Db2 Universal Database
Sign in to watchby IBM
CVEs (66)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2005-4868 | Hig | 0.49 | 7.1 | 0.00 | Dec 31, 2005 | Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |
| CVE-2004-0795 | 0.06 | — | 0.32 | Oct 20, 2004 | DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | ||
| CVE-2001-0051 | 0.04 | — | 0.16 | Feb 16, 2001 | IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database. | ||
| CVE-2009-0172 | 0.03 | — | 0.06 | Jan 16, 2009 | Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | ||
| CVE-2003-1052 | 0.03 | — | 0.00 | Sep 28, 2004 | IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | ||
| CVE-2003-0898 | 0.03 | — | 0.03 | Nov 17, 2003 | IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. | ||
| CVE-2003-0758 | 0.03 | — | 0.00 | Oct 6, 2003 | Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument. | ||
| CVE-2003-0759 | 0.03 | — | 0.00 | Oct 6, 2003 | Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument. | ||
| CVE-2001-0052 | 0.03 | — | 0.02 | Feb 16, 2001 | IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. | ||
| CVE-2005-4867 | 0.02 | — | 0.21 | Dec 31, 2005 | Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | ||
| CVE-2005-4865 | 0.02 | — | 0.29 | Dec 31, 2005 | Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | ||
| CVE-2008-3853 | 0.01 | — | 0.08 | Aug 28, 2008 | Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. | ||
| CVE-2010-3739 | 0.00 | — | 0.00 | Oct 5, 2010 | The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | ||
| CVE-2009-4150 | 0.00 | — | 0.00 | Dec 2, 2009 | dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | ||
| CVE-2009-0173 | 0.00 | — | 0.02 | Jan 16, 2009 | Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | ||
| CVE-2008-3960 | 0.00 | — | 0.01 | Sep 11, 2008 | Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | ||
| CVE-2008-3854 | 0.00 | — | 0.05 | Aug 28, 2008 | Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. | ||
| CVE-2008-3857 | 0.00 | — | 0.00 | Aug 28, 2008 | The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | ||
| CVE-2008-3858 | 0.00 | — | 0.01 | Aug 28, 2008 | The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | ||
| CVE-2008-3852 | 0.00 | — | 0.03 | Aug 28, 2008 | Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. |