VYPR

Db2 Universal Database

by IBM

CVEs (70)

  • CVE-2005-4868HigDec 31, 2005
    risk 0.49cvss 7.1epss 0.01

    Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

  • CVE-2009-0172Jan 16, 2009
    risk 0.04cvss epss 0.08

    Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

  • CVE-2004-0795Oct 20, 2004
    risk 0.03cvss epss 0.02

    DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

  • CVE-2003-1050Sep 28, 2004
    risk 0.03cvss epss 0.01

    Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

  • CVE-2003-1051Sep 28, 2004
    risk 0.03cvss epss 0.01

    Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

  • CVE-2003-1052Sep 28, 2004
    risk 0.03cvss epss 0.01

    IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

  • CVE-2003-0898Nov 17, 2003
    risk 0.03cvss epss 0.01

    IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

  • CVE-2003-0759Oct 6, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.

  • CVE-2003-0758Oct 6, 2003
    risk 0.03cvss epss 0.01

    Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long command line argument.

  • CVE-2001-0051Feb 16, 2001
    risk 0.03cvss epss 0.03

    IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.

  • CVE-2001-0052Feb 16, 2001
    risk 0.03cvss epss 0.01

    IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.

  • CVE-2010-3739Oct 5, 2010
    risk 0.00cvss epss 0.01

    The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier…

  • CVE-2009-4150Dec 2, 2009
    risk 0.00cvss epss 0.00

    dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors.

  • CVE-2009-0173Jan 16, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.

  • CVE-2008-3960Sep 11, 2008
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

  • CVE-2008-3858Aug 28, 2008
    risk 0.00cvss epss 0.02

    The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request.

  • CVE-2008-3853Aug 28, 2008
    risk 0.00cvss epss 0.06

    Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to…

  • CVE-2008-3857Aug 28, 2008
    risk 0.00cvss epss 0.00

    The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

  • CVE-2008-3854Aug 28, 2008
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE…

  • CVE-2008-3852Aug 28, 2008
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.

Page 1 of 4