Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
304 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-2197 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | ||||
| CVE-2012-2196 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. | ||||
| CVE-2012-2194 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. | ||||
| CVE-2011-1846 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2012-1797 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | ||||
| CVE-2012-1796 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Db2 and 2 more | 2025-04-11 | N/A |
| Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | ||||
| CVE-2010-3475 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | ||||
| CVE-2012-0712 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | ||||
| CVE-2010-3474 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. | ||||
| CVE-2012-0710 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. | ||||
| CVE-2012-0709 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. | ||||
| CVE-2010-3738 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | ||||
| CVE-2010-3740 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | ||||
| CVE-2013-4032 | 1 Ibm | 1 Db2 | 2025-04-11 | N/A |
| The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data. | ||||
| CVE-2009-4329 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | ||||
| CVE-2009-4328 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | ||||
| CVE-2008-0698 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | ||||
| CVE-2009-4325 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | ||||
| CVE-2009-4335 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | ||||
| CVE-2007-1087 | 1 Ibm | 1 Db2 | 2025-04-09 | N/A |
| IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | ||||