Total
265 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2008-4691 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | |||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2024-02-28 | 6.0 MEDIUM | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
CVE-2009-2859 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.6 MEDIUM | N/A |
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | |||||
CVE-2009-4329 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
CVE-2009-2858 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | |||||
CVE-2008-1966 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.0 MEDIUM | N/A |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | |||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
CVE-2009-4335 | 1 Ibm | 1 Db2 | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | |||||
CVE-2009-4325 | 1 Ibm | 1 Db2 | 2024-02-28 | 6.4 MEDIUM | N/A |
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | |||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-02-28 | 10.0 HIGH | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-02-28 | 10.0 HIGH | N/A |
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | |||||
CVE-2009-4334 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.6 MEDIUM | N/A |
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
CVE-2009-4330 | 1 Ibm | 1 Db2 | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | |||||
CVE-2009-1239 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2024-02-28 | 7.5 HIGH | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | |||||
CVE-2009-3472 | 1 Ibm | 1 Db2 | 2024-02-28 | 6.5 MEDIUM | N/A |
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | |||||
CVE-2009-4332 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | |||||
CVE-2009-2860 | 1 Ibm | 1 Db2 | 2024-02-28 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||||
CVE-2009-4333 | 1 Ibm | 1 Db2 | 2024-02-28 | 7.5 HIGH | N/A |
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | |||||
CVE-2009-1906 | 1 Ibm | 1 Db2 | 2024-02-28 | 4.3 MEDIUM | N/A |
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. |