The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
CVSS Score
7.5
EPSS Score
0.003
Published
2009-12-16
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
CVSS Score
4.6
EPSS Score
0.0
Published
2009-12-16
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."
CVSS Score
10.0
EPSS Score
0.017
Published
2009-12-16
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
CVSS Score
4.6
EPSS Score
0.001
Published
2009-12-02
IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP2 does not perform the expected drops of certain table functions upon a loss of privileges by the functions' definers, which has unspecified impact and remote attack vectors.
CVSS Score
7.5
EPSS Score
0.008
Published
2009-09-29
IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows remote authenticated users to bypass intended access restrictions, and update, insert, or delete table rows, via unspecified vectors.
CVSS Score
6.5
EPSS Score
0.006
Published
2009-09-29
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
CVSS Score
10.0
EPSS Score
0.006
Published
2009-09-29
Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
CVSS Score
5.0
EPSS Score
0.004
Published
2009-08-19
IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
CVSS Score
4.6
EPSS Score
0.001
Published
2009-08-19
Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
CVSS Score
5.0
EPSS Score
0.011
Published
2009-08-19