Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:db2:8.1.8
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-47141 |
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264. Published: January 22, 2024; 4:15:09 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-47152 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730. Published: January 22, 2024; 3:15:46 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-50308 |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393. Published: January 22, 2024; 2:15:09 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-45193 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759. Published: January 22, 2024; 2:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-40687 |
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809. Published: December 03, 2023; 9:15:07 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2011-1373 |
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. Published: November 09, 2011; 6:55:01 PM -0500 |
V3.x:(not available) V2.0: 1.5 LOW |
CVE-2011-1847 |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. Published: May 03, 2011; 4:55:12 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2011-1846 |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. Published: May 03, 2011; 4:55:12 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2011-0757 |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. Published: February 02, 2011; 6:00:33 PM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2011-0731 |
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. Published: February 01, 2011; 1:00:03 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-1560 |
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462. Published: April 27, 2010; 11:30:01 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2009-1905 |
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. Published: June 03, 2009; 5:00:00 PM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2009-1239 |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. Published: April 03, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4693 |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4692 |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-4691 |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3959 |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. Published: September 10, 2008; 9:13:47 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-3676 |
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698. Published: February 12, 2008; 7:00:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-5652 |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: October 23, 2007; 5:47:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-2582 |
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." Published: May 09, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |