Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2006-08-21 |
| Product | db2 | Last view | 2024-12-07 |
| Version | 8.1.9 | Type | Application |
| Update | * | ||
| Edition | aix | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:db2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2024-12-07 | CVE-2024-41762 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. |
| 6.5 | 2024-10-23 | CVE-2024-31880 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. |
| 6.5 | 2024-08-14 | CVE-2024-37529 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. IBM X-Force ID: 294295. |
| 6.5 | 2024-08-14 | CVE-2024-35136 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) federated server 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain non default conditions. IBM X-Force ID: 291307. |
| 6.5 | 2024-08-14 | CVE-2024-31882 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service, under specific non default configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287614. |
| 6.5 | 2024-01-22 | CVE-2023-50308 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. |
| 6.5 | 2024-01-22 | CVE-2023-47747 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. |
| 6.5 | 2024-01-22 | CVE-2023-47746 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. |
| 6.5 | 2024-01-22 | CVE-2023-47158 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. |
| 7.5 | 2024-01-22 | CVE-2023-47152 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. |
| 6.5 | 2024-01-22 | CVE-2023-47141 | IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. |
| 7.5 | 2024-01-22 | CVE-2023-45193 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. |
| 6.5 | 2024-01-22 | CVE-2023-27859 | IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. |
| 7.8 | 2024-01-07 | CVE-2023-47145 | IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. |
| 7.5 | 2023-12-04 | CVE-2023-47701 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. |
| 7.5 | 2023-12-04 | CVE-2023-46167 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. |
| 7.5 | 2023-12-04 | CVE-2023-40687 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. |
| 7.5 | 2023-12-04 | CVE-2023-38727 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. |
| 7.5 | 2023-12-04 | CVE-2023-29258 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. |
| 7.5 | 2023-10-17 | CVE-2023-40373 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. |
| 7.5 | 2023-10-17 | CVE-2023-40372 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. |
| 7.5 | 2023-10-16 | CVE-2023-40374 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. |
| 7.5 | 2023-10-16 | CVE-2023-38740 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. |
| 7.5 | 2023-10-16 | CVE-2023-38728 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. |
| 7.5 | 2023-10-16 | CVE-2023-38720 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 22% (6) | CWE-20 | Improper Input Validation |
| 14% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 11% (3) | CWE-264 | Permissions, Privileges, and Access Controls |
| 7% (2) | CWE-770 | Allocation of Resources Without Limits or Throttling |
| 7% (2) | CWE-399 | Resource Management Errors |
| 7% (2) | CWE-200 | Information Exposure |
| 7% (2) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
| 3% (1) | CWE-749 | Exposed Dangerous Method or Function |
| 3% (1) | CWE-426 | Untrusted Search Path |
| 3% (1) | CWE-287 | Improper Authentication |
| 3% (1) | CWE-276 | Incorrect Default Permissions |
| 3% (1) | CWE-209 | Information Exposure Through an Error Message |
| 3% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 77204 | IBM DB2 for Unix Self Tuning Memory Manager (STMM) Unspecified Local DoS |
| 72698 | IBM DB2 Relational Data Services SYSSTAT.TABLES Statistics Manipulation |
| 72697 | IBM DB2 Relational Data Services Non-DDL Statement Execution |
| 70773 | IBM DB2 Non-DDL Statement Execution DBADM Privilege Revocation Weakness |
| 70683 | IBM DB2 Administration Server Unspecified Overflow |
| 64041 | IBM DB2 REPEAT Function Overflow |
| 54914 | IBM DB2 Universal Database Common Code Infrastructure Component LDAP Password... |
| 54698 | IBM DB2 Universal Database JOIN Predicate Query Result Handling Information D... |
| 49950 | IBM DB2 Universal Database SORT/LIST SERVICES Component Trace Output Informat... |
| 49949 | IBM DB2 Universal Database Native Managed Provider for .NET Object Maintenanc... |
| 49948 | IBM DB2 Universal Database New Compiler SQLNLS_UNPADDEDCHARLEN Function Unspe... |
| 41794 | IBM DB2 Universal Database CONNECT / ATTACH Processing Unspecified Remote DoS |
| 41629 | IBM DB2 Universal Database Administration Server (DAS) Unspecified Administra... |
| 40995 | IBM DB2 Universal Database Authentication Information Storage Memory Corruption |
| 40975 | IBM DB2 JDBC Applet Server (DB2JDS) Multiple Method MemTree Remote Overflow |
| 40973 | IBM DB2 JDBC Applet Server (DB2JDS) Crafted Packet Arbitrary Code Execution |
| 27993 | IBM DB2 Universal Database CONNECT Processing Unspecified DoS |
OpenVAS Exploits
| id | Description |
|---|---|
| 2011-05-16 | Name : IBM DB2 Multiple Security Bypass Vulnerabilities (May-11) File : nvt/gb_ibm_db2_mult_sec_bypass_vuln.nasl |
| 2011-02-07 | Name : IBM DB2 Administration Server (DAS) Buffer Overflow Vulnerability File : nvt/gb_ibm_db2_das_bof_vuln.nasl |
| 2011-02-07 | Name : IBM DB2 DBADM Privilege Revocation Security Bypass Vulnerability File : nvt/gb_ibm_db2_dbadm_sec_bypass_vuln.nasl |
| 2010-04-30 | Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Linux) File : nvt/secpod_ibm_db2_repeat_bof_vuln_lin.nasl |
| 2010-04-30 | Name : IBM DB2 REPEAT Buffer Overflow and TLS Renegotiation Vulnerabilities (Win) File : nvt/secpod_ibm_db2_repeat_bof_vuln_win.nasl |
| 2009-06-30 | Name : IBM DB2 Multiple Vulnerabilities (Linux) File : nvt/secpod_ibm_db2_mult_dos_vuln_lin01.nasl |
| 2009-06-30 | Name : IBM DB2 Multiple Vulnerabilities (Win) File : nvt/secpod_ibm_db2_mult_dos_vuln_win01.nasl |
| 2009-05-11 | Name : IBM DB2 Information Disclosure Vulnerability (Linux) File : nvt/gb_ibm_db2_info_disc_vuln_lin.nasl |
| 2009-05-11 | Name : IBM DB2 Information Disclosure Vulnerability (Win) File : nvt/gb_ibm_db2_info_disc_vuln_win.nasl |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2011-B-0013 | Multiple Vulnerabilities in IBM DB2 Severity: Category I - VMSKEY: V0026050 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29948 - Type : SERVER-OTHER - Revision : 6 |
| 2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29947 - Type : SERVER-OTHER - Revision : 6 |
| 2014-03-29 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 29946 - Type : SERVER-OTHER - Revision : 6 |
| 2014-01-10 | IBM DB2 Universal Database receiveDASMessage buffer overflow attempt RuleID : 19206 - Type : SERVER-OTHER - Revision : 11 |
| 2014-01-10 | IBM DB2 Universal Database rdbname denial of service attempt RuleID : 17599 - Type : SERVER-OTHER - Revision : 11 |
| 2014-01-10 | IBM DB2 Universal Database accsec command without rdbnam RuleID : 17598 - Type : SERVER-OTHER - Revision : 13 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2011-11-23 | Name: The remote database server is affected by multiple denial of service vulnerab... File: db2_97fp5.nasl - Type: ACT_GATHER_INFO |
| 2011-04-25 | Name: The remote database server is affected by multiple issues. File: db2_97fp4.nasl - Type: ACT_GATHER_INFO |
| 2011-02-01 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp7.nasl - Type: ACT_GATHER_INFO |
| 2011-02-01 | Name: The remote database server is affected by multiple issues. File: db2_9fp10.nasl - Type: ACT_GATHER_INFO |
| 2010-11-02 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp3.nasl - Type: ACT_GATHER_INFO |
| 2010-06-01 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp2.nasl - Type: ACT_GATHER_INFO |
| 2009-06-03 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp4.nasl - Type: ACT_GATHER_INFO |
| 2009-04-22 | Name: The remote database server is affected by multiple issues. File: db2_9fp7.nasl - Type: ACT_GATHER_INFO |
| 2008-10-22 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp6.nasl - Type: ACT_GATHER_INFO |
| 2008-08-28 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_95fp2.nasl - Type: ACT_GATHER_INFO |
| 2008-02-05 | Name: The remote database server is affected by multiple issues. File: db2_81fp16.nasl - Type: ACT_GATHER_INFO |
| 2007-11-16 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp4.nasl - Type: ACT_GATHER_INFO |
| 2007-08-20 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_9fp3.nasl - Type: ACT_GATHER_INFO |
| 2006-12-23 | Name: The remote database server is affected by multiple denial of service vulnerab... File: db2_81fp13.nasl - Type: ACT_GATHER_INFO |
