db2 · threatengine.sh

CVE-2026-1577

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an�

6.5MEDIUM

CVE-2025-36122

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an

6.5MEDIUM

CVE-2025-14688

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an

5.3MEDIUM

CVE-2026-1352

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an�

6.5MEDIUM

CVE-2025-36425

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an a

5.3MEDIUM

CVE-2025-36247

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to

7.1HIGH

CVE-2025-14689

>= 12.1.0 and <= 12.1.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause

6.5MEDIUM

CVE-2025-13867

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow

6.5MEDIUM

CVE-2025-36442

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of

6.5MEDIUM

CVE-2025-36428

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated

5.3MEDIUM

CVE-2025-36427

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insuffici

6.5MEDIUM

CVE-2025-36424

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper

6.5MEDIUM

CVE-2025-36423

>= 12.1.0 and <= 12.1.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of se

6.5MEDIUM

CVE-2025-36407

>= 11.5.0 and <= 11.5.9

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.

6.5MEDIUM

CVE-2025-36387

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a den

6.5MEDIUM

CVE-2025-36384

>= 12.1.0 and <= 12.1.3

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use

8.4HIGH

CVE-2025-36366

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a q

6.5MEDIUM

CVE-2025-36365

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration

6.8MEDIUM

CVE-2025-36353

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to

6.2MEDIUM

CVE-2025-36184

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malici

7.2HIGH

CVE-2025-36123

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to

6.2MEDIUM

CVE-2025-36098

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated

6.5MEDIUM

CVE-2025-36070

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial

6.5MEDIUM

CVE-2025-36009

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service d

6.5MEDIUM

CVE-2025-36001

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated

6.5MEDIUM

CVE-2025-2668

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the ser

6.5MEDIUM

CVE-2025-36186

>= 12.1.0 and <= 12.1.3

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow

7.4HIGH

CVE-2025-36185

>= 12.1.0 and <= 12.1.2

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial

6.2MEDIUM

CVE-2025-36136

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a l

5.1MEDIUM

CVE-2025-36131

>= 11.1.0 and <= 11.1.4.7

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connec

4.6MEDIUM

CVE-2025-36008

>= 11.5.0 and <= 11.5.9

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an

6.5MEDIUM

CVE-2025-36006

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Wind

6.5MEDIUM

CVE-2025-33012

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an

6.3MEDIUM

CVE-2025-2534

>= 11.1.0 and <= 11.1.4.7

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connec

5.3MEDIUM

CVE-2024-47118

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Wind

6.5MEDIUM

CVE-2025-36071

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to

6.5MEDIUM

CVE-2025-33114

all versions

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain n

5.3MEDIUM

CVE-2025-33092

all versions

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds

7.8HIGH

CVE-2024-52894

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 thro

4.9MEDIUM

CVE-2024-51473

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 thro

6.5MEDIUM

CVE-2024-49828

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 thro

6.5MEDIUM

CVE-2025-36010

all versions

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable

6.5MEDIUM

CVE-2025-2533

all versions

IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions

5.3MEDIUM

CVE-2025-3050

>= 11.5 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an a

5.3MEDIUM

CVE-2025-2518

>= 11.5 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable

5.3MEDIUM

CVE-2024-49350

>= 11.1 and <= 11.1.4.7

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 throug

6.5MEDIUM

CVE-2025-1493

>= 12.1.0 and <= 12.1.1

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to

5.3MEDIUM

CVE-2025-1000

>= 11.5 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an

5.3MEDIUM

CVE-2025-0915

>= 11.5 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specif

5.3MEDIUM

CVE-2025-1992

>= 11.5.0 and <= 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an a

5.3MEDIUM

CVE-2024-52903

>= 12.1.0 and <= 12.1.1

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain c

5.3MEDIUM

CVE-2024-40679

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as

5.5MEDIUM

CVE-2023-30443

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2024-41762

>= 10.5.0 and <= 10.5.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the

5.3MEDIUM

CVE-2024-37071

>= 10.5.0 and <= 10.5.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause

5.3MEDIUM

CVE-2024-41761

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the

5.3MEDIUM

CVE-2024-45663

>= 11.1.4 and <= 11.1.4.7

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the

6.5MEDIUM

CVE-2024-31880

>= 10.5.0.0 and <= 10.5.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under

5.3MEDIUM

CVE-2024-37529

>= 11.1.4 and <= 11.1.4.7

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denia

6.5MEDIUM

CVE-2024-35152

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to cause a denial of serv

6.5MEDIUM

CVE-2024-35136

>= 10.5.0 and <= 10.5.11

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of

5.3MEDIUM

CVE-2024-31882

>= 11.1.4 and <= 11.1.4.7

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specif

5.3MEDIUM

CVE-2024-31881

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the

6.5MEDIUM

CVE-2023-29267

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under

5.3MEDIUM

CVE-2024-28762

all versions

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2023-42005

all versions

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data 3.5, 4.0, 4.5, 4.6, 4.7, and 4.8 could allow a user with acc

7.4HIGH

CVE-2024-27254

all versions

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of

5.3MEDIUM

CVE-2024-25046

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authent

5.3MEDIUM

CVE-2024-25030

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 stores potentially sensitive information in log files that

6.2MEDIUM

CVE-2024-22360

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially craft

5.3MEDIUM

CVE-2023-52296

all versions

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service when querying a specific

5.3MEDIUM

CVE-2023-38729

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disc

6.8MEDIUM

CVE-2023-47141

< 11.5.9

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges

5.3MEDIUM

CVE-2023-47747

>= 10.5.0.0 and <= 10.5.0.11

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONN

5.3MEDIUM

CVE-2023-47158

>= 10.5.0.0 and <= 10.5.0.11

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with C

5.3MEDIUM

CVE-2023-47152

< 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to

5.9MEDIUM

CVE-2023-27859

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across

6.5MEDIUM

CVE-2023-50308

< 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated us

6.5MEDIUM

CVE-2023-47746

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONN

5.3MEDIUM

CVE-2023-45193

< 11.5.9

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when

5.9MEDIUM

CVE-2023-47145

>= 10.5 and < 10.5.0.11

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to th

8.4HIGH

CVE-2023-40687

<= 10.5.0.11

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2023-38727

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2023-29258

>= 11.1.0.0 and <= 11.1.4.7

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a sp

5.3MEDIUM

CVE-2023-47701

>= 10.5.0.0 and <= 10.5.0.11

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

6.5MEDIUM

CVE-2023-46167

>= 11.5.6 and <= 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when

5.9MEDIUM

CVE-2023-38003

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileg

7.2HIGH

CVE-2023-40692

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extrem

5.9MEDIUM

CVE-2023-45178

all versions

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 CLI is vulnerable to a denial of service when a specially c

6.5MEDIUM

CVE-2023-40373

>= 11.5 and <= 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted quer

5.3MEDIUM

CVE-2023-40372

>= 11.5 and <= 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted

5.3MEDIUM

CVE-2023-38719

all versions

IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. I

5.1MEDIUM

CVE-2023-40374

>= 11.5 and <= 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted

5.3MEDIUM

CVE-2023-30991

>= 11.5 and <= 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a speciall

7.5HIGH

CVE-2023-38740

>= 11.5 and <= 11.5.8

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially craf

5.3MEDIUM

CVE-2023-38728

>= 11.5 and < 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2023-38720

>= 11.5 and < 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a speciall

5.3MEDIUM

CVE-2023-30987

>= 11.5 and < 11.5.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.3MEDIUM

CVE-2023-35012

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-bas

6.7MEDIUM

CVE-2023-30449

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

7.5HIGH

CVE-2023-30448

all versions

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.9MEDIUM

CVE-2023-30447

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.9MEDIUM

CVE-2023-30446

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

5.9MEDIUM

CVE-2023-30445

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a s

7.5HIGH

CVE-2023-30442

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of serv

5.9MEDIUM

CVE-2023-30431

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow,

8.4HIGH

CVE-2023-29256

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure

5.3MEDIUM

CVE-2023-27869

all versions

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execut

6.3MEDIUM

CVE-2023-27868

all versions

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execut

6.3MEDIUM

CVE-2023-27867

all versions

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execut

6.3MEDIUM

CVE-2023-27558

all versions

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using

8.4HIGH

CVE-2023-23487

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM

4.3MEDIUM

CVE-2023-26022

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash whe

5.9MEDIUM

CVE-2023-26021

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server

7.5HIGH

CVE-2023-27555

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use

5.1MEDIUM

CVE-2023-25930

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Unde

5.9MEDIUM

CVE-2023-29255

>= 11.1 and < 11.1.4

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it

7.5HIGH

CVE-2023-27559

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the

5.3MEDIUM

CVE-2023-29257

>= 11.1 and < 11.1.4

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a

7.2HIGH

CVE-2022-43930

all versions

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to an Information Disclosure as sensitive information may b

6.2MEDIUM

CVE-2022-43929

all versions

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Loa

4.9MEDIUM

CVE-2022-43927

all versions

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege managem

5.9MEDIUM

CVE-2022-41296

all versions

IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unau

6.5MEDIUM

CVE-2022-35637

all versions

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malforme

6.5MEDIUM

CVE-2022-22483

all versions

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios d

6.5MEDIUM

CVE-2022-22390

all versions

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by impro

7.5HIGH

CVE-2022-22389

all versions

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may termina

6.5MEDIUM

CVE-2021-39002

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 uses weaker than expected crypto

7.5HIGH

CVE-2021-38931

all versions

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1, and 11.5 is vulnerable to an information disclosure as a r

6.5MEDIUM

CVE-2021-38926

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to gain

5.5MEDIUM

CVE-2021-29678

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM au

8.7HIGH

CVE-2021-20373

all versions

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certai

7.5HIGH

CVE-2021-29825

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with L

7.5HIGH

CVE-2021-29763

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a loca

5.1MEDIUM

CVE-2021-29752

all versions

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users un

4.4MEDIUM

CVE-2021-29777

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of

6.5MEDIUM

CVE-2021-29703

all versions

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnorm

7.5HIGH

CVE-2021-20579

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can creat

6.5MEDIUM

CVE-2020-4945

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary fil

8.1HIGH

CVE-2020-4885

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configura

4.7MEDIUM

CVE-2021-29702

>= 11.1 and <= 11.1.4

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server

7.5HIGH

CVE-2019-4588

all versions

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to exec

7.8HIGH

CVE-2020-5025

>= 11.1.0.0 and < 11.1.4.6

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer

7.8HIGH

CVE-2020-5024

>= 11.1.0.0 and < 11.1.4.6

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated a

7.5HIGH

CVE-2020-4976

>= 11.1.0.0 and < 11.1.4.6

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read

4.4MEDIUM

CVE-2020-4642

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to ca

5.5MEDIUM

CVE-2020-4739

>= 11.5 and < 11.5.5.0

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 1

7.8HIGH

CVE-2020-4701

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused

7.8HIGH

CVE-2020-4420

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated a

7.5HIGH

CVE-2020-4414

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to

4.4MEDIUM

CVE-2020-4387

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obta

4.7MEDIUM

CVE-2020-4386

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obta

4.7MEDIUM

CVE-2020-4363

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overfl

7.8HIGH

CVE-2020-4355

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of ser

5.3MEDIUM

CVE-2020-4230

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when a

6.7MEDIUM

CVE-2020-4204

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overfl

7.8HIGH

CVE-2020-4200

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated attacker to se

6.5MEDIUM

CVE-2020-4161

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of

6.5MEDIUM

CVE-2020-4135

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated u

7.5HIGH

CVE-2019-4386

>= 11.1.3 and <= 11.1.3.3

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function tha

6.5MEDIUM

CVE-2019-4322

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

7.8HIGH

CVE-2019-4154

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

7.8HIGH

CVE-2019-4102

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographi

5.9MEDIUM

CVE-2019-4101

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users

5.5MEDIUM

CVE-2019-4057

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access

6.7MEDIUM

CVE-2019-4014

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

7.8HIGH

CVE-2018-1936

all versions

IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking

8.4HIGH

CVE-2019-4094

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an

7.8HIGH

CVE-2019-4016

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

7.8HIGH

CVE-2019-4015

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

7.8HIGH

CVE-2018-1980

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

8.4HIGH

CVE-2018-1978

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, wh

8.4HIGH

CVE-2018-1923

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnera

8.4HIGH

CVE-2018-1922

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnera

8.4HIGH

CVE-2018-1977

all versions

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authe

5.3MEDIUM

CVE-2018-1897

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by

8.4HIGH

CVE-2018-1857

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access t

4.8MEDIUM

CVE-2018-1834

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could al

7.4HIGH

CVE-2018-1802

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an

8.4HIGH

CVE-2018-1799

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user

6.2MEDIUM

CVE-2018-1781

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain roo

8.4HIGH

CVE-2018-1780

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner

7.8HIGH

CVE-2018-1711

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to gain pr

8.4HIGH

CVE-2018-1710

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow

8.4HIGH

CVE-2018-1685

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy t

5.5MEDIUM

CVE-2018-1566

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute ar

8.4HIGH

CVE-2018-1487

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an

8.4HIGH

CVE-2018-1458

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arb

7.4HIGH

CVE-2018-1565

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a

8.4HIGH

CVE-2018-1544

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to overflow a

8.4HIGH

CVE-2018-1515

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow

7.4HIGH

CVE-2018-1488

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1 is vulnerable to a buffer overflow, which could al

8.4HIGH

CVE-2018-1459

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer ov

7.8HIGH

CVE-2018-1452

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could al

5.5MEDIUM

CVE-2018-1451

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could al

5.5MEDIUM

CVE-2018-1450

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could al

5.5MEDIUM

CVE-2018-1449

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could al

5.5MEDIUM

CVE-2018-1448

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could al

7.7HIGH

CVE-2018-1428

all versions

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) uses weaker than expected cryptographic algorithms that

6.2MEDIUM

CVE-2018-1427

all versions

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) contains several environment variables that a local atta

6.2MEDIUM

CVE-2018-1426

all versions

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls whe

7.4HIGH

CVE-2017-1677

all versions

IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents

7.4HIGH

CVE-2017-1571

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographi

5.1MEDIUM

CVE-2016-0215

all versions

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause

6.5MEDIUM

CVE-2017-1520

all versions

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentic

3.7LOW

CVE-2017-1519

all versions

IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Se

5.9MEDIUM

CVE-2017-1452

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain ele

7.8HIGH

CVE-2017-1451

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 inst

7.8HIGH

CVE-2017-1439

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 inst

6.7MEDIUM

CVE-2017-1438

all versions

IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 inst

6.7MEDIUM

CVE-2017-1434

all versions

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive

4.7MEDIUM

CVE-2017-1297

all versions

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer

7.3HIGH

CVE-2017-1105

all versions

IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow tha

7.1HIGH

CVE-2017-1150

all versions

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with

3.1LOW

CVE-2016-5995

all versions

Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and

7.3HIGH

CVE-2016-0211

all versions

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated user

4.3MEDIUM

CVE-2015-1935

all versions

The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, U

CVE-2015-1922

all versions

The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNI

CVE-2015-1883

all versions

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authent

CVE-2015-0157

all versions

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authent

CVE-2014-8910

all versions

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authent

CVE-2014-0919

all versions

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monit

CVE-2014-8901

all versions

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated use

CVE-2014-6210

all versions

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authent

CVE-2014-6209

all versions

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows all

CVE-2014-6159

all versions

IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_

CVE-2014-6097

all versions

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of ser

CVE-2014-4805

all versions

IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files during CDE table LOAD operations, which allows local users to obt

CVE-2014-3095

all versions

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNI

CVE-2014-3094

all versions

Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, an

CVE-2014-0907

all versions

Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a,

CVE-2013-6744

all versions

The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remo

CVE-2013-6717

all versions

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the

CVE-2013-5466

all versions

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, all

CVE-2013-4032

all versions

The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3

CVE-2013-4033

all versions

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users

CVE-2013-3475

all versions

Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Sm

CVE-2012-4826

all versions

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1,

CVE-2012-3324

all versions

Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authe

CVE-2012-0713

all versions

Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 on Linux, UNIX, and Windows allows remote authenticated use

CVE-2012-2197

all versions

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through F

CVE-2012-2196

all versions

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML

CVE-2012-2194

all versions

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 th

CVE-2012-2180

all versions

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 bef

CVE-2012-1797

all versions

IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.

CVE-2012-1796

all versions

Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to

CVE-2012-0712

all versions

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denia

CVE-2012-0711

all versions

Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before F

CVE-2012-0710

all versions

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (

CVE-2012-0709

all versions

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated

CVE-2011-1373

<= 9.7.0.4

Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC

CVE-2011-4061

all versions

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM

CVE-2011-1847

<= 9.7

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table a

CVE-2011-1846

<= 9.7

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which

CVE-2011-0757

<= 9.7

IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM author

CVE-2011-0731

<= 9.7

Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on

CVE-2010-3740

all versions

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle

CVE-2010-3738

all versions

The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the

CVE-2010-3737

all versions

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a

CVE-2010-3736

all versions

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled,

CVE-2010-3735

all versions

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a den

CVE-2010-3734

all versions

The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length,

CVE-2010-3733

all versions

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, whi

CVE-2010-3732

all versions

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (databas

CVE-2010-3731

all versions

Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the

CVE-2010-3475

all versions

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which a

CVE-2010-3474

all versions

IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by th

CVE-2010-3197

all versions

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, w

CVE-2010-3196

all versions

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of priv

CVE-2010-3195

all versions

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to

CVE-2010-3194

all versions

The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access

CVE-2010-3193

all versions

Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact

CVE-2010-1560

<= 9.1

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (t

CVE-2010-0472

all versions

kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of serv

CVE-2010-0462

all versions

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have

CVE-2009-4439

all versions

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenti

CVE-2009-4438

all versions

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforc

CVE-2009-4335

all versions

Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have

CVE-2009-4334

all versions

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permission

CVE-2009-4333

all versions

The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENC

CVE-2009-4332

all versions

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of se

CVE-2009-4331

all versions

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect fi

CVE-2009-4330

all versions

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local atta

CVE-2009-4329

all versions

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a

CVE-2009-4328

all versions

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a de

CVE-2009-4327

all versions

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a mem

CVE-2009-4326

all versions

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Databa

CVE-2009-4325

all versions

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate a

CVE-2009-4150

all versions

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accoun

CVE-2009-3473

all versions

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspec

CVE-2009-3472

all versions

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions

CVE-2009-3471

all versions

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table fun

CVE-2009-2860

<= 8.1

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash

CVE-2009-2859

<= 8.1

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

CVE-2009-2858

<= 8.1

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (

CVE-2009-1906

all versions

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (mem

CVE-2009-1905

<= 8.0

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBM

CVE-2008-6821

all versions

Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute ar

CVE-2008-6820

all versions

The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unk

CVE-2008-2154

all versions

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows r

CVE-2009-1239

<= 9.1

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN

CVE-2008-4693

<= 9.5

The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, wh

CVE-2008-4692

<= 8.0

The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot

CVE-2008-4691

<= 9.1

Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in

CVE-2008-3959

<= 8.1

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of servi

CVE-2008-3958

<= 8.0

IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH

CVE-2008-1998

all versions

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote a

CVE-2008-1997

all versions

Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote

CVE-2008-1966

all versions

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 befor

CVE-2007-3676

<= 8.0

IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers

CVE-2008-0699

all versions

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, a

CVE-2008-0698

all versions

Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving

CVE-2008-0697

all versions

Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified

CVE-2008-0696

all versions

IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and

CVE-2007-5652

<= 9.1

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allo

CVE-2007-2582

<= 9.0

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1)

CVE-2007-1228

all versions

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain

CVE-2007-1088

all versions

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary

CVE-2007-1087

all versions

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local u

CVE-2007-1027

all versions

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a

CVE-2006-4257

all versions

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1

CVE-2005-4871

all versions

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers t

CVE-2005-4870

all versions

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob f

CVE-2005-4869

all versions

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an

CVE-2005-2073

all versions

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct

CVE-2003-1052

all versions

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root prog

CVE-2003-1051

all versions

Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certa

ibm db2