VYPR

Db2 Recovery Expert for Linux, UNIX and Windows

by IBM

CVEs (150)

  • CVE-2023-27559MedApr 26, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

  • CVE-2020-4355MedJul 1, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker…

  • CVE-2018-1977MedDec 14, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

  • CVE-2023-30443MedDec 19, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

  • CVE-2023-29267MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

  • CVE-2024-28762MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

  • CVE-2023-38719MedOct 17, 2023
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 11.5 could allow a local user with special privileges to cause a denial of service during database deactivation on DPF. IBM X-Force ID: 261607.

  • CVE-2023-27555MedApr 28, 2023
    risk 0.33cvss 5.1epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

  • CVE-2021-29763MedSep 16, 2021
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

  • CVE-2017-1571MedMar 22, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

  • CVE-2022-43929MedFeb 17, 2023
    risk 0.32cvss 4.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

  • CVE-2020-4387MedJul 1, 2020
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

  • CVE-2020-4386MedJul 1, 2020
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

  • CVE-2018-1857MedNov 9, 2018
    risk 0.31cvss 4.8epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.

  • CVE-2017-1434MedSep 12, 2017
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

  • CVE-2021-29752MedSep 16, 2021
    risk 0.29cvss 4.4epss 0.01

    IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

  • CVE-2020-4976MedMar 11, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

  • CVE-2020-4414MedJul 1, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could…

  • CVE-2023-23487MedJul 10, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

  • CVE-2017-1520LowSep 12, 2017
    risk 0.24cvss 3.7epss 0.01

    IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

Page 7 of 8