Total
278 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2013-4033 | 1 Ibm | 2 Db2, Db2 Connect | 2025-04-11 | 4.6 MEDIUM | N/A |
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority. | |||||
CVE-2010-3734 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. | |||||
CVE-2010-0472 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence. | |||||
CVE-2013-6717 | 1 Ibm | 3 Db2, Db2 Connect, Db2 Purescale Feature 9.8 | 2025-04-11 | 4.0 MEDIUM | N/A |
The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 through FP5, 10.1 through FP3, and 10.5 through FP2, and the DB2 pureScale Feature 9.8 for Enterprise Server Edition, allows remote authenticated users to cause a denial of service (database outage and deactivation) via unspecified vectors. | |||||
CVE-2011-0757 | 1 Ibm | 1 Db2 | 2025-04-11 | 6.5 MEDIUM | N/A |
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. | |||||
CVE-2012-1796 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Db2 and 2 more | 2025-04-11 | 7.2 HIGH | N/A |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. | |||||
CVE-2012-2197 | 1 Ibm | 1 Db2 | 2025-04-11 | 7.1 HIGH | N/A |
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | |||||
CVE-2012-2196 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. | |||||
CVE-2010-3196 | 1 Ibm | 1 Db2 | 2025-04-11 | 3.5 LOW | N/A |
IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | |||||
CVE-2012-0712 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. | |||||
CVE-2010-3475 | 1 Ibm | 1 Db2 | 2025-04-11 | 4.0 MEDIUM | N/A |
IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. | |||||
CVE-2010-3735 | 1 Ibm | 1 Db2 | 2025-04-11 | 2.1 LOW | N/A |
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | |||||
CVE-2013-4032 | 1 Ibm | 1 Db2 | 2025-04-11 | 5.0 MEDIUM | N/A |
The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server Edition and Advanced Enterprise Server Edition 10.1 before FP3 and 10.5, when a multi-node configuration is used, allows remote attackers to cause a denial of service via vectors involving arbitrary data. | |||||
CVE-2011-1846 | 1 Ibm | 1 Db2 | 2025-04-11 | 6.5 MEDIUM | N/A |
IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-04-09 | 10.0 HIGH | N/A |
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | |||||
CVE-2009-1239 | 1 Ibm | 1 Db2 | 2025-04-09 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2025-04-09 | 6.0 MEDIUM | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
CVE-2008-0696 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.5 HIGH | N/A |
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | |||||
CVE-2008-1997 | 1 Ibm | 1 Db2 | 2025-04-09 | 9.0 HIGH | N/A |
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. | |||||
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2025-04-09 | 7.5 HIGH | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. |