Lucene search

K

108 matches found

CVE
CVE
added 2015/07/20 1:59 a.m.53 views

CVE-2015-1922

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

3.5CVSS6.1AI score0.00227EPSS
CVE
CVE
added 2015/07/20 1:59 a.m.53 views

CVE-2015-1935

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.

8CVSS7.8AI score0.03171EPSS
CVE
CVE
added 2015/07/20 1:59 a.m.52 views

CVE-2015-0157

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

6.8CVSS6.7AI score0.01543EPSS
CVE
CVE
added 2018/03/22 12:29 p.m.52 views

CVE-2018-1428

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

6.2CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2020/02/19 4:15 p.m.52 views

CVE-2020-4200

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

6.5CVSS6.5AI score0.00311EPSS
CVE
CVE
added 2021/03/11 4:15 p.m.52 views

CVE-2020-5024

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

7.5CVSS7.1AI score0.01607EPSS
CVE
CVE
added 2018/03/22 12:29 p.m.51 views

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

5.5CVSS5.6AI score0.00031EPSS
CVE
CVE
added 2017/06/27 4:29 p.m.50 views

CVE-2017-1105

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

7.1CVSS7AI score0.00065EPSS
CVE
CVE
added 2016/10/01 1:59 a.m.49 views

CVE-2016-5995

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.

7.3CVSS7AI score0.0005EPSS
CVE
CVE
added 2014/05/30 11:55 p.m.47 views

CVE-2013-6744

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.

8.5CVSS6.2AI score0.03909EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.47 views

CVE-2017-1451

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.

7.8CVSS7.3AI score0.00059EPSS
CVE
CVE
added 2018/03/22 12:29 p.m.47 views

CVE-2017-1677

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

7.8CVSS7.9AI score0.00167EPSS
CVE
CVE
added 2018/05/25 2:29 p.m.47 views

CVE-2018-1544

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.

8.4CVSS7.7AI score0.00061EPSS
CVE
CVE
added 2014/12/12 4:59 p.m.46 views

CVE-2014-6209

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.

4CVSS6.2AI score0.01597EPSS
CVE
CVE
added 2018/11/09 1:29 a.m.46 views

CVE-2018-1780

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.

7.8CVSS7.2AI score0.00109EPSS
CVE
CVE
added 2016/04/28 1:59 a.m.45 views

CVE-2016-0211

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

4.3CVSS4.4AI score0.01549EPSS
CVE
CVE
added 2017/03/08 7:59 p.m.45 views

CVE-2017-1150

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

3.5CVSS3.9AI score0.00159EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.45 views

CVE-2017-1452

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.

7.8CVSS7.3AI score0.00059EPSS
CVE
CVE
added 2018/07/10 4:29 p.m.45 views

CVE-2018-1487

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

8.4CVSS7.4AI score0.00077EPSS
CVE
CVE
added 2018/09/21 1:29 p.m.45 views

CVE-2018-1685

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

5.5CVSS5.8AI score0.00073EPSS
CVE
CVE
added 2018/11/09 1:29 a.m.45 views

CVE-2018-1802

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640.

8.4CVSS7.4AI score0.00114EPSS
CVE
CVE
added 2019/04/03 2:29 p.m.45 views

CVE-2018-1936

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 153316.

8.4CVSS7.7AI score0.00058EPSS
CVE
CVE
added 2014/11/08 11:55 a.m.44 views

CVE-2014-6159

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

3.5CVSS6.2AI score0.01463EPSS
CVE
CVE
added 2018/05/25 2:29 p.m.44 views

CVE-2018-1452

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.

5.5CVSS5.5AI score0.00066EPSS
CVE
CVE
added 2018/05/25 2:29 p.m.44 views

CVE-2018-1565

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 143022.

8.4CVSS7.7AI score0.00061EPSS
CVE
CVE
added 2018/07/10 4:29 p.m.44 views

CVE-2018-1566

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023.

8.4CVSS7.7AI score0.00083EPSS
CVE
CVE
added 2019/03/11 10:29 p.m.44 views

CVE-2019-4015

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893.

8.4CVSS7.7AI score0.00098EPSS
CVE
CVE
added 2021/03/11 4:15 p.m.44 views

CVE-2020-4976

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

5.1CVSS5.4AI score0.00086EPSS
CVE
CVE
added 2014/09/04 10:55 a.m.43 views

CVE-2014-4805

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.

2.1CVSS5.7AI score0.0005EPSS
CVE
CVE
added 2019/03/11 10:29 p.m.43 views

CVE-2018-1978

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154069.

8.4CVSS7.7AI score0.00077EPSS
CVE
CVE
added 2019/03/11 10:29 p.m.43 views

CVE-2018-1980

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078.

8.4CVSS7.7AI score0.00077EPSS
CVE
CVE
added 2014/09/04 10:55 a.m.42 views

CVE-2014-3094

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.

8.5CVSS7.7AI score0.17886EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.42 views

CVE-2017-1438

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

7.2CVSS6.6AI score0.00072EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.42 views

CVE-2017-1439

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

7.2CVSS6.6AI score0.00072EPSS
CVE
CVE
added 2019/03/11 10:29 p.m.42 views

CVE-2019-4016

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155894.

8.4CVSS7.7AI score0.00098EPSS
CVE
CVE
added 2019/03/21 4:1 p.m.42 views

CVE-2019-4094

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library. IBM X-Force ID: 158014.

8.4CVSS7.3AI score0.00044EPSS
CVE
CVE
added 2014/12/18 4:59 p.m.41 views

CVE-2014-8901

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

4CVSS6.2AI score0.01579EPSS
CVE
CVE
added 2018/01/16 7:29 p.m.41 views

CVE-2016-0215

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a subquery containing the AVG OLAP function on an Oracle compatible database.

6.5CVSS5.9AI score0.00538EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.41 views

CVE-2017-1520

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

4.3CVSS5.6AI score0.00199EPSS
CVE
CVE
added 2018/11/09 1:29 a.m.41 views

CVE-2018-1834

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.

7.8CVSS7.4AI score0.00041EPSS
CVE
CVE
added 2018/11/30 3:29 p.m.41 views

CVE-2018-1897

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462.

8.4CVSS7.7AI score0.00117EPSS
CVE
CVE
added 2019/03/11 10:29 p.m.41 views

CVE-2018-1923

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859.

8.4CVSS7.8AI score0.0014EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.40 views

CVE-2017-1519

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.

5.9CVSS6AI score0.01513EPSS
CVE
CVE
added 2018/05/25 2:29 p.m.40 views

CVE-2018-1451

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140046.

5.5CVSS5.8AI score0.00066EPSS
CVE
CVE
added 2018/07/10 4:29 p.m.40 views

CVE-2018-1458

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

7.8CVSS7.7AI score0.00284EPSS
CVE
CVE
added 2018/05/25 2:29 p.m.40 views

CVE-2018-1515

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.

7.4CVSS7.3AI score0.0005EPSS
CVE
CVE
added 2021/05/26 5:15 p.m.40 views

CVE-2019-4588

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks.

7.8CVSS7.8AI score0.00116EPSS
CVE
CVE
added 2013/10/02 10:35 a.m.39 views

CVE-2013-4032

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.

5CVSS6.7AI score0.00653EPSS
CVE
CVE
added 2018/09/21 1:29 p.m.39 views

CVE-2018-1711

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369.

8.4CVSS7.5AI score0.00087EPSS
CVE
CVE
added 2018/11/09 1:29 a.m.39 views

CVE-2018-1781

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804.

8.4CVSS7.2AI score0.00044EPSS
Total number of security vulnerabilities108