Vulnerabilities > IBM > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-16 | CVE-2009-4334 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.1/9.5/9.7 The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file. | 4.6 |
| 2009-12-16 | CVE-2009-4332 | Denial-Of-Service vulnerability in DB2 9.1/9.5/9.7 db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4329 | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. | 4.0 |
| 2009-12-16 | CVE-2009-4328 | Denial-Of-Service vulnerability in IBM DB2 9.5 Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances. | 4.0 |
| 2009-12-16 | CVE-2009-4327 | Improper Input Validation vulnerability in IBM DB2 9.5/9.7 The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. | 5.0 |
| 2009-12-16 | CVE-2009-4326 | Information Exposure vulnerability in IBM DB2 9.5/9.7 The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. | 4.3 |
| 2009-12-16 | CVE-2009-4325 | Improper Input Validation vulnerability in IBM DB2 The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers." | 6.4 |
| 2009-12-09 | CVE-2009-4239 | Cross-Site Scripting vulnerability in IBM Infosphere Information Server 8.1 Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-12-08 | CVE-2009-2749 | Cryptographic Issues vulnerability in IBM products Feature Pack for Communications Enabled Applications (CEA) before 1.0.0.1 for IBM WebSphere Application Server 7.0.0.7 uses predictable session values, which allows man-in-the-middle attackers to spoof a collaboration session by guessing the value. | 6.4 |
| 2009-12-02 | CVE-2009-4152 | Cross-Site Scripting vulnerability in IBM Websphere Portal 6.1.0.0/6.1.0.1/6.1.0.2 Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag. | 4.3 |