cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 under certain circumstances could allow an authenticated user to the database to cause a denial of service when a statement is run on columnar tables. IBM X-Force ID: 273393.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions. IBM X-Force ID: 270730.
Max CVSS
7.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user with CONNECT privileges to cause a denial of service using a specially crafted query. IBM X-Force ID: 270264.
Max CVSS
6.5
EPSS Score
0.06%
Published
2024-01-22
Updated
2024-03-07
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 federated server is vulnerable to a denial of service when a specially crafted cursor is used. IBM X-Force ID: 268759.
Max CVSS
7.5
EPSS Score
0.07%
Published
2024-01-22
Updated
2024-03-07
IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted RUNSTATS command on an 8TB table. IBM X-Force ID: 264809.
Max CVSS
7.5
EPSS Score
0.07%
Published
2023-12-04
Updated
2024-01-19
Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2013-06-05
Updated
2018-09-25
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.
Max CVSS
8.5
EPSS Score
12.05%
Published
2012-10-20
Updated
2013-03-02
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges.
Max CVSS
7.1
EPSS Score
8.70%
Published
2012-07-25
Updated
2017-12-22
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure.
Max CVSS
5.0
EPSS Score
0.68%
Published
2012-07-25
Updated
2017-12-22
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.85%
Published
2012-07-25
Updated
2017-12-22
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
13.94%
Published
2012-03-20
Updated
2018-10-10
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request.
Max CVSS
5.0
EPSS Score
7.32%
Published
2012-03-20
Updated
2018-10-10
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.
Max CVSS
1.5
EPSS Score
0.04%
Published
2011-11-09
Updated
2017-09-19
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority.
Max CVSS
6.5
EPSS Score
0.35%
Published
2011-02-02
Updated
2017-09-19
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
77.20%
Published
2011-02-01
Updated
2017-09-19
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
Max CVSS
5.0
EPSS Score
0.78%
Published
2010-08-31
Updated
2017-09-19
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
Max CVSS
7.5
EPSS Score
0.89%
Published
2010-08-31
Updated
2017-09-19
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.82%
Published
2010-08-31
Updated
2017-09-19
Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.
Max CVSS
4.0
EPSS Score
4.58%
Published
2010-04-27
Updated
2017-09-19
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.
Max CVSS
6.5
EPSS Score
30.38%
Published
2010-01-28
Updated
2017-09-19
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.34%
Published
2009-12-28
Updated
2010-06-29
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-12-16
Updated
2010-06-29
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.58%
Published
2009-12-16
Updated
2010-06-29
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
Max CVSS
6.4
EPSS Score
0.13%
Published
2009-12-16
Updated
2010-06-29
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
Max CVSS
4.6
EPSS Score
0.05%
Published
2009-12-02
Updated
2009-12-07
44 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!