VYPR

Db2 Recovery Expert for Linux, UNIX and Windows

by IBM

CVEs (150)

  • CVE-2021-20373HigDec 9, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

  • CVE-2021-29825HigSep 16, 2021
    risk 0.49cvss 7.5epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

  • CVE-2021-29703HigJun 24, 2021
    risk 0.49cvss 7.5epss 0.02

    Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

  • CVE-2021-29702HigJun 16, 2021
    risk 0.49cvss 7.5epss 0.02

    Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658.

  • CVE-2020-5024HigMar 11, 2021
    risk 0.49cvss 7.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.

  • CVE-2020-4420HigJul 1, 2020
    risk 0.49cvss 7.5epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076.

  • CVE-2020-4135HigFeb 19, 2020
    risk 0.49cvss 7.5epss 0.03

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage.

  • CVE-2018-1834HigNov 9, 2018
    risk 0.48cvss 7.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511.

  • CVE-2018-1458HigJul 10, 2018
    risk 0.48cvss 7.4epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209.

  • CVE-2018-1515HigMay 25, 2018
    risk 0.48cvss 7.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 and 11.1, under specific or unusual conditions, could allow a local user to overflow a buffer which may result in a privilege escalation to the DB2 instance owner. IBM X-Force ID: 141624.

  • CVE-2018-1426HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.03

    IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

  • CVE-2017-1677HigMar 22, 2018
    risk 0.48cvss 7.4epss 0.01

    IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999.

  • CVE-2023-38003HigDec 4, 2023
    risk 0.47cvss 7.2epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

  • CVE-2023-29257HigApr 26, 2023
    risk 0.47cvss 7.2epss 0.02

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

  • CVE-2017-1105HigJun 27, 2017
    risk 0.46cvss 7.1epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.

  • CVE-2023-35012MedJul 17, 2023
    risk 0.44cvss 6.7epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on…

  • CVE-2020-4230MedFeb 19, 2020
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 and 11.5 is vulnerable to an escalation of privilege when an authenticated local attacker with special permissions executes specially crafted Db2 commands. IBM X-Force ID: 175212.

  • CVE-2019-4057MedJul 1, 2019
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow malicious user with access to the DB2 instance account to leverage a fenced execution process to execute arbitrary code as root. IBM X-Force ID: 156567.

  • CVE-2017-1439MedSep 12, 2017
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.

  • CVE-2017-1438MedSep 12, 2017
    risk 0.44cvss 6.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.

Page 3 of 8