U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:ibm:db2:10.5:fp6:*:*:*:*:*:*
  • CPE Name Search: true
There are 87 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

Published: January 22, 2024; 4:15:09 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.

Published: January 22, 2024; 3:15:46 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Published: January 22, 2024; 2:15:09 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

Published: January 22, 2024; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Published: January 07, 2024; 2:15:08 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-40687

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.

Published: December 03, 2023; 9:15:07 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-40373

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. IBM X-Force ID: 263574.

Published: October 16, 2023; 8:15:10 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-38728

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. IBM X-Force ID: 262258.

Published: October 16, 2023; 6:15:11 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-30987

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. IBM X-Force ID: 253440.

Published: October 16, 2023; 5:15:10 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-26022

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

Published: April 28, 2023; 3:15:16 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-27555

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

Published: April 28, 2023; 2:15:26 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-25930

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

Published: April 28, 2023; 2:15:26 PM -0400
V4.0:(not available)
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2023-29255

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Published: April 27, 2023; 9:15:09 AM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-27559

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

Published: April 26, 2023; 4:15:09 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

Published: April 26, 2023; 9:15:08 AM -0400
V4.0:(not available)
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

Published: June 24, 2022; 1:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2022-22389

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740.

Published: June 24, 2022; 1:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-20373

IBM Db2 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an Information Disclosure when using the LOAD utility as under certain circumstances the LOAD utility does not enforce directory restrictions. IBM X-Force ID: 199521.

Published: December 09, 2021; 12:15:07 PM -0500
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2021-29777

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could allow an authenticated user to cause a denial of srevice IBM X-Force ID: 203031.

Published: June 24, 2021; 3:15:08 PM -0400
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0: 4.0 MEDIUM
CVE-2021-29703

Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200659.

Published: June 24, 2021; 3:15:08 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM