Vulnerabilities > IBM > DB2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-08-19 | CVE-2009-2860 | Unspecified vulnerability in IBM DB2 8.1 Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | 5.0 |
| 2009-08-19 | CVE-2009-2859 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command. | 4.6 |
| 2009-08-19 | CVE-2009-2858 | Resource Management Errors vulnerability in IBM DB2 8.1 Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure. | 5.0 |
| 2009-06-03 | CVE-2009-1906 | Denial-Of-Service vulnerability in DB2 9.1/9.5 The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before FP4 allows remote attackers to cause a denial of service (memory corruption and application crash) via an IPv6 address in the correlation token in the APPID string, as demonstrated by an APPID string sent by the third-party DataDirect JDBC driver 3.7.32. network ibm | 4.3 |
| 2009-06-03 | CVE-2009-1905 | Improper Authentication vulnerability in IBM DB2 The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | 2.6 |
| 2009-06-03 | CVE-2008-6821 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | 10.0 |
| 2009-06-03 | CVE-2008-6820 | Configuration vulnerability in IBM DB2 8.0/9.1/9.5 The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | 10.0 |
| 2009-06-03 | CVE-2008-2154 | Configuration vulnerability in IBM DB2 8.0/9.1/9.5 IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | 6.0 |
| 2009-04-03 | CVE-2009-1239 | Information Exposure vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. | 5.0 |
| 2008-10-22 | CVE-2008-4693 | Information Exposure vulnerability in IBM DB2 The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | 5.0 |