Total
257 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1373 | 1 Ibm | 1 Db2 | 2023-12-10 | 1.5 LOW | N/A |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. | |||||
CVE-2012-0709 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.0 MEDIUM | N/A |
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. | |||||
CVE-2010-0472 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. | |||||
CVE-2010-3197 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2010-3193 | 1 Ibm | 1 Db2 | 2023-12-10 | 10.0 HIGH | N/A |
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. | |||||
CVE-2010-3738 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | |||||
CVE-2009-2860 | 1 Ibm | 1 Db2 | 2023-12-10 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||||
CVE-2009-4335 | 1 Ibm | 1 Db2 | 2023-12-10 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | |||||
CVE-2008-6821 | 1 Ibm | 1 Db2 | 2023-12-10 | 10.0 HIGH | N/A |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | |||||
CVE-2009-4329 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
CVE-2009-3473 | 1 Ibm | 1 Db2 | 2023-12-10 | 10.0 HIGH | N/A |
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. | |||||
CVE-2008-1997 | 1 Ibm | 1 Db2 | 2023-12-10 | 9.0 HIGH | N/A |
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | |||||
CVE-2009-4326 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.3 MEDIUM | N/A |
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | |||||
CVE-2009-2859 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.6 MEDIUM | N/A |
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
CVE-2009-4333 | 1 Ibm | 1 Db2 | 2023-12-10 | 7.5 HIGH | N/A |
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | |||||
CVE-2008-1966 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.0 MEDIUM | N/A |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | |||||
CVE-2009-3472 | 1 Ibm | 1 Db2 | 2023-12-10 | 6.5 MEDIUM | N/A |
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | |||||
CVE-2009-4331 | 1 Ibm | 1 Db2 | 2023-12-10 | 7.2 HIGH | N/A |
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
CVE-2009-4330 | 1 Ibm | 1 Db2 | 2023-12-10 | 7.2 HIGH | N/A |
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | |||||
CVE-2009-4328 | 1 Ibm | 1 Db2 | 2023-12-10 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. |