Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2018-01-16 |
| Product | db2 | Last view | 2024-01-22 |
| Version | 10.1 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | workgroup_server | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:db2 | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2024-01-22 | CVE-2023-50308 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. |
| 6.5 | 2024-01-22 | CVE-2023-47747 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272646. |
| 6.5 | 2024-01-22 | CVE-2023-47746 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 272644. |
| 6.5 | 2024-01-22 | CVE-2023-47158 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1 and 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270750. |
| 7.5 | 2024-01-22 | CVE-2023-47152 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. |
| 6.5 | 2024-01-22 | CVE-2023-47141 | IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. |
| 7.5 | 2024-01-22 | CVE-2023-45193 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. |
| 6.5 | 2024-01-22 | CVE-2023-27859 | IBM Db2 10.1, 10.5, and 11.1 could allow a remote user to execute arbitrary code caused by installing like named jar files across multiple databases. A user could exploit this by installing a malicious jar file that overwrites the existing like named jar file in another database. IBM X-Force ID: 249205. |
| 7.8 | 2024-01-07 | CVE-2023-47145 | IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. |
| 7.5 | 2023-12-04 | CVE-2023-47701 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 266166. |
| 7.5 | 2023-12-04 | CVE-2023-46167 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 269367. |
| 7.5 | 2023-12-04 | CVE-2023-40687 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. |
| 7.5 | 2023-12-04 | CVE-2023-38727 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement. IBM X-Force ID: 262257. |
| 7.5 | 2023-12-04 | CVE-2023-29258 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects. IBM X-Force ID: 252048. |
| 7.5 | 2023-10-17 | CVE-2023-40373 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574. |
| 7.5 | 2023-10-17 | CVE-2023-40372 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. IBM X-Force ID: 263499. |
| 7.5 | 2023-10-16 | CVE-2023-40374 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. IBM X-Force ID: 263575. |
| 7.5 | 2023-10-16 | CVE-2023-38740 | IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. IBM X-Force ID: 262613. |
| 7.5 | 2023-10-16 | CVE-2023-38728 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258. |
| 7.5 | 2023-10-16 | CVE-2023-38720 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. IBM X-Force ID: 261616. |
| 7.5 | 2023-10-16 | CVE-2023-30991 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 254037. |
| 7.5 | 2023-10-16 | CVE-2023-30987 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440. |
| 7.5 | 2023-04-28 | CVE-2023-27555 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. |
| 7.5 | 2023-04-28 | CVE-2023-26022 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. |
| 7.5 | 2023-04-28 | CVE-2023-26021 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 58% (7) | CWE-20 | Improper Input Validation |
| 8% (1) | CWE-749 | Exposed Dangerous Method or Function |
| 8% (1) | CWE-426 | Untrusted Search Path |
| 8% (1) | CWE-276 | Incorrect Default Permissions |
| 8% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 8% (1) | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp11_35317_nix.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote database server is affected by multiple vulnerabilities. File: db2_connect_97fp11_35317_win.nasl - Type: ACT_GATHER_INFO |
