Db2@9.8 Security Vulnerabilities and Issues — Db2@9.8 CVE List

Lucene search

IbmDb29.8

8 matches found

CVE•added 2012/06/20 10:27 a.m.•310 views

CVE-2012-2180

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

4.3CVSS6.6AI score0.01001EPSS

CVE•added 2012/03/20 8:55 p.m.•309 views

CVE-2012-0709

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

4CVSS7.2AI score0.00337EPSS

CVE•added 2012/07/25 10:42 a.m.•305 views

CVE-2012-2197

Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.

7.1CVSS7.5AI score0.12867EPSS

CVE•added 2012/07/25 10:42 a.m.•303 views

CVE-2012-2196

IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.

5CVSS6.5AI score0.00619EPSS

CVE•added 2012/10/20 10:41 a.m.•302 views

CVE-2012-4826

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.

8.5CVSS7.5AI score0.18365EPSS

CVE•added 2012/03/20 8:55 p.m.•300 views

CVE-2012-0712

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

4CVSS6.2AI score0.00982EPSS

CVE•added 2012/07/25 10:42 a.m.•299 views

CVE-2012-2194

Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.

5CVSS6.4AI score0.00651EPSS

CVE•added 2012/03/20 8:55 p.m.•43 views

CVE-2012-0710

IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.

5CVSS6.6AI score0.01646EPSS