VYPR

Db2 for Linux, UNIX and Windows

by IBM

CVEs (134)

  • CVE-2023-30987MedOct 16, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

  • CVE-2023-29256MedJul 10, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.

  • CVE-2023-27559MedApr 26, 2023
    risk 0.35cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

  • CVE-2020-4355MedJul 1, 2020
    risk 0.35cvss 5.3epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker…

  • CVE-2018-1977MedDec 14, 2018
    risk 0.35cvss 5.3epss 0.02

    IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032.

  • CVE-2025-3050MedMay 29, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.

  • CVE-2025-1493MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.

  • CVE-2025-1000MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.

  • CVE-2025-1992MedMay 5, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.

  • CVE-2024-52903MedMay 1, 2025
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2023-30443MedDec 19, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.

  • CVE-2024-41762MedDec 7, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2024-37071MedDec 7, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.

  • CVE-2024-41761MedNov 23, 2024
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.

  • CVE-2024-35136MedAug 14, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307.

  • CVE-2023-29267MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612.

  • CVE-2024-28762MedJun 12, 2024
    risk 0.34cvss 5.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246.

  • CVE-2023-27555MedApr 28, 2023
    risk 0.33cvss 5.1epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

  • CVE-2021-29763MedSep 16, 2021
    risk 0.33cvss 5.1epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 under very specific conditions, could allow a local user to keep running a procedure that could cause the system to run out of memory.and cause a denial of service. IBM X-Force ID: 202267.

  • CVE-2017-1571MedMar 22, 2018
    risk 0.33cvss 5.1epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 131853.

Page 6 of 7