Db2

db2

Vendor: Ibm • 326 CVEs

CVEs (326)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-30447 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.
CVE-2023-30446 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253361 .
CVE-2023-30445 1Ibm 1Db2 Feb 13, 2025 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.
CVE-2023-30442 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options....Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.Show less
CVE-2023-30431 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arb...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.Show less
CVE-2023-29256 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-For...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.Show less
CVE-2023-27869 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a spec...Show more IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.Show less
CVE-2023-27868 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing...Show more IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.Show less
CVE-2023-27867 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the prop...Show more IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.Show less
CVE-2023-27558 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain ele...Show more IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.Show less
CVE-2023-23487 1Ibm 1Db2 Nov 21, 2024 Jul 10, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.
CVE-2023-26022 1Ibm 1Db2 Nov 21, 2024 Apr 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.
CVE-2023-26021 1Ibm 1Db2 Nov 21, 2024 Apr 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.Show less
CVE-2023-27555 1Ibm 1Db2 Nov 21, 2024 Apr 28, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.
CVE-2023-25930 1Ibm 1Db2 Nov 21, 2024 Apr 28, 2023 N/A· v4 5.9 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnorm...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.Show less
CVE-2023-29255 1Ibm 1Db2 Nov 21, 2024 Apr 27, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.
CVE-2023-27559 1Ibm 1Db2 Nov 21, 2024 Apr 26, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.
CVE-2023-29257 1Ibm 1Db2 Nov 21, 2024 Apr 26, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.Show less
CVE-2022-43930 1Ibm 1Db2 Nov 21, 2024 Feb 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may be included in a log file. IBM X-Force ID: 241677.
CVE-2022-43929 1Ibm 1Db2 Nov 21, 2024 Feb 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

Previous 1...567...17 Next