Db2 Security Vulnerabilities and Issues — Db2 CVE List

Lucene search

IbmDb2

28 matches found

CVE•added 2024/12/19 2:15 a.m.•126 views

CVE-2023-30443

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

6.5CVSS5AI score0.0005EPSS

CVE•added 2024/01/07 7:15 p.m.•99 views

CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

8.4CVSS7.3AI score0.00015EPSS

CVE•added 2024/01/22 8:15 p.m.•96 views

CVE-2023-47158

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750.

6.5CVSS6.1AI score0.00036EPSS

CVE•added 2024/10/23 2:15 a.m.•93 views

CVE-2024-31880

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user.

6.5CVSS5.6AI score0.00172EPSS

CVE•added 2024/01/22 7:15 p.m.•91 views

CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

6.5CVSS6.2AI score0.00035EPSS

CVE•added 2024/04/03 1:16 p.m.•85 views

CVE-2024-27254

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813.

6.5CVSS5.2AI score0.0005EPSS

CVE•added 2024/01/22 7:15 p.m.•84 views

CVE-2023-47746

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644.

6.5CVSS6.2AI score0.00043EPSS

CVE•added 2024/01/22 8:15 p.m.•83 views

CVE-2023-47747

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646.

6.5CVSS6.2AI score0.00037EPSS

CVE•added 2024/04/03 1:16 p.m.•77 views

CVE-2024-25030

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 281677.

6.2CVSS5.4AI score0.00018EPSS

CVE•added 2024/01/22 9:15 p.m.•75 views

CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

6.5CVSS6.2AI score0.00036EPSS

CVE•added 2024/01/22 8:15 p.m.•72 views

CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

7.5CVSS6.3AI score0.0008EPSS

CVE•added 2024/01/22 7:15 p.m.•71 views

CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

7.5CVSS7.2AI score0.00039EPSS

CVE•added 2024/04/03 1:16 p.m.•71 views

CVE-2024-25046

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953.

6.5CVSS5AI score0.00074EPSS

CVE•added 2024/04/03 1:16 p.m.•70 views

CVE-2023-38729

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT.

6.8CVSS6.5AI score0.0006EPSS

CVE•added 2024/04/03 1:16 p.m.•69 views

CVE-2024-22360

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905.

6.5CVSS5.1AI score0.00074EPSS

CVE•added 2024/01/22 8:15 p.m.•65 views

CVE-2023-27859

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 24...

6.5CVSS6.7AI score0.00106EPSS

CVE•added 2024/12/07 2:15 p.m.•64 views

CVE-2024-41762

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

6.5CVSS5.3AI score0.00059EPSS

CVE•added 2024/04/03 1:16 p.m.•63 views

CVE-2023-52296

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific UDF built-in function concurrently. IBM X-Force ID: 278547.

5.3CVSS5AI score0.00052EPSS

CVE•added 2024/08/14 6:15 p.m.•62 views

CVE-2024-35136

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

6.5CVSS5.8AI score0.00209EPSS

CVE•added 2024/06/12 7:15 p.m.•59 views

CVE-2023-29267

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

6.5CVSS5.6AI score0.00091EPSS

CVE•added 2024/11/23 3:15 a.m.•59 views

CVE-2024-41761

5.3CVSS5.2AI score0.00096EPSS

CVE•added 2024/12/07 1:15 p.m.•58 views

CVE-2024-37071

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

6.5CVSS5.2AI score0.00063EPSS

CVE•added 2024/11/21 11:15 a.m.•58 views

CVE-2024-45663

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

7.5CVSS6.3AI score0.00154EPSS

CVE•added 2024/06/12 7:15 p.m.•56 views

CVE-2024-31881

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613.

6.5CVSS6.2AI score0.00096EPSS

CVE•added 2024/08/14 6:15 p.m.•56 views

CVE-2024-37529

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295.

6.5CVSS6.3AI score0.00132EPSS

CVE•added 2024/06/12 6:15 p.m.•55 views

CVE-2024-28762

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

6.5CVSS5.3AI score0.00064EPSS

CVE•added 2024/08/14 6:15 p.m.•55 views

CVE-2024-31882

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614.

6.5CVSS6.1AI score0.0024EPSS

CVE•added 2024/08/14 6:15 p.m.•54 views

CVE-2024-35152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639.

6.5CVSS6.3AI score0.00197EPSS