Ibm

Db2

327 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.5

CVE-2010-3196

  • EPSS 0.38%
  • Veröffentlicht 31.08.2010 22:00:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote authenticated users to cause a denial of service (loss of privileges) to a view owner by defining a dependent view.

5

CVE-2010-3197

  • EPSS 0.28%
  • Veröffentlicht 31.08.2010 22:00:02
  • Zuletzt bearbeitet 29.04.2026 01:13:23

IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors.

4

CVE-2010-1560

  • EPSS 1.1%
  • Veröffentlicht 27.04.2010 15:30:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462.

5

CVE-2010-0472

Exploit
  • EPSS 1.11%
  • Veröffentlicht 02.02.2010 18:30:00
  • Zuletzt bearbeitet 29.04.2026 01:13:23

kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.

6.5

CVE-2010-0462

Exploit
  • EPSS 18.35%
  • Veröffentlicht 28.01.2010 20:30:01
  • Zuletzt bearbeitet 29.04.2026 01:13:23

Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function.

6.5

CVE-2009-4438

  • EPSS 1.01%
  • Veröffentlicht 28.12.2009 19:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated u...

4

CVE-2009-4439

  • EPSS 1.11%
  • Veröffentlicht 28.12.2009 19:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.

6.4

CVE-2009-4325

Exploit
  • EPSS 1.78%
  • Veröffentlicht 16.12.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "...

4.3

CVE-2009-4326

  • EPSS 0.66%
  • Veröffentlicht 16.12.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protect...

5

CVE-2009-4327

  • EPSS 1.04%
  • Veröffentlicht 16.12.2009 18:30:00
  • Zuletzt bearbeitet 23.04.2026 00:35:47

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspeci...