Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Db2
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 280 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2009-12-16 | CVE-2009-4325 | The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | Db2 | N/A | ||
| 2009-12-02 | CVE-2009-4150 | dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | Db2, Db2_universal_database | N/A | ||
| 2009-09-29 | CVE-2009-3473 | IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. | Db2 | N/A | ||
| 2009-09-29 | CVE-2009-3472 | IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors. | Db2 | N/A | ||
| 2009-09-29 | CVE-2009-3471 | IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors. | Db2 | N/A | ||
| 2009-08-19 | CVE-2009-2860 | Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | Db2 | N/A | ||
| 2009-08-19 | CVE-2009-2859 | IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | Db2 | N/A | ||
| 2009-08-19 | CVE-2009-2858 | Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | Db2 | N/A | ||
| 2009-06-03 | CVE-2009-1906 | The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. | Db2 | N/A | ||
| 2009-06-03 | CVE-2009-1905 | The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | Db2 | N/A |