Vulnerabilities > IBM > DB2 > High

DATE CVE VULNERABILITY TITLE RISK
2019-04-03 CVE-2018-1936 Out-of-bounds Write vulnerability in IBM DB2
IBM DB2 9.7, 10.1, 10.5, and 11.1 libdb2e.so.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.
local
low complexity
ibm CWE-787
7.8
7.8
2019-03-21 CVE-2019-4094 Uncontrolled Search Path Element vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to root by loading a malicious shared library.
local
low complexity
ibm CWE-427
7.8
7.8
2019-03-11 CVE-2019-4016 Classic Buffer Overflow vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm CWE-120
7.8
7.8
2019-03-11 CVE-2019-4015 Classic Buffer Overflow vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm CWE-120
7.8
7.8
2019-03-11 CVE-2018-1980 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm CWE-119
7.8
7.8
2019-03-11 CVE-2018-1978 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root.
local
low complexity
ibm CWE-119
7.8
7.8
2019-03-11 CVE-2018-1923 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.
local
low complexity
ibm CWE-119
7.8
7.8
2019-03-11 CVE-2018-1922 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution.
local
low complexity
ibm CWE-119
7.8
7.8
2018-11-30 CVE-2018-1897 Out-of-bounds Write vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.
local
low complexity
ibm CWE-787
7.8
7.8
2018-11-09 CVE-2018-1834 Link Following vulnerability in IBM DB2
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack.
local
low complexity
ibm CWE-59
7.8
7.8