Db2

db2

Vendor: Ibm • 326 CVEs

CVEs (326)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-4693 1Ibm 1Db2 Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTI...Show more The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES."Show less
CVE-2008-4692 1Ibm 1Db2 Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or droppi...Show more The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.Show less
CVE-2008-4691 1Ibm 1Db2 Apr 23, 2026 Oct 22, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segme...Show more Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors.Show less
CVE-2008-3959 1Ibm 1Db2 Apr 23, 2026 Sep 11, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that s...Show more IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.Show less
CVE-2008-3958 1Ibm 1Db2 Apr 23, 2026 Sep 11, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE...Show more IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959.Show less
CVE-2008-1998 1Ibm 1Db2 Apr 23, 2026 Apr 28, 2008 N/A· v4 N/A· v3 8.5 HIGH· v2 The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter.
CVE-2008-1997 1Ibm 1Db2 Apr 23, 2026 Apr 28, 2008 N/A· v4 N/A· v3 9.0 HIGH· v2 Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C i...Show more Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.Show less
CVE-2008-1966 1Ibm 1Db2 Apr 23, 2026 Apr 27, 2008 N/A· v4 N/A· v3 4.0 MEDIUM· v2 Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (...Show more Multiple buffer overflows in the JAR file administration routines in the BSU JAVA subcomponent in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allow remote authenticated users to cause a denial of service (instance crash) via a call to the (1) RECOVERJAR or (2) REMOVE_JAR procedure with a crafted parameter, related to (a) sqlj.install_jar and (b) sqlj.replace_jar.Show less
CVE-2007-3676 1Ibm 1Db2 Apr 23, 2026 Feb 13, 2008 N/A· v4 N/A· v3 10.0 HIGH· v2 IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified poin...Show more IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.Show less
CVE-2008-0699 1Ibm 1Db2 Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 9.0 HIGH· v2 Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecif...Show more Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.Show less
CVE-2008-0698 1Ibm 1Db2 Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 7.8 HIGH· v2 Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
CVE-2008-0697 1Ibm 1Db2 Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 7.2 HIGH· v2 Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2008-0696 1Ibm 1Db2 Apr 23, 2026 Feb 12, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
CVE-2007-5652 1Ibm 1Db2 Apr 23, 2026 Oct 23, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. N...Show more IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.Show less
CVE-2007-2582 1Ibm 1Db2 Apr 23, 2026 May 10, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a...Show more Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."Show less
CVE-2007-1228 1Ibm 1Db2 Apr 23, 2026 Mar 2, 2007 N/A· v4 N/A· v3 4.4 MEDIUM· v2 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVE-2007-1088 1Ibm 1Db2 Apr 23, 2026 Feb 23, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
CVE-2007-1087 1Ibm 1Db2 Apr 23, 2026 Feb 23, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-b...Show more IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.Show less
CVE-2007-1027 1Ibm 1Db2 Apr 23, 2026 Feb 21, 2007 N/A· v4 N/A· v3 4.4 MEDIUM· v2 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
CVE-2006-4257 1Ibm 1Db2 Apr 16, 2026 Aug 21, 2006 N/A· v4 N/A· v3 4.0 MEDIUM· v2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process,...Show more IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.Show less

Previous 1...13 14 151617 Next