cpe:2.3:a:ibm:db2:9.5:fp4:*:*:*:*:*:*
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
Source: IBM Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
Source: IBM Corporation
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-01-22
Updated
2024-03-07
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-04
Updated
2024-01-19
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.
Source: IBM Corporation
Max CVSS
4.0
EPSS Score
0.88%
Published
2014-12-18
Updated
2018-09-28
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.
Source: IBM Corporation
Max CVSS
4.0
EPSS Score
8.39%
Published
2014-12-12
Updated
2018-09-27
The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.
Source: IBM Corporation
Max CVSS
3.5
EPSS Score
7.73%
Published
2014-09-04
Updated
2017-08-29
Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.
Source: IBM Corporation
Max CVSS
7.2
EPSS Score
0.06%
Published
2014-05-30
Updated
2017-08-29
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
Source: IBM Corporation
Max CVSS
8.5
EPSS Score
0.35%
Published
2014-05-30
Updated
2017-08-29
The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
Source: IBM Corporation
Max CVSS
4.0
EPSS Score
0.84%
Published
2013-12-18
Updated
2018-09-25
Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.
Source: Flexera Software LLC
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-06-05
Updated
2018-09-25
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.
Source: IBM Corporation
Max CVSS
8.5
EPSS Score
12.05%
Published
2012-10-20
Updated
2013-03-02
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
Source: IBM Corporation
Max CVSS
7.1
EPSS Score
8.70%
Published
2012-07-25
Updated
2017-12-22
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
Source: IBM Corporation
Max CVSS
5.0
EPSS Score
0.68%
Published
2012-07-25
Updated
2017-12-22
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
Source: IBM Corporation
Max CVSS
5.0
EPSS Score
0.85%
Published
2012-07-25
Updated
2017-12-22
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
Source: MITRE
Max CVSS
10.0
EPSS Score
0.25%
Published
2012-03-20
Updated
2018-01-10
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.
Source: MITRE
Max CVSS
7.2
EPSS Score
0.04%
Published
2012-03-20
Updated
2018-01-10
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.
Source: IBM Corporation
Max CVSS
4.0
EPSS Score
0.67%
Published
2012-03-20
Updated
2017-09-19
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
Source: IBM Corporation
Max CVSS
7.5
EPSS Score
13.94%
Published
2012-03-20
Updated
2018-10-10
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
Source: IBM Corporation
Max CVSS
5.0
EPSS Score
7.32%
Published
2012-03-20
Updated
2018-10-10
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.
Source: IBM Corporation
Max CVSS
4.0
EPSS Score
0.84%
Published
2012-03-20
Updated
2017-09-19
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
4.9
EPSS Score
0.36%
Published
2011-05-03
Updated
2017-09-19
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
6.5
EPSS Score
0.34%
Published
2011-05-03
Updated
2017-09-19
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
Source: MITRE
Max CVSS
1.5
EPSS Score
0.04%
Published
2011-11-09
Updated
2017-09-19
58 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!