Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query.
Max CVSS
4.0
EPSS Score
0.38%
Published
2009-12-28
Updated
2010-06-29
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.34%
Published
2009-12-28
Updated
2010-06-29
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-12-21
Updated
2009-12-22
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-12-21
Updated
2009-12-22
CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.10%
Published
2009-12-18
Updated
2009-12-21
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."
Max CVSS
10.0
EPSS Score
0.60%
Published
2009-12-16
Updated
2017-08-17
The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2009-12-16
Updated
2010-06-29
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command.
Max CVSS
7.5
EPSS Score
0.53%
Published
2009-12-16
Updated
2010-06-29
db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 and 9.5 before FP5 allows attackers to cause a denial of service (NULL pointer dereference and application termination) via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.58%
Published
2009-12-16
Updated
2010-06-29
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.
Max CVSS
7.2
EPSS Score
0.07%
Published
2009-12-16
Updated
2010-10-07
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors.
Max CVSS
7.2
EPSS Score
0.05%
Published
2009-12-16
Updated
2010-06-29
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility.
Max CVSS
4.0
EPSS Score
0.44%
Published
2009-12-16
Updated
2009-12-17
Unspecified vulnerability in the DRDA Services component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (server trap) by calling a SQL stored procedure in unknown circumstances.
Max CVSS
4.0
EPSS Score
0.38%
Published
2009-12-16
Updated
2010-06-29
The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.59%
Published
2009-12-16
Updated
2010-06-29
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
Max CVSS
4.3
EPSS Score
0.21%
Published
2009-12-16
Updated
2010-06-29
The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not validate an unspecified pointer, which allows attackers to overwrite "external memory" via unknown vectors, related to a missing "check for null pointers."
Max CVSS
6.4
EPSS Score
0.13%
Published
2009-12-16
Updated
2010-06-29
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2009-12-09
Updated
2017-08-17
Cross-site scripting (XSS) vulnerability in the Web console in IBM InfoSphere Information Server 8.1 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.27%
Published
2009-12-09
Updated
2017-08-17
Unspecified vulnerability in the XMLAccess component in IBM WebSphere Portal 6.1.x before 6.1.0.3 has unknown impact and attack vectors, related to the work directory.
Max CVSS
7.5
EPSS Score
0.21%
Published
2009-12-02
Updated
2009-12-03
Cross-site scripting (XSS) vulnerability in the Collaboration component in IBM WebSphere Portal 6.1.x before 6.1.0.3 allows remote attackers to inject arbitrary web script or HTML via the people picker tag.
Max CVSS
4.3
EPSS Score
0.16%
Published
2009-12-02
Updated
2011-01-06
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
Max CVSS
4.6
EPSS Score
0.05%
Published
2009-12-02
Updated
2009-12-07
Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) the JSF Tree Control and (2) the JavaScript Resource Servlet.
Max CVSS
4.3
EPSS Score
0.29%
Published
2009-11-23
Updated
2017-08-17
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.18%
Published
2009-11-12
Updated
2010-01-06
Unspecified vulnerability in the Cluster Management component in IBM PowerHA 5.4, 5.4.1, 5.5, and 6.1 on AIX allows remote attackers to modify the operating-system configuration via packets to the godm port (6177/tcp).
Max CVSS
7.8
EPSS Score
0.45%
Published
2009-11-06
Updated
2017-08-17
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
Max CVSS
9.3
EPSS Score
0.12%
Published
2009-11-04
Updated
2009-11-18
172 vulnerabilities found
1 2 3 4 5 6 7
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!