Db2 Universal Database CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (67 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2003-0898	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
CVE-2003-0827	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
CVE-2003-0837	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
CVE-2006-3068	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."
CVE-2001-0051	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
CVE-2005-4735	1 Ibm	1 Db2 Universal Database	2026-04-16	N/A
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
CVE-2010-3739	1 Ibm	1 Db2 Universal Database	2025-04-11	N/A
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery.

« first previous Page 4 of 4.