Db2 Universal Database
by IBM
CVEs (70)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-4868 | Hig | 0.49 | 7.1 | 0.01 | Dec 31, 2005 | Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | ||
| CVE-2009-0172 | 0.04 | — | 0.08 | Jan 16, 2009 | Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | |||
| CVE-2004-0795 | 0.03 | — | 0.02 | Oct 20, 2004 | DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | |||
| CVE-2003-1050 | 0.03 | — | 0.01 | Sep 28, 2004 | Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||
| CVE-2003-1051 | 0.03 | — | 0.01 | Sep 28, 2004 | Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | |||
| CVE-2003-1052 | 0.03 | — | 0.01 | Sep 28, 2004 | IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | |||
| CVE-2003-0898 | 0.03 | — | 0.01 | Nov 17, 2003 | IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. | |||
| CVE-2003-0759 | 0.03 | — | 0.01 | Oct 6, 2003 | Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. | |||
| CVE-2003-0758 | 0.03 | — | 0.01 | Oct 6, 2003 | Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | |||
| CVE-2001-0051 | 0.03 | — | 0.03 | Feb 16, 2001 | IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | |||
| CVE-2001-0052 | 0.03 | — | 0.01 | Feb 16, 2001 | IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. | |||
| CVE-2010-3739 | 0.00 | — | 0.01 | Oct 5, 2010 | The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier… | |||
| CVE-2009-4150 | 0.00 | — | 0.00 | Dec 2, 2009 | dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | |||
| CVE-2009-0173 | 0.00 | — | 0.03 | Jan 16, 2009 | Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | |||
| CVE-2008-3960 | 0.00 | — | 0.02 | Sep 11, 2008 | Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | |||
| CVE-2008-3858 | 0.00 | — | 0.02 | Aug 28, 2008 | The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | |||
| CVE-2008-3853 | 0.00 | — | 0.06 | Aug 28, 2008 | Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to… | |||
| CVE-2008-3857 | 0.00 | — | 0.00 | Aug 28, 2008 | The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | |||
| CVE-2008-3854 | 0.00 | — | 0.04 | Aug 28, 2008 | Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE… | |||
| CVE-2008-3852 | 0.00 | — | 0.03 | Aug 28, 2008 | Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. |
- risk 0.49cvss 7.1epss 0.01
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
- CVE-2009-0172Jan 16, 2009risk 0.04cvss —epss 0.08
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.
- CVE-2004-0795Oct 20, 2004risk 0.03cvss —epss 0.02
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
- CVE-2003-1050Sep 28, 2004risk 0.03cvss —epss 0.01
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
- CVE-2003-1051Sep 28, 2004risk 0.03cvss —epss 0.01
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
- CVE-2003-1052Sep 28, 2004risk 0.03cvss —epss 0.01
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
- CVE-2003-0898Nov 17, 2003risk 0.03cvss —epss 0.01
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
- CVE-2003-0759Oct 6, 2003risk 0.03cvss —epss 0.01
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
- CVE-2003-0758Oct 6, 2003risk 0.03cvss —epss 0.01
Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.
- CVE-2001-0051Feb 16, 2001risk 0.03cvss —epss 0.03
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
- CVE-2001-0052Feb 16, 2001risk 0.03cvss —epss 0.01
IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
- CVE-2010-3739Oct 5, 2010risk 0.00cvss —epss 0.01
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier…
- CVE-2009-4150Dec 2, 2009risk 0.00cvss —epss 0.00
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.
- CVE-2009-0173Jan 16, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.
- CVE-2008-3960Sep 11, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
- CVE-2008-3858Aug 28, 2008risk 0.00cvss —epss 0.02
The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request.
- CVE-2008-3853Aug 28, 2008risk 0.00cvss —epss 0.06
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to…
- CVE-2008-3857Aug 28, 2008risk 0.00cvss —epss 0.00
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.
- CVE-2008-3854Aug 28, 2008risk 0.00cvss —epss 0.04
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE…
- CVE-2008-3852Aug 28, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.
Page 1 of 4