Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
266 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-09-04 | 8.4 High |
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | ||||
CVE-2023-45193 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-08-29 | 5.9 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. | ||||
CVE-2023-47141 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2024-08-29 | 5.3 Medium |
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. | ||||
CVE-2023-29267 | 1 Ibm | 1 Db2 | 2024-08-28 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. | ||||
CVE-2024-31882 | 1 Ibm | 1 Db2 | 2024-08-23 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. | ||||
CVE-2024-35136 | 1 Ibm | 1 Db2 | 2024-08-23 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 291307. | ||||
CVE-2024-35152 | 1 Ibm | 1 Db2 | 2024-08-23 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 292639. | ||||
CVE-2024-37529 | 1 Ibm | 1 Db2 | 2024-08-23 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. | ||||
CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2024-08-08 | N/A |
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | ||||
CVE-2003-1051 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | ||||
CVE-2003-1050 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | ||||
CVE-2005-4869 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | ||||
CVE-2005-4871 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | ||||
CVE-2005-4870 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | ||||
CVE-2005-2073 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | ||||
CVE-2006-4257 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | ||||
CVE-2024-31881 | 1 Ibm | 1 Db2 | 2024-08-07 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | ||||
CVE-2024-28762 | 1 Ibm | 1 Db2 | 2024-08-07 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | ||||
CVE-2007-5652 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | ||||
CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2024-08-07 | N/A |
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. |