Lucene search

K

14 matches found

CVE
CVE
added 2009/09/29 9:30 p.m.57 views

CVE-2009-3471

IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.

7.5CVSS6.2AI score0.00847EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.52 views

CVE-2008-2154

IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.

6CVSS6.1AI score0.00947EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.52 views

CVE-2008-6820

The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.

10CVSS6.3AI score0.00833EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.51 views

CVE-2009-1905

The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.

2.6CVSS9.3AI score0.00499EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.50 views

CVE-2008-6821

Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.

10CVSS9.6AI score0.07984EPSS
CVE
CVE
added 2009/09/29 9:30 p.m.48 views

CVE-2009-3473

IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.

10CVSS6.5AI score0.00599EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.48 views

CVE-2009-4332

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.

5CVSS6.1AI score0.00923EPSS
CVE
CVE
added 2009/04/03 6:30 p.m.47 views

CVE-2009-1239

IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.

5CVSS8.6AI score0.00301EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.47 views

CVE-2009-4334

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

4.6CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2009/12/28 7:30 p.m.44 views

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

6.5CVSS6AI score0.01007EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.43 views

CVE-2009-1906

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDi...

4.3CVSS6.6AI score0.01035EPSS
CVE
CVE
added 2009/12/02 11:30 a.m.43 views

CVE-2009-4150

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

4.6CVSS6.3AI score0.00105EPSS
CVE
CVE
added 2009/09/29 9:30 p.m.42 views

CVE-2009-3472

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

6.5CVSS5.9AI score0.00565EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.41 views

CVE-2009-4325

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

6.4CVSS6.2AI score0.0178EPSS