U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:ibm:db2:11.1:*:*:*:*:unix:*:*
  • CPE Name Search: true
There are 76 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2023-47141

IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.

Published: January 22, 2024; 4:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-47152

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.

Published: January 22, 2024; 3:15:46 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-50308

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.

Published: January 22, 2024; 2:15:09 PM -0500
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-45193

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.

Published: January 22, 2024; 2:15:08 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-47145

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Published: January 07, 2024; 2:15:08 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-38003

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to. IBM X-Force ID: 260214.

Published: December 03, 2023; 8:15:08 PM -0500
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2023-40692

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions. IBM X-Force ID: 264807.

Published: December 03, 2023; 7:15:07 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-23487

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

Published: July 10, 2023; 12:15:49 PM -0400
V3.1: 4.3 MEDIUM
V2.0:(not available)
CVE-2023-26022

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868.

Published: April 28, 2023; 3:15:16 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-26021

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864.

Published: April 28, 2023; 3:15:16 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-27555

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187.

Published: April 28, 2023; 2:15:26 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-25930

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862.

Published: April 28, 2023; 2:15:26 PM -0400
V3.1: 5.9 MEDIUM
V2.0:(not available)
CVE-2023-29255

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991.

Published: April 27, 2023; 9:15:09 AM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-27559

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196.

Published: April 26, 2023; 4:15:09 PM -0400
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2023-29257

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011.

Published: April 26, 2023; 9:15:08 AM -0400
V3.1: 7.2 HIGH
V2.0:(not available)
CVE-2022-43929

IBM Db2 for Linux, UNIX and Windows 11.1 and 11.5 may be vulnerable to a Denial of Service when executing a specially crafted 'Load' command. IBM X-Force ID: 241676.

Published: February 17, 2023; 12:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-43927

IBM Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 is vulnerable to information Disclosure due to improper privilege management when a specially crafted table access is used. IBM X-Force ID: 241671.

Published: February 17, 2023; 12:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-35637

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.

Published: September 13, 2022; 5:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979.

Published: September 13, 2022; 5:15:09 PM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-22390

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973.

Published: June 24, 2022; 1:15:08 PM -0400
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM