Total
293 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2025-04-09 | 4.4 MEDIUM | N/A |
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | |||||
CVE-2009-4326 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.3 MEDIUM | N/A |
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | |||||
CVE-2009-2860 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||||
CVE-2008-1966 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.0 MEDIUM | N/A |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | |||||
CVE-2009-4150 | 1 Ibm | 2 Db2, Db2 Universal Database | 2025-04-09 | 4.6 MEDIUM | N/A |
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | |||||
CVE-2009-4438 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.5 MEDIUM | N/A |
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | |||||
CVE-2009-4328 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | |||||
CVE-2009-4335 | 1 Ibm | 1 Db2 | 2025-04-09 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | |||||
CVE-2008-0698 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.8 HIGH | N/A |
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | |||||
CVE-2009-4331 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | |||||
CVE-2009-4329 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.0 MEDIUM | N/A |
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | |||||
CVE-2008-0697 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | |||||
CVE-2009-4330 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. | |||||
CVE-2007-1088 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.2 HIGH | N/A |
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | |||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | |||||
CVE-2007-5652 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.8 HIGH | N/A |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | |||||
CVE-2009-4334 | 1 Ibm | 1 Db2 | 2025-04-09 | 4.6 MEDIUM | N/A |
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | |||||
CVE-2005-2073 | 1 Ibm | 1 Db2 | 2025-04-03 | 2.1 LOW | N/A |
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||||
CVE-2005-4870 | 1 Ibm | 1 Db2 | 2025-04-03 | 4.3 MEDIUM | N/A |
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
CVE-2005-4871 | 1 Ibm | 1 Db2 | 2025-04-03 | 4.3 MEDIUM | N/A |
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. |