 a.m.•52 views

CVE-2023-46167

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367.

7.5CVSS6.3AI score0.00057EPSS

CVE•added 2008/10/22 6:0 p.m.•51 views

CVE-2008-4693

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."

5CVSS9AI score0.00477EPSS

CVE•added 2009/06/03 9:0 p.m.•51 views

CVE-2009-1905

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

2.6CVSS9.3AI score0.00499EPSS

CVE•added 2009/08/19 5:30 p.m.•51 views

CVE-2009-2859

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

4.6CVSS8.9AI score0.00072EPSS

CVE•added 2025/05/05 5:18 p.m.•51 views

CVE-2025-1992

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

6.5CVSS6AI score0.00062EPSS

CVE•added 2008/09/11 1:13 a.m.•50 views

CVE-2008-3958

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-39...

7.5CVSS9AI score0.01342EPSS

CVE•added 2008/10/22 6:0 p.m.•50 views

CVE-2008-4691

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.

5CVSS8.9AI score0.005EPSS

CVE•added 2010/04/27 3:30 p.m.•50 views

CVE-2010-1560

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

4CVSS8.4AI score0.13602EPSS

CVE•added 2011/11/09 11:55 p.m.•48 views

CVE-2011-1373

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

1.5CVSS8.1AI score0.00055EPSS

CVE•added 2009/04/03 6:30 p.m.•47 views

CVE-2009-1239

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

5CVSS8.6AI score0.00301EPSS

CVE•added 2008/10/22 6:0 p.m.•46 views

CVE-2008-4692

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.

10CVSS9.3AI score0.01487EPSS

CVE•added 2023/12/04 2:15 a.m.•45 views

CVE-2023-29258

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048.

7.5CVSS6AI score0.00051EPSS

CVE•added 2021/03/11 4:15 p.m.•44 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

5.1CVSS5.4AI score0.00086EPSS

CVE•added 2007/10/23 9:47 p.m.•42 views

CVE-2007-5652

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is ...

7.8CVSS9.2AI score0.00792EPSS

CVE•added 2008/09/11 1:13 a.m.•42 views

CVE-2008-3959

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

5CVSS8.9AI score0.00885EPSS

CVE•added 2011/05/03 8:55 p.m.•42 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE...

6.5CVSS8.9AI score0.01326EPSS

CVE•added 2021/06/16 5:15 p.m.•42 views

CVE-2021-29702

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

7.5CVSS7.2AI score0.00755EPSS

CVE•added 2025/07/29 7:15 p.m.•11 views

CVE-2024-52894

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

4.9CVSS6.9AI score0.00051EPSS

CVE•added 2025/07/29 7:15 p.m.•9 views

CVE-2024-49828

7.5CVSS6.9AI score0.00047EPSS

CVE•added 2025/07/29 7:15 p.m.•9 views

CVE-2024-51473

7.5CVSS6.9AI score0.00047EPSS

CVE•added 2025/07/29 7:15 p.m.•9 views

CVE-2025-33092

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.

7.8CVSS7.5AI score0.00015EPSS

CVE•added 2025/07/29 7:15 p.m.•8 views

CVE-2025-36071

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.

7.5CVSS6.4AI score0.00047EPSS

Total number of security vulnerabilities75