Db2

db2

Vendor: Ibm • 326 CVEs

CVEs (326)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2014-0919 1Ibm 1Db2 May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive in...Show more IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.Show less
CVE-2014-8901 1Ibm 1Db2 May 6, 2026 Dec 18, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.
CVE-2014-6210 1Ibm 2Db2 Db2 Connect May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column wit...Show more IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.Show less
CVE-2014-6209 1Ibm 1Db2 May 6, 2026 Dec 12, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying a...Show more IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.Show less
CVE-2014-6159 1Ibm 1Db2 May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon c...Show more IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.Show less
CVE-2014-6097 1Ibm 1Db2 May 6, 2026 Nov 8, 2014 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.
CVE-2014-4805 1Ibm 1Db2 May 6, 2026 Sep 4, 2014 N/A· v4 N/A· v3 2.1 LOW· v2 IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring.
CVE-2014-3095 1Ibm 1Db2 May 6, 2026 Sep 4, 2014 N/A· v4 N/A· v3 3.5 LOW· v2 The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon cras...Show more The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted UNION clause in a subquery of a SELECT statement.Show less
CVE-2014-3094 1Ibm 1Db2 May 6, 2026 Sep 4, 2014 N/A· v4 N/A· v3 8.5 HIGH· v2 Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER...Show more Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement.Show less
CVE-2014-0907 1Ibm 1Db2 May 6, 2026 May 30, 2014 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain ro...Show more Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library.Show less
CVE-2013-6744 1Ibm 1Db2 May 6, 2026 May 30, 2014 N/A· v4 N/A· v3 8.5 HIGH· v2 The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREA...Show more The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.Show less
CVE-2013-6717 1Ibm 3Db2 Db2 ConnectDb2 Purescale Feature 9.8 Apr 29, 2026 Dec 19, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated user...Show more The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors.Show less
CVE-2013-5466 1Ibm 3Db2 Db2 ConnectDb2 Purescale Feature 9.8 Apr 29, 2026 Dec 18, 2013 N/A· v4 N/A· v3 4.0 MEDIUM· v2 The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.
CVE-2013-4032 1Ibm 1Db2 Apr 29, 2026 Oct 2, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a deni...Show more The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data.Show less
CVE-2013-4033 1Ibm 2Db2 Db2 Connect Apr 29, 2026 Aug 28, 2013 N/A· v4 N/A· v3 4.6 MEDIUM· v2 IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.
CVE-2013-3475 1Ibm 3Db2 Db2 ConnectSmart Analytics System 7600 Apr 29, 2026 Jun 5, 2013 N/A· v4 N/A· v3 7.2 HIGH· v2 Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via un...Show more Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.Show less
CVE-2012-4826 1Ibm 1Db2 Apr 29, 2026 Oct 20, 2012 N/A· v4 N/A· v3 8.5 HIGH· v2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbi...Show more Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.Show less
CVE-2012-3324 1Ibm 2Db2 Db2 Connect Apr 29, 2026 Sep 25, 2012 N/A· v4 N/A· v3 9.0 HIGH· v2 Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field...Show more Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.Show less
CVE-2012-0713 1Ibm 1Db2 Apr 29, 2026 Aug 24, 2012 N/A· v4 N/A· v3 3.5 LOW· v2 Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors.
CVE-2012-2197 1Ibm 1Db2 Apr 29, 2026 Jul 25, 2012 N/A· v4 N/A· v3 7.1 HIGH· v2 Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code...Show more Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.Show less

Previous 1...111213...17 Next