Vulnerabilities > IBM > DB2 Connect > 10.5.0.5

DATE CVE VULNERABILITY TITLE RISK
2017-09-12 CVE-2017-1520 Improper Authentication vulnerability in IBM DB2 and DB2 Connect
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT.
network
high complexity
ibm CWE-287
3.7
3.7
2017-09-12 CVE-2017-1519 Improper Input Validation vulnerability in IBM DB2 and DB2 Connect
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability.
network
high complexity
ibm CWE-20
5.9
5.9
2017-09-12 CVE-2017-1452 Unspecified vulnerability in IBM DB2 and DB2 Connect
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files.
local
low complexity
ibm
7.8
7.8
2017-09-12 CVE-2017-1451 Unspecified vulnerability in IBM DB2 and DB2 Connect
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access.
local
low complexity
ibm
7.8
7.8
2017-09-12 CVE-2017-1439 Unspecified vulnerability in IBM DB2 and DB2 Connect
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access.
local
low complexity
ibm
6.7
6.7
2017-09-12 CVE-2017-1438 Unspecified vulnerability in IBM DB2 and DB2 Connect
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access.
local
low complexity
ibm
6.7
6.7
2016-10-01 CVE-2016-5995 Permissions, Privileges, and Access Controls vulnerability in IBM DB2
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program.
local
low complexity
ibm CWE-264
7.3
7.3
2016-04-28 CVE-2016-0211 Improper Input Validation vulnerability in IBM DB2 and DB2 Connect
IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.
network
low complexity
ibm CWE-20
4.3
4.3