Vulnerabilities > IBM > DB2 > 9.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-16 | CVE-2009-4327 | Improper Input Validation vulnerability in IBM DB2 9.5/9.7 The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4326 | Information Exposure vulnerability in IBM DB2 9.5/9.7 The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | 4.3 |
| 2009-12-16 | CVE-2009-4325 | Improper Input Validation vulnerability in IBM DB2 The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | 6.4 |
| 2009-12-02 | CVE-2009-4150 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 and DB2 Universal Database dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | 4.6 |