Vulnerabilities > IBM > DB2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-10-22 | CVE-2008-4692 | Remote Security vulnerability in DB2 The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | 10.0 |
| 2008-10-22 | CVE-2008-4691 | Denial-Of-Service vulnerability in IBM DB2 8.2/9.1 Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | 5.0 |
| 2008-09-11 | CVE-2008-3959 | Denial-Of-Service vulnerability in DB2 8.1/8.2 IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 5.0 |
| 2008-09-11 | CVE-2008-3958 | Multiple vulnerability in IBM DB2 8.0 IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | 7.5 |
| 2008-04-28 | CVE-2008-1998 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | 8.5 |
| 2008-04-27 | CVE-2008-1966 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar. | 4.0 |
| 2008-02-13 | CVE-2007-3676 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. | 10.0 |
| 2008-02-12 | CVE-2008-0699 | Remote Security vulnerability in IBM DB2 8.2/9.1/9.5 Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors. | 9.0 |
| 2008-02-12 | CVE-2008-0698 | Buffer Errors vulnerability in IBM DB2 8.2Fixpack15 Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | 7.8 |
| 2008-02-12 | CVE-2008-0697 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | 7.2 |