Total
210 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1239 | 1 Ibm | 1 Db2 | 2017-08-16 | 5.0 MEDIUM | N/A |
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | |||||
CVE-2008-6821 | 1 Ibm | 1 Db2 | 2017-08-16 | 10.0 HIGH | N/A |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | |||||
CVE-2017-1297 | 3 Ibm, Linux, Microsoft | 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more | 2017-08-11 | 4.4 MEDIUM | 7.3 HIGH |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159. | |||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2017-08-07 | 10.0 HIGH | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | |||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2017-08-07 | 5.0 MEDIUM | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | |||||
CVE-2008-3958 | 1 Ibm | 1 Db2 | 2017-08-07 | 7.5 HIGH | N/A |
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. | |||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2017-08-07 | 5.0 MEDIUM | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | |||||
CVE-2008-2154 | 1 Ibm | 1 Db2 | 2017-08-07 | 6.0 MEDIUM | N/A |
IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | |||||
CVE-2016-5995 | 3 Hp, Ibm, Linux | 5 Hp-ux, Aix, Db2 and 2 more | 2017-07-29 | 6.9 MEDIUM | 7.3 HIGH |
Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, and 11.1 GA on Linux, AIX, and HP-UX allows local users to gain privileges via a Trojan horse library that is accessed by a setuid or setgid program. | |||||
CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2017-07-28 | 7.5 HIGH | N/A |
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | |||||
CVE-2005-4869 | 1 Ibm | 1 Db2 | 2017-07-28 | 2.1 LOW | N/A |
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | |||||
CVE-2005-4870 | 1 Ibm | 1 Db2 | 2017-07-28 | 4.3 MEDIUM | N/A |
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
CVE-2005-4871 | 1 Ibm | 1 Db2 | 2017-07-28 | 4.3 MEDIUM | N/A |
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | |||||
CVE-2003-1052 | 1 Ibm | 2 Db2, Db2 Universal Database | 2017-07-10 | 7.2 HIGH | N/A |
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | |||||
CVE-2003-1050 | 1 Ibm | 1 Db2 | 2017-07-10 | 7.2 HIGH | N/A |
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
CVE-2003-1051 | 1 Ibm | 1 Db2 | 2017-07-10 | 7.2 HIGH | N/A |
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||||
CVE-2017-1105 | 3 Ibm, Linux, Microsoft | 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more | 2017-07-06 | 3.6 LOW | 7.1 HIGH |
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668. | |||||
CVE-2016-0211 | 1 Ibm | 2 Db2, Db2 Connect | 2016-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. | |||||
CVE-2014-0919 | 1 Ibm | 1 Db2 | 2016-11-28 | 4.0 MEDIUM | N/A |
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities. | |||||
CVE-2009-3473 | 1 Ibm | 1 Db2 | 2013-09-10 | 10.0 HIGH | N/A |
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. |