DB2 UDB

CVEs (22)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2008-0699	IBM Db2	0.01	—	0.08	Feb 12, 2008	Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
CVE-2010-3740	IBM Db2	0.00	—	0.00	Oct 5, 2010	The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the…
CVE-2010-3738	IBM Db2	0.00	—	0.00	Oct 5, 2010	The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated…
CVE-2010-3737	IBM Db2	0.00	—	0.00	Oct 5, 2010	Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page…
CVE-2010-3736	IBM Db2	0.00	—	0.00	Oct 5, 2010	Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.
CVE-2010-3735	IBM Db2	0.00	—	0.00	Oct 5, 2010	The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.
CVE-2010-3734	IBM Db2	0.00	—	0.00	Oct 5, 2010	The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
CVE-2010-3733	IBM Db2	0.00	—	0.00	Oct 5, 2010	The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
CVE-2010-3732	IBM Db2	0.00	—	0.00	Oct 5, 2010	The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
CVE-2008-3958	IBM Db2	0.00	—	0.01	Sep 11, 2008	IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an…
CVE-2008-0697	IBM Db2	0.00	—	0.00	Feb 12, 2008	Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2007-6046	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
CVE-2007-6052	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it…
CVE-2007-6050	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
CVE-2007-6051	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-6048	IBM Db2 Universal Database	0.00	—	0.01	Nov 20, 2007	IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-6049	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
CVE-2007-6047	IBM Db2 Universal Database	0.00	—	0.01	Nov 20, 2007	Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
CVE-2007-6045	IBM Db2 Universal Database	0.00	—	0.01	Nov 20, 2007	Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
CVE-2007-6053	IBM Db2 Universal Database	0.00	—	0.00	Nov 20, 2007	IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is…

CVE-2008-0699Feb 12, 2008
IBM
Db2
risk 0.01cvss —epss 0.08
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
CVE-2010-3740Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the…
CVE-2010-3738Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated…
CVE-2010-3737Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page…
CVE-2010-3736Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server.
CVE-2010-3735Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time.
CVE-2010-3734Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack.
CVE-2010-3733Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file.
CVE-2010-3732Oct 5, 2010
IBM
Db2
risk 0.00cvss —epss 0.00
The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers.
CVE-2008-3958Sep 11, 2008
IBM
Db2
risk 0.00cvss —epss 0.01
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an…
CVE-2008-0697Feb 12, 2008
IBM
Db2
risk 0.00cvss —epss 0.00
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2007-6046Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
CVE-2007-6052Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it…
CVE-2007-6050Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."
CVE-2007-6051Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-6048Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.01
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-6049Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
CVE-2007-6047Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.01
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
CVE-2007-6045Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.01
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
CVE-2007-6053Nov 20, 2007
IBM
Db2 Universal Database
risk 0.00cvss —epss 0.00
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is…

Page 1 of 2