Vulnerabilities > IBM > DB2 > High

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2023-47152 Information Exposure Through an Error Message vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.
network
low complexity
ibm CWE-209
7.5
2024-01-22 CVE-2023-45193 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.
network
low complexity
ibm
7.5
2024-01-07 CVE-2023-47145 Unspecified vulnerability in IBM DB2
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality.
local
low complexity
ibm
7.8
2023-12-04 CVE-2023-29258 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, and 11.5 is vulnerable to a denial of service through a specially crafted federated query on specific federation objects.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-38727 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted SQL statement.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-40687 Unspecified vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-38003 Unspecified vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a user with DATAACCESS privileges to execute routines that they should not have access to.
network
low complexity
ibm
7.2
2023-12-04 CVE-2023-46167 Unspecified vulnerability in IBM DB2 11.5.6/11.5.8
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-47701 Unspecified vulnerability in IBM DB2
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
network
low complexity
ibm
7.5
2023-12-04 CVE-2023-40692 Resource Exhaustion vulnerability in IBM DB2 10.5/11.1/11.5
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, 11.5 is vulnerable to denial of service under extreme stress conditions.
network
low complexity
ibm CWE-400
7.5