Vulnerabilities > IBM > DB2 > 11.5.5.0

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2020-5025 Classic Buffer Overflow vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.
local
low complexity
ibm netapp CWE-120
7.8
7.8
2021-03-11 CVE-2020-5024 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response.
network
low complexity
ibm netapp
7.5
7.5
2021-03-11 CVE-2020-4976 Incorrect Default Permissions vulnerability in multiple products
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions.
local
low complexity
ibm netapp CWE-276
4.4
4.4
2020-11-20 CVE-2020-4739 Untrusted Search Path vulnerability in IBM DB2
IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.
local
low complexity
ibm CWE-426
7.8
7.8