Db2 Security Vulnerabilities and Issues — Db2 CVE List

Lucene search

IbmDb2

5 matches found

CVE•added 2009/06/03 9:0 p.m.•51 views

CVE-2009-1905

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

2.6CVSS9.3AI score0.00499EPSS

CVE•added 2010/10/05 6:0 p.m.•45 views

CVE-2010-3735

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.

2.1CVSS6.1AI score0.00406EPSS

CVE•added 2005/06/29 4:0 a.m.•44 views

CVE-2005-2073

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.

2.1CVSS6.5AI score0.00056EPSS

CVE•added 2014/09/04 10:55 a.m.•42 views

CVE-2014-4805

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.

2.1CVSS5.7AI score0.0005EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4869

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

2.1CVSS6.6AI score0.00164EPSS