VYPR

Db2 for Linux, UNIX and Windows

by IBM

CVEs (134)

  • CVE-2022-43929MedFeb 17, 2023
    risk 0.32cvss 4.9epss 0.01

    IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

  • CVE-2020-4885MedJun 24, 2021
    risk 0.31cvss 4.7epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909.

  • CVE-2020-4387MedJul 1, 2020
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269.

  • CVE-2020-4386MedJul 1, 2020
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268.

  • CVE-2018-1857MedNov 9, 2018
    risk 0.31cvss 4.8epss 0.02

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155.

  • CVE-2017-1434MedSep 12, 2017
    risk 0.31cvss 4.7epss 0.00

    IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

  • CVE-2020-4976MedMar 11, 2021
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.

  • CVE-2020-4414MedJul 1, 2020
    risk 0.29cvss 4.4epss 0.00

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could…

  • CVE-2023-23487MedJul 10, 2023
    risk 0.28cvss 4.3epss 0.01

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

  • CVE-2017-1150LowMar 8, 2017
    risk 0.20cvss 3.1epss 0.01

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.

  • CVE-2025-33130Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

  • CVE-2025-33124Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.

  • CVE-2025-13108Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

  • CVE-2025-36353Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Page 7 of 7