Db2
by IBM
CVEs (297)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-1087 | 0.00 | — | 0.01 | Feb 23, 2007 | IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | |||
| CVE-2007-1088 | 0.00 | — | 0.01 | Feb 23, 2007 | Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | |||
| CVE-2007-1027 | 0.00 | — | 0.00 | Feb 21, 2007 | Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | |||
| CVE-2006-6638 | 0.00 | — | 0.02 | Dec 19, 2006 | IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||
| CVE-2006-4257 | 0.00 | — | 0.02 | Aug 21, 2006 | IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a… | |||
| CVE-2005-4871 | 0.00 | — | 0.01 | Dec 31, 2005 | Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | |||
| CVE-2005-4863 | 0.00 | — | 0.00 | Dec 31, 2005 | Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | |||
| CVE-2005-4867 | 0.00 | — | 0.05 | Dec 31, 2005 | Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | |||
| CVE-2005-4870 | 0.00 | — | 0.03 | Dec 31, 2005 | Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be… | |||
| CVE-2005-4864 | 0.00 | — | 0.00 | Dec 31, 2005 | Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | |||
| CVE-2005-4865 | 0.00 | — | 0.06 | Dec 31, 2005 | Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | |||
| CVE-2005-4866 | 0.00 | — | 0.02 | Dec 31, 2005 | Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which… | |||
| CVE-2005-3643 | 0.00 | — | 0.01 | Nov 16, 2005 | IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | |||
| CVE-2005-2073 | 0.00 | — | 0.00 | Jun 29, 2005 | Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||
| CVE-2004-1372 | 0.00 | — | 0.00 | Sep 1, 2004 | Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. | |||
| CVE-2003-0827 | 0.00 | — | 0.01 | Oct 6, 2003 | The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523. | |||
| CVE-2001-1143 | 0.00 | — | 0.02 | Jul 11, 2001 | IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789. |
- CVE-2007-1087Feb 23, 2007risk 0.00cvss —epss 0.01
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
- CVE-2007-1088Feb 23, 2007risk 0.00cvss —epss 0.01
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
- CVE-2007-1027Feb 21, 2007risk 0.00cvss —epss 0.00
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
- CVE-2006-6638Dec 19, 2006risk 0.00cvss —epss 0.02
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
- CVE-2006-4257Aug 21, 2006risk 0.00cvss —epss 0.02
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a…
- CVE-2005-4871Dec 31, 2005risk 0.00cvss —epss 0.01
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
- CVE-2005-4863Dec 31, 2005risk 0.00cvss —epss 0.00
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
- CVE-2005-4867Dec 31, 2005risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
- CVE-2005-4870Dec 31, 2005risk 0.00cvss —epss 0.03
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be…
- CVE-2005-4864Dec 31, 2005risk 0.00cvss —epss 0.00
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
- CVE-2005-4865Dec 31, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
- CVE-2005-4866Dec 31, 2005risk 0.00cvss —epss 0.02
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which…
- CVE-2005-3643Nov 16, 2005risk 0.00cvss —epss 0.01
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
- CVE-2005-2073Jun 29, 2005risk 0.00cvss —epss 0.00
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
- CVE-2004-1372Sep 1, 2004risk 0.00cvss —epss 0.00
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
- CVE-2003-0827Oct 6, 2003risk 0.00cvss —epss 0.01
The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.
- CVE-2001-1143Jul 11, 2001risk 0.00cvss —epss 0.02
IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.
Page 15 of 15