Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
IbmDb211.1

79 matches found

CVE
CVEadded 2023/02/17 5:15 p.m.142 views

CVE-2022-43929

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

7.5CVSS5.9AI score0.00037EPSS
CVE
CVEadded 2023/02/17 5:15 p.m.133 views

CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

7.5CVSS6.3AI score0.00053EPSS
CVE
CVEadded 2022/06/24 5:15 p.m.128 views

CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

7.5CVSS7AI score0.00076EPSS
CVE
CVEadded 2024/12/19 2:15 a.m.126 views

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

6.5CVSS5AI score0.0005EPSS
CVE
CVEadded 2022/06/24 5:15 p.m.115 views

CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

6.5CVSS6.4AI score0.00118EPSS
CVE
CVEadded 2023/02/17 6:15 p.m.111 views

CVE-2022-43930

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.

7.5CVSS6.3AI score0.00037EPSS
CVE
CVEadded 2024/01/07 7:15 p.m.99 views

CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

8.4CVSS7.3AI score0.00015EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.86 views

CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

6.5CVSS6.8AI score0.00355EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.85 views

CVE-2024-27254

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

6.5CVSS5.2AI score0.0005EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.80 views

CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

7.5CVSS7.2AI score0.00642EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.79 views

CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

6.5CVSS6.5AI score0.00414EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.77 views

CVE-2021-29678

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. IBM X-Force ID: 199914.

8.7CVSS8AI score0.00097EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.77 views

CVE-2024-25030

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

6.2CVSS5.4AI score0.00018EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.73 views

CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

6.7CVSS6.8AI score0.00087EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.72 views

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

6.5CVSS6.5AI score0.00092EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.71 views

CVE-2018-1426

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

9.1CVSS6.7AI score0.00713EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.71 views

CVE-2024-25046

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

6.5CVSS5AI score0.00074EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.70 views

CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

6.8CVSS6.5AI score0.0006EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.69 views

CVE-2021-38926

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 210321.

5.5CVSS6.5AI score0.00048EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.69 views

CVE-2021-39002

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5CVSS7.7AI score0.00053EPSS
CVE
CVEadded 2017/06/27 4:29 p.m.67 views

CVE-2017-1297

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.

7.3CVSS7.3AI score0.00266EPSS
CVE
CVEadded 2020/12/23 5:15 p.m.67 views

CVE-2020-4642

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

6.2CVSS5.4AI score0.00056EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.65 views

CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

7.5CVSS7.4AI score0.00073EPSS
CVE
CVEadded 2019/04/03 2:29 p.m.63 views

CVE-2019-4014

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 155892.

8.4CVSS7.6AI score0.00149EPSS
CVE
CVEadded 2019/07/01 3:15 p.m.63 views

CVE-2019-4322

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202.

8.4CVSS7.6AI score0.00098EPSS
CVE
CVEadded 2023/12/04 1:15 a.m.61 views

CVE-2023-38003

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

7.2CVSS6.8AI score0.00042EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.60 views

CVE-2018-1427

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.

6.2CVSS6.7AI score0.00067EPSS
CVE
CVEadded 2022/09/13 9:15 p.m.60 views

CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

6.5CVSS6.5AI score0.00106EPSS
CVE
CVEadded 2020/11/19 4:15 p.m.59 views

CVE-2020-4701

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

8.4CVSS7.9AI score0.0007EPSS
CVE
CVEadded 2024/06/12 7:15 p.m.59 views

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

6.5CVSS5.6AI score0.00091EPSS
CVE
CVEadded 2024/11/23 3:15 a.m.59 views

CVE-2024-41761

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

5.3CVSS5.2AI score0.00096EPSS
CVE
CVEadded 2022/09/13 9:15 p.m.58 views

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

6.5CVSS6.3AI score0.0008EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.57 views

CVE-2020-4135

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

7.5CVSS7.2AI score0.00908EPSS
CVE
CVEadded 2024/06/12 7:15 p.m.56 views

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

6.5CVSS6.2AI score0.00096EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.55 views

CVE-2018-1448

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.

7.7CVSS6.8AI score0.00047EPSS
CVE
CVEadded 2024/06/12 6:15 p.m.55 views

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

6.5CVSS5.3AI score0.00064EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.54 views

CVE-2020-4204

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960.

8.4CVSS7.8AI score0.00111EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.52 views

CVE-2018-1428

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

6.2CVSS6.8AI score0.00031EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.52 views

CVE-2020-4200

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

6.5CVSS6.5AI score0.00311EPSS
CVE
CVEadded 2023/07/10 4:15 p.m.52 views

CVE-2023-23487

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

4.3CVSS4.3AI score0.00037EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.51 views

CVE-2017-1571

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

5.5CVSS5.6AI score0.00031EPSS
CVE
CVEadded 2017/06/27 4:29 p.m.50 views

CVE-2017-1105

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

7.1CVSS7AI score0.00065EPSS
CVE
CVEadded 2021/09/16 4:15 p.m.49 views

CVE-2021-29763

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

5.1CVSS5.6AI score0.00056EPSS
CVE
CVEadded 2021/09/16 4:15 p.m.49 views

CVE-2021-29825

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

7.5CVSS7.1AI score0.00299EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.47 views

CVE-2017-1677

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

7.8CVSS7.9AI score0.00167EPSS
CVE
CVEadded 2018/05/25 2:29 p.m.47 views

CVE-2018-1544

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 142648.

8.4CVSS7.7AI score0.00061EPSS
CVE
CVEadded 2018/11/09 1:29 a.m.46 views

CVE-2018-1780

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803.

7.8CVSS7.2AI score0.00109EPSS
CVE
CVEadded 2017/03/08 7:59 p.m.45 views

CVE-2017-1150

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

3.5CVSS3.9AI score0.00159EPSS
CVE
CVEadded 2018/07/10 4:29 p.m.45 views

CVE-2018-1487

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972.

8.4CVSS7.4AI score0.00077EPSS
CVE
CVEadded 2018/09/21 1:29 p.m.45 views

CVE-2018-1685

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.

5.5CVSS5.8AI score0.00073EPSS
Total number of security vulnerabilities79