VYPR

Db2

by IBM

CVEs (297)

  • CVE-2007-1087Feb 23, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

  • CVE-2007-1088Feb 23, 2007
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

  • CVE-2007-1027Feb 21, 2007
    risk 0.00cvss epss 0.00

    Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

  • CVE-2006-6638Dec 19, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

  • CVE-2006-4257Aug 21, 2006
    risk 0.00cvss epss 0.02

    IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a…

  • CVE-2005-4871Dec 31, 2005
    risk 0.00cvss epss 0.01

    Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

  • CVE-2005-4863Dec 31, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.

  • CVE-2005-4867Dec 31, 2005
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.

  • CVE-2005-4870Dec 31, 2005
    risk 0.00cvss epss 0.03

    Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be…

  • CVE-2005-4864Dec 31, 2005
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.

  • CVE-2005-4865Dec 31, 2005
    risk 0.00cvss epss 0.06

    Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

  • CVE-2005-4866Dec 31, 2005
    risk 0.00cvss epss 0.02

    Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which…

  • CVE-2005-3643Nov 16, 2005
    risk 0.00cvss epss 0.01

    IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.

  • CVE-2005-2073Jun 29, 2005
    risk 0.00cvss epss 0.00

    Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.

  • CVE-2004-1372Sep 1, 2004
    risk 0.00cvss epss 0.00

    Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.

  • CVE-2003-0827Oct 6, 2003
    risk 0.00cvss epss 0.01

    The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.

  • CVE-2001-1143Jul 11, 2001
    risk 0.00cvss epss 0.02

    IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

Page 15 of 15