Db2@9.7 Security Vulnerabilities and Issues — Db2@9.7 CVE List

Lucene search

IbmDb29.7

8 matches found

CVE•added 2009/12/16 6:30 p.m.•50 views

CVE-2009-4331

The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.

7.2CVSS6.2AI score0.00097EPSS

CVE•added 2009/12/16 6:30 p.m.•48 views

CVE-2009-4327

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.

5CVSS6.2AI score0.01042EPSS

CVE•added 2009/12/16 6:30 p.m.•48 views

CVE-2009-4332

db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.

5CVSS6.1AI score0.00923EPSS

CVE•added 2009/12/16 6:30 p.m.•47 views

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

4.3CVSS6.2AI score0.00664EPSS

CVE•added 2009/12/16 6:30 p.m.•47 views

CVE-2009-4334

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

4.6CVSS6.4AI score0.00049EPSS

CVE•added 2009/12/28 7:30 p.m.•44 views

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.

6.5CVSS6AI score0.01007EPSS

CVE•added 2009/12/02 11:30 a.m.•43 views

CVE-2009-4150

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

4.6CVSS6.3AI score0.00105EPSS

CVE•added 2009/12/16 6:30 p.m.•41 views

CVE-2009-4325

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."

6.4CVSS6.2AI score0.0178EPSS