Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
287 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2009-4328 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | ||||
CVE-2009-4331 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | ||||
CVE-2009-4332 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | ||||
CVE-2008-6821 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | ||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | ||||
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | ||||
CVE-2007-2582 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | ||||
CVE-2009-4325 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | ||||
CVE-2009-4329 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | ||||
CVE-2009-2860 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | ||||
CVE-2009-4326 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | ||||
CVE-2009-4335 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | ||||
CVE-2009-4438 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | ||||
CVE-2008-0698 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | ||||
CVE-2008-1966 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | ||||
CVE-2009-4150 | 1 Ibm | 2 Db2, Db2 Universal Database | 2025-04-09 | N/A |
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | ||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | ||||
CVE-2009-3471 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | ||||
CVE-2009-2858 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | ||||
CVE-2009-3473 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. |