Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
IbmDb2

56 matches found

CVE
CVEadded 2011/10/18 1:55 a.m.306 views

CVE-2011-4061

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH E...

6.9CVSS6.6AI score0.00132EPSS
CVE
CVEadded 2024/12/19 2:15 a.m.126 views

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

6.5CVSS5AI score0.00044EPSS
CVE
CVEadded 2022/06/24 5:15 p.m.115 views

CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

6.5CVSS6.4AI score0.00118EPSS
CVE
CVEadded 2024/01/22 8:15 p.m.96 views

CVE-2023-47158

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

6.5CVSS6.1AI score0.00036EPSS
CVE
CVEadded 2024/10/23 2:15 a.m.93 views

CVE-2024-31880

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

6.5CVSS5.6AI score0.00172EPSS
CVE
CVEadded 2024/01/22 7:15 p.m.91 views

CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

6.5CVSS6.2AI score0.00035EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.86 views

CVE-2021-20579

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283.

6.5CVSS6.8AI score0.00355EPSS
CVE
CVEadded 2024/01/22 7:15 p.m.84 views

CVE-2023-47746

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

6.5CVSS6.2AI score0.00043EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.84 views

CVE-2024-27254

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

6.5CVSS5.2AI score0.0005EPSS
CVE
CVEadded 2024/01/22 8:15 p.m.83 views

CVE-2023-47747

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

6.5CVSS6.2AI score0.00037EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.79 views

CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

6.5CVSS6.5AI score0.00414EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.76 views

CVE-2024-25030

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

6.2CVSS5.4AI score0.00018EPSS
CVE
CVEadded 2023/07/17 1:15 a.m.75 views

CVE-2023-35012

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-For...

6.7CVSS6.8AI score0.00013EPSS
CVE
CVEadded 2024/01/22 9:15 p.m.75 views

CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

6.5CVSS6.2AI score0.00036EPSS
CVE
CVEadded 2019/07/01 3:15 p.m.73 views

CVE-2019-4386

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714.

6.5CVSS6.6AI score0.00326EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.73 views

CVE-2020-4230

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

6.7CVSS6.8AI score0.00087EPSS
CVE
CVEadded 2021/12/09 5:15 p.m.72 views

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418.

6.5CVSS6.5AI score0.00092EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.70 views

CVE-2024-25046

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

6.5CVSS5AI score0.00074EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.69 views

CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

6.8CVSS6.5AI score0.0006EPSS
CVE
CVEadded 2024/04/03 1:16 p.m.68 views

CVE-2024-22360

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

6.5CVSS5.1AI score0.00074EPSS
CVE
CVEadded 2020/12/23 5:15 p.m.67 views

CVE-2020-4642

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service".

6.2CVSS5.4AI score0.00056EPSS
CVE
CVEadded 2021/06/24 7:15 p.m.66 views

CVE-2020-4885

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.

6.2CVSS5.6AI score0.00153EPSS
CVE
CVEadded 2024/01/22 8:15 p.m.65 views

CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 24...

6.5CVSS6.7AI score0.00106EPSS
CVE
CVEadded 2024/12/07 2:15 p.m.63 views

CVE-2024-41762

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

6.5CVSS5.3AI score0.00059EPSS
CVE
CVEadded 2024/08/14 6:15 p.m.62 views

CVE-2024-35136

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

6.5CVSS5.8AI score0.00209EPSS
CVE
CVEadded 2019/07/01 3:15 p.m.61 views

CVE-2019-4101

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091.

6.2CVSS6AI score0.00059EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.60 views

CVE-2018-1427

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local attacker could overflow and cause a denial of service. IBM X-Force ID: 139072.

6.2CVSS6.7AI score0.00067EPSS
CVE
CVEadded 2022/09/13 9:15 p.m.60 views

CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

6.5CVSS6.5AI score0.00106EPSS
CVE
CVEadded 2024/06/12 7:15 p.m.59 views

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

6.5CVSS5.6AI score0.00091EPSS
CVE
CVEadded 2022/09/13 9:15 p.m.58 views

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

6.5CVSS6.3AI score0.0008EPSS
CVE
CVEadded 2025/05/05 9:15 p.m.57 views

CVE-2025-0915

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.

6.5CVSS6.7AI score0.00062EPSS
CVE
CVEadded 2024/06/12 7:15 p.m.56 views

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

6.5CVSS6.2AI score0.00096EPSS
CVE
CVEadded 2024/08/14 6:15 p.m.56 views

CVE-2024-37529

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.

6.5CVSS6.3AI score0.00132EPSS
CVE
CVEadded 2024/06/12 6:15 p.m.55 views

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

6.5CVSS5.3AI score0.00064EPSS
CVE
CVEadded 2024/08/14 6:15 p.m.55 views

CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.

6.5CVSS6.1AI score0.0024EPSS
CVE
CVEadded 2024/08/14 6:15 p.m.54 views

CVE-2024-35152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

6.5CVSS6.3AI score0.00197EPSS
CVE
CVEadded 2010/01/28 8:30 p.m.53 views

CVE-2010-0462

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

6.5CVSS6.6AI score0.13602EPSS
CVE
CVEadded 2011/02/02 11:0 p.m.53 views

CVE-2011-0757

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.

6.5CVSS8.9AI score0.01049EPSS
CVE
CVEadded 2025/05/29 8:15 p.m.53 views

CVE-2025-3050

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

6.5CVSS5.3AI score0.00054EPSS
CVE
CVEadded 2009/06/03 9:0 p.m.52 views

CVE-2008-2154

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

6CVSS6.1AI score0.00947EPSS
CVE
CVEadded 2015/07/20 1:59 a.m.52 views

CVE-2015-0157

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement.

6.8CVSS6.7AI score0.01543EPSS
CVE
CVEadded 2018/03/22 12:29 p.m.52 views

CVE-2018-1428

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 139073.

6.2CVSS6.8AI score0.00031EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.52 views

CVE-2020-4200

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to send specially crafted commands to cause a denial of service. IBM X-Force ID: 174914.

6.5CVSS6.5AI score0.00311EPSS
CVE
CVEadded 2025/05/05 9:15 p.m.52 views

CVE-2025-1000

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

6.5CVSS6.8AI score0.00062EPSS
CVE
CVEadded 2020/02/19 4:15 p.m.45 views

CVE-2020-4161

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341.

6.5CVSS6.5AI score0.00448EPSS
CVE
CVEadded 2009/12/28 7:30 p.m.44 views

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

6.5CVSS6AI score0.01007EPSS
CVE
CVEadded 2020/07/01 3:15 p.m.44 views

CVE-2020-4387

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

6.2CVSS5.3AI score0.00032EPSS
CVE
CVEadded 2009/09/29 9:30 p.m.42 views

CVE-2009-3472

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

6.5CVSS5.9AI score0.00565EPSS
CVE
CVEadded 2011/05/03 8:55 p.m.42 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE...

6.5CVSS8.9AI score0.01326EPSS
CVE
CVEadded 2020/07/01 3:15 p.m.42 views

CVE-2020-4386

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

6.2CVSS5.3AI score0.00032EPSS
Total number of security vulnerabilities56