Vulnerabilities > IBM > DB2 > 9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-08-31 | CVE-2010-3197 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7 IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. | 5.0 |
| 2010-08-31 | CVE-2010-3196 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.7 IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view. | 3.5 |
| 2010-08-31 | CVE-2010-3195 | Unspecified vulnerability in IBM DB2 9.1/9.5/9.7 Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." | 5.0 |
| 2010-08-31 | CVE-2010-3194 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. | 7.5 |
| 2010-08-31 | CVE-2010-3193 | Unspecified vulnerability in IBM DB2 9.1/9.5/9.7 Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. | 10.0 |
| 2010-01-28 | CVE-2010-0462 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 9.1/9.5/9.7 Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. | 6.5 |
| 2009-12-28 | CVE-2009-4438 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. | 6.5 |
| 2009-12-16 | CVE-2009-4334 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | 4.6 |
| 2009-12-16 | CVE-2009-4332 | Denial-Of-Service vulnerability in DB2 9.1/9.5/9.7 db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4331 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5/9.7 The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. | 7.2 |