Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:ibm:db2:9.1:fp2a:*:*:*:*:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2009-4334 |
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. Published: December 16, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2009-4332 |
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. Published: December 16, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-4325 |
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." Published: December 16, 2009; 1:30:00 PM -0500 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2009-1239 |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. Published: April 03, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4693 |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-4692 |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-4691 |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. Published: October 22, 2008; 2:00:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-1997 |
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. Published: April 28, 2008; 4:05:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2008-1966 |
Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. Published: April 27, 2008; 2:05:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2008-0699 |
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. Published: February 11, 2008; 8:00:00 PM -0500 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-5652 |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: October 23, 2007; 5:47:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-1087 |
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. Published: February 23, 2007; 5:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-1088 |
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. Published: February 23, 2007; 5:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |