Db2@9.5 Security Vulnerabilities and Issues — Page 2 of Db2@9.5 CVE List

Lucene search

IbmDb29.5

61 matches found

CVE•added 2009/12/28 7:30 p.m.•43 views

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

4CVSS6.3AI score0.01108EPSS

CVE•added 2012/03/20 8:55 p.m.•43 views

CVE-2012-0710

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.

5CVSS6.6AI score0.01646EPSS

CVE•added 2008/04/28 8:5 p.m.•42 views

CVE-2008-1998

The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.

8.5CVSS6.2AI score0.01931EPSS

CVE•added 2009/09/29 9:30 p.m.•42 views

CVE-2009-3472

IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.

6.5CVSS5.9AI score0.00565EPSS

CVE•added 2011/05/03 8:55 p.m.•42 views

CVE-2011-1846

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE...

6.5CVSS8.9AI score0.01326EPSS

CVE•added 2009/12/16 6:30 p.m.•41 views

CVE-2009-4325

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

6.4CVSS6.2AI score0.0178EPSS

CVE•added 2014/12/18 4:59 p.m.•41 views

CVE-2014-8901

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

4CVSS6.2AI score0.01579EPSS

CVE•added 2010/10/05 6:0 p.m.•39 views

CVE-2010-3732

The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.

3.5CVSS6.3AI score0.0038EPSS

CVE•added 2008/02/12 1:0 a.m.•38 views

CVE-2008-0699

Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.

9CVSS7AI score0.08004EPSS

CVE•added 2008/04/27 6:5 p.m.•36 views

CVE-2008-1966

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure wi...

4CVSS6.3AI score0.02165EPSS

CVE•added 2010/08/31 10:0 p.m.•31 views

CVE-2010-3195

Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."

5CVSS6.3AI score0.01042EPSS

Total number of security vulnerabilities61