VYPR

Db2 Universal Database

by IBM

CVEs (70)

  • CVE-2007-4417Aug 18, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

  • CVE-2007-4418Aug 18, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to…

  • CVE-2007-4273Aug 18, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment…

  • CVE-2007-1089Feb 23, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.

  • CVE-2007-1086Feb 23, 2007
    risk 0.00cvss epss 0.00

    Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

  • CVE-2006-6638Dec 19, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

  • CVE-2006-4257Aug 21, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a…

  • CVE-2006-3067Jun 19, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2)…

  • CVE-2006-3066Jun 19, 2006
    risk 0.00cvss epss 0.02

    Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.

  • CVE-2006-3068Jun 19, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."

  • CVE-2005-4735Dec 31, 2005
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka…

  • CVE-2005-4866Dec 31, 2005
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which…

  • CVE-2005-4863Dec 31, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.

  • CVE-2005-4864Dec 31, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.

  • CVE-2005-4867Dec 31, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.

  • CVE-2005-4739Dec 31, 2005
    risk 0.00cvss epss 0.01

    IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.

  • CVE-2005-4740Dec 31, 2005
    risk 0.00cvss epss 0.01

    IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."

  • CVE-2005-4737Dec 31, 2005
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.

  • CVE-2005-4736Dec 31, 2005
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.

  • CVE-2005-4865Dec 31, 2005
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.