CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

CVE-2010-3739

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

CVE-2010-3736

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service heap memory consumption by using a different code page than the database server...

CVE-2010-3735

The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service CPU consumption via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time...

CVE-2010-3740

The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...

Design/Logic Flaw

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...

Memory corruption

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

Code injection

The Net Search Extender NSE implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service memory consumption and system hang via the db2ext.textSearch function...

CVE-2010-3739

The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection aka CONNECT and AUTHENTICATION events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers...

CVE-2010-3737

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service heap memory consumption by executing a 1 user-defined function UDF or 2 stored procedure while using a different code page than the database server...

CVE-2010-3735

CVE-2010-3735 affects IBM DB2 UDB 9.5 before FP6a. The vulnerability lies in the Query Compiler, Rewrite, Optimizer component, where remote authenticated users can cause a denial of service by sending a crafted query involving certain UNION ALL views, resulting in an indefinitely large amount of ...

CVE-2010-3733

The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file...

CVE-2010-3736

CVE-2010-3736 affects IBM DB2 UDB 9.5 before FP6a. The vulnerability is a memory leak in the Relational Data Services component when the connection concentrator is enabled, allowing remote authenticated users to cause a denial of service via heap memory consumption by using a different code page ...

CVE-2010-3734

Summary of CVE-2010-3734 : IBM DB2 UDB 9.5 prior to FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length in the Install component, which can facilitate brute-force access attempts. This vulnerability is documented in the NVD entry for CVE-2010-3734 and is reflected in ...

CVE-2010-3732

CVE-2010-3732 affects IBM DB2 UDB 9.5 prior to FP6a, specifically the DRDA Services component. The issue allows remote authenticated users to trigger a denial of service (database server ABEND) by issuing a prepared statement with a large number of parameter markers via the client CLI on Linux, U...

CVE-2010-3737

IBM DB2 UDB 9.5 suffers a memory leak in the Relational Data Services (RDS) component that can be exploited by remote authenticated users to cause a heap DoS by running a UDF or a stored procedure when the client uses a different code page. Affected versions are 9.5 before Fix Pack 6a. Remediatio...