cpe:2.3:a:ibm:db2:9.1:fp1:*:*:*:*:*:*
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.34%
Published
2009-12-28
Updated
2010-06-29
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-12-16
Updated
2010-06-29
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.58%
Published
2009-12-16
Updated
2010-06-29
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
Max CVSS
6.4
EPSS Score
0.13%
Published
2009-12-16
Updated
2010-06-29
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
Max CVSS
4.6
EPSS Score
0.05%
Published
2009-12-02
Updated
2009-12-07
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.30%
Published
2009-09-29
Updated
2013-09-11
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.30%
Published
2009-09-29
Updated
2009-10-14
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.
Max CVSS
7.5
EPSS Score
0.86%
Published
2009-09-29
Updated
2010-10-07
The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32.
Max CVSS
4.3
EPSS Score
0.17%
Published
2009-06-03
Updated
2009-06-10
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.51%
Published
2009-06-03
Updated
2017-08-17
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query.
Max CVSS
5.0
EPSS Score
0.16%
Published
2009-04-03
Updated
2017-08-17
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
Max CVSS
10.0
EPSS Score
1.83%
Published
2009-06-03
Updated
2017-08-17
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
Max CVSS
10.0
EPSS Score
0.54%
Published
2009-06-03
Updated
2009-08-12
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls.
Max CVSS
6.0
EPSS Score
0.53%
Published
2009-06-03
Updated
2017-08-08
14 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!