Vulnerabilities > IBM > DB2 Universal Database > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-05 | CVE-2010-3739 | Improper Authentication vulnerability in IBM DB2 Universal Database 9.5 The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | 6.4 |
| 2009-12-02 | CVE-2009-4150 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Universal Database dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | 4.6 |
| 2009-01-16 | CVE-2009-0173 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | 5.0 |
| 2009-01-16 | CVE-2009-0172 | Improper Input Validation vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | 5.0 |
| 2008-09-11 | CVE-2008-3960 | Improper Input Validation vulnerability in IBM DB2 Universal Database 8.2 Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
| 2008-08-28 | CVE-2008-3858 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | 4.3 |
| 2008-08-28 | CVE-2008-3857 | Information Exposure vulnerability in IBM DB2 Universal Database 9.1 The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | 4.6 |
| 2008-08-28 | CVE-2008-3855 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1 Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. | 4.6 |
| 2008-08-28 | CVE-2008-3852 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 9.1/9.5 Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. | 6.5 |
| 2008-04-16 | CVE-2007-5758 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 8/9.1/9.5 Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable. | 6.9 |