Db2 Security Vulnerabilities and Issues — Db2 CVE List

Lucene search

IbmDb2

8 matches found

CVE•added 2012/08/24 10:36 a.m.•303 views

CVE-2012-0713

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.

3.5CVSS6AI score0.0014EPSS

CVE•added 2014/09/04 10:55 a.m.•53 views

CVE-2014-3095

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.

3.5CVSS6.8AI score0.01686EPSS

CVE•added 2015/07/20 1:59 a.m.•53 views

CVE-2015-1922

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors.

3.5CVSS6.1AI score0.00227EPSS

CVE•added 2010/08/31 10:0 p.m.•47 views

CVE-2010-3196

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

3.5CVSS6.2AI score0.0038EPSS

CVE•added 2017/03/08 7:59 p.m.•45 views

CVE-2017-1150

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

3.5CVSS3.9AI score0.00159EPSS

CVE•added 2010/10/05 6:0 p.m.•44 views

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database se...

3.5CVSS6.2AI score0.0038EPSS

CVE•added 2014/11/08 11:55 a.m.•44 views

CVE-2014-6159

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

3.5CVSS6.2AI score0.01463EPSS

CVE•added 2010/10/05 6:0 p.m.•39 views

CVE-2010-3732

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.

3.5CVSS6.3AI score0.0038EPSS