Total
278 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-1883 | 1 Ibm | 1 Db2 | 2025-04-12 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | |||||
CVE-2015-1935 | 1 Ibm | 1 Db2 | 2025-04-12 | 8.0 HIGH | N/A |
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | |||||
CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2025-04-12 | 6.9 MEDIUM | 7.3 HIGH |
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | |||||
CVE-2014-6159 | 1 Ibm | 1 Db2 | 2025-04-12 | 3.5 LOW | N/A |
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||
CVE-2014-6210 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-12 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements. | |||||
CVE-2014-4805 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2025-04-12 | 2.1 LOW | N/A |
IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. | |||||
CVE-2015-0157 | 1 Ibm | 1 Db2 | 2025-04-12 | 6.8 MEDIUM | N/A |
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. | |||||
CVE-2013-6744 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-12 | 8.5 HIGH | N/A |
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. | |||||
CVE-2014-3094 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-04-12 | 8.5 HIGH | N/A |
Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement. | |||||
CVE-2015-1922 | 1 Ibm | 1 Db2 | 2025-04-12 | 3.5 LOW | N/A |
The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to bypass intended access restrictions and delete table rows via unspecified vectors. | |||||
CVE-2014-6097 | 1 Ibm | 1 Db2 | 2025-04-12 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. | |||||
CVE-2010-1560 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462. | |||||
CVE-2010-3737 | 1 Ibm | 1 Db2 | 2025-04-11 | 3.5 LOW | N/A |
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | |||||
CVE-2010-3733 | 1 Ibm | 1 Db2 | 2025-04-11 | 7.2 HIGH | N/A |
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. | |||||
CVE-2012-1797 | 1 Ibm | 1 Db2 | 2025-04-11 | 10.0 HIGH | N/A |
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | |||||
CVE-2010-3740 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | |||||
CVE-2012-2180 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.3 MEDIUM | N/A |
The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. | |||||
CVE-2012-0713 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2025-04-11 | 3.5 LOW | N/A |
Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. | |||||
CVE-2011-1373 | 1 Ibm | 1 Db2 | 2025-04-11 | 1.5 LOW | N/A |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. | |||||
CVE-2010-3738 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. |