Skip to main content

Db2

212 CVEs product

Monthly

CVE-2015-1883 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2015-0157 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2014-8910 MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2014-0919 MEDIUM PATCH This Month

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2014-8901 MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Db2
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2014-6210 MEDIUM This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2 Db2 Connect
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2014-6209 MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
1.4%
CVE-2014-6159 LOW Monitor

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
3.5
EPSS
1.1%
CVE-2014-6097 MEDIUM PATCH This Month

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
4.0
EPSS
0.6%
CVE-2014-4805 LOW PATCH Monitor

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Db2
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2014-3095 LOW PATCH Monitor

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Denial Of Service Microsoft Db2
NVD
CVSS 2.0
3.5
EPSS
1.3%
CVE-2014-3094 HIGH PATCH Act Now

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.4%.

IBM RCE Buffer Overflow Microsoft Db2
NVD
CVSS 2.0
8.5
EPSS
10.4%
CVE-2014-0907 HIGH This Week

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Db2
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-6744 HIGH This Week

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Microsoft Db2
NVD
CVSS 2.0
8.5
EPSS
2.1%
CVE-2013-6717 MEDIUM This Month

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 Db2 Connect Db2 Purescale Feature 9 8
NVD
CVSS 2.0
4.0
EPSS
1.7%
CVE-2013-5466 MEDIUM This Month

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 Db2 Connect Db2 Purescale Feature 9 8
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2013-4032 MEDIUM This Month

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4033 MEDIUM This Month

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Db2 Db2 Connect
NVD
CVSS 2.0
4.6
EPSS
1.0%
CVE-2013-3475 HIGH This Week

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Db2 Db2 Connect Smart Analytics System 7600
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2012-4826 HIGH Act Now

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 20.4% and no vendor patch available.

Buffer Overflow RCE IBM Db2
NVD
CVSS 2.0
8.5
EPSS
20.4%
CVE-2012-3324 CRITICAL Act Now

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft IBM Db2 Db2 Connect
NVD
CVSS 2.0
9.0
EPSS
0.8%
CVE-2012-0713 LOW Monitor

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft IBM Db2
NVD
CVSS 2.0
3.5
EPSS
0.1%
CVE-2012-2197 HIGH Act Now

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.9% and no vendor patch available.

Buffer Overflow RCE Java IBM Db2
NVD
CVSS 2.0
7.1
EPSS
12.9%
CVE-2012-2196 MEDIUM This Month

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
CVSS 2.0
5.0
EPSS
0.6%
CVE-2012-2194 MEDIUM This Month

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Db2
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-2180 MEDIUM This Month

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Db2
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2012-1797 CRITICAL Act Now

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Db2
NVD
CVSS 2.0
10.0
EPSS
0.5%
CVE-2012-1796 HIGH This Week

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
CVSS 2.0
7.2
EPSS
0.0%
CVE-2012-0712 MEDIUM This Month

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
CVSS 2.0
4.0
EPSS
1.0%
CVE-2012-0711 HIGH This Week

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM Db2
NVD
CVSS 2.0
7.5
EPSS
7.1%
CVE-2012-0710 MEDIUM This Month

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2012-0709 MEDIUM This Month

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Db2
NVD
CVSS 2.0
4.0
EPSS
0.3%
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft +1
NVD
EPSS 2% CVSS 6.8
MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Microsoft +1
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Microsoft +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Db2
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +2
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 3.5
LOW Monitor

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Denial Of Service Microsoft +1
NVD
EPSS 1% CVSS 4.0
MEDIUM PATCH This Month

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Microsoft +1
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obtain sensitive information by reading a file while a LOAD is occurring. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

IBM Information Disclosure Db2
NVD
EPSS 1% CVSS 3.5
LOW PATCH Monitor

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.

IBM Denial Of Service Microsoft +1
NVD
EPSS 10% CVSS 8.5
HIGH PATCH Act Now

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.4%.

IBM RCE Buffer Overflow +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Db2
NVD
EPSS 2% CVSS 8.5
HIGH This Week

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation Microsoft +1
NVD
EPSS 2% CVSS 4.0
MEDIUM This Month

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 +2
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2 +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation IBM Db2 +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Db2 +2
NVD
EPSS 20% CVSS 8.5
HIGH Act Now

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 20.4% and no vendor patch available.

Buffer Overflow RCE IBM +1
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Microsoft IBM +2
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary XML files via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft IBM +1
NVD
EPSS 13% CVSS 7.1
HIGH Act Now

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Epss exploitation probability 12.9% and no vendor patch available.

Buffer Overflow RCE Java +2
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Db2
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service IBM Db2
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation IBM Db2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Db2
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE IBM +1
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Db2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Db2
NVD
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy