Lucene search

K
IbmDb2

37 matches found

CVE
CVE
added 2012/06/20 10:27 a.m.310 views

CVE-2012-2180

The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request.

4.3CVSS6.6AI score0.01001EPSS
CVE
CVE
added 2012/03/20 8:55 p.m.309 views

CVE-2012-0709

IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements.

4CVSS7.2AI score0.00337EPSS
CVE
CVE
added 2015/05/08 1:59 a.m.308 views

CVE-2014-0919

IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.

4CVSS4.5AI score0.00355EPSS
CVE
CVE
added 2013/08/28 1:13 p.m.307 views

CVE-2013-4033

IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.

4.6CVSS6.5AI score0.00952EPSS
CVE
CVE
added 2013/12/19 10:55 p.m.305 views

CVE-2013-6717

The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecifi...

4CVSS6.4AI score0.01744EPSS
CVE
CVE
added 2012/03/20 8:55 p.m.300 views

CVE-2012-0712

The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression.

4CVSS6.2AI score0.00982EPSS
CVE
CVE
added 2013/12/18 4:4 p.m.294 views

CVE-2013-5466

The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service via unspecified vectors.

4CVSS6.3AI score0.01038EPSS
CVE
CVE
added 2015/07/20 1:59 a.m.63 views

CVE-2015-1883

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure.

4CVSS5.9AI score0.00336EPSS
CVE
CVE
added 2011/05/03 8:55 p.m.53 views

CVE-2011-1847

IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third p...

4.9CVSS8.8AI score0.01241EPSS
CVE
CVE
added 2015/07/20 1:59 a.m.53 views

CVE-2014-8910

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement.

4CVSS6.1AI score0.00247EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.52 views

CVE-2017-1434

IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.

4.7CVSS5.2AI score0.00068EPSS
CVE
CVE
added 2023/07/10 4:15 p.m.52 views

CVE-2023-23487

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.

4.3CVSS4.3AI score0.00037EPSS
CVE
CVE
added 2009/08/19 5:30 p.m.50 views

CVE-2009-2859

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

4.6CVSS8.9AI score0.00072EPSS
CVE
CVE
added 2010/04/27 3:30 p.m.50 views

CVE-2010-1560

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

4CVSS8.4AI score0.13602EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.49 views

CVE-2009-4328

Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.

4CVSS6.1AI score0.01108EPSS
CVE
CVE
added 2010/09/20 10:0 p.m.49 views

CVE-2010-3475

IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL state...

4CVSS7.2AI score0.01052EPSS
CVE
CVE
added 2010/10/05 6:0 p.m.48 views

CVE-2010-3740

The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch functio...

4CVSS6.2AI score0.00406EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.47 views

CVE-2009-4326

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicti...

4.3CVSS6.2AI score0.00664EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.47 views

CVE-2009-4334

The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

4.6CVSS6.4AI score0.00049EPSS
CVE
CVE
added 2010/10/05 6:0 p.m.47 views

CVE-2010-3736

Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.

4CVSS6.4AI score0.00406EPSS
CVE
CVE
added 2007/02/21 11:28 a.m.46 views

CVE-2007-1027

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

4.4CVSS6.2AI score0.00046EPSS
CVE
CVE
added 2014/12/12 4:59 p.m.46 views

CVE-2014-6209

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying an identity column within a crafted ALTER TABLE statement.

4CVSS6.2AI score0.01597EPSS
CVE
CVE
added 2009/12/16 6:30 p.m.45 views

CVE-2009-4329

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.

4CVSS5.9AI score0.01015EPSS
CVE
CVE
added 2016/04/28 1:59 a.m.45 views

CVE-2016-0211

IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message.

4.3CVSS4.4AI score0.01549EPSS
CVE
CVE
added 2009/06/03 9:0 p.m.43 views

CVE-2009-1906

The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDi...

4.3CVSS6.6AI score0.01035EPSS
CVE
CVE
added 2009/12/02 11:30 a.m.43 views

CVE-2009-4150

dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

4.6CVSS6.3AI score0.00105EPSS
CVE
CVE
added 2009/12/28 7:30 p.m.43 views

CVE-2009-4439

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

4CVSS6.3AI score0.01108EPSS
CVE
CVE
added 2014/12/12 4:59 p.m.43 views

CVE-2014-6210

IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by specifying the same column within multiple ALTER TABLE statements.

4CVSS6.3AI score0.01562EPSS
CVE
CVE
added 2021/09/16 4:15 p.m.43 views

CVE-2021-29752

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

4.4CVSS5AI score0.00361EPSS
CVE
CVE
added 2006/08/21 8:4 p.m.41 views

CVE-2006-4257

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

4CVSS6.1AI score0.0121EPSS
CVE
CVE
added 2014/12/18 4:59 p.m.41 views

CVE-2014-8901

IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML query.

4CVSS6.2AI score0.01579EPSS
CVE
CVE
added 2017/09/12 9:29 p.m.41 views

CVE-2017-1520

IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.

4.3CVSS5.6AI score0.00199EPSS
CVE
CVE
added 2007/03/02 10:19 p.m.40 views

CVE-2007-1228

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

4.4CVSS6.2AI score0.00057EPSS
CVE
CVE
added 2014/11/08 11:55 a.m.37 views

CVE-2014-6097

IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.

4CVSS6.4AI score0.00558EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.36 views

CVE-2005-4870

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a poi...

4.3CVSS7.3AI score0.02197EPSS
CVE
CVE
added 2008/04/27 6:5 p.m.36 views

CVE-2008-1966

Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure wi...

4CVSS6.3AI score0.02165EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.35 views

CVE-2005-4871

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

4.3CVSS6.9AI score0.00321EPSS