VYPR

DB2 UDB

by IBM

CVEs (36)

  • CVE-2007-6051Nov 20, 2007
    risk 0.00cvss epss 0.02

    IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

  • CVE-2007-6047Nov 20, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.

  • CVE-2007-6049Nov 20, 2007
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.

  • CVE-2007-6052Nov 20, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it…

  • CVE-2007-6045Nov 20, 2007
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.

  • CVE-2007-5652Oct 23, 2007
    risk 0.00cvss epss 0.02

    IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to…

  • CVE-2007-4423Aug 18, 2007
    risk 0.00cvss epss 0.04

    Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

  • CVE-2007-4272Aug 18, 2007
    risk 0.00cvss epss 0.00

    Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified…

  • CVE-2007-4417Aug 18, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

  • CVE-2007-4271Aug 18, 2007
    risk 0.00cvss epss 0.00

    Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be…

  • CVE-2007-4418Aug 18, 2007
    risk 0.00cvss epss 0.01

    IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to…

  • CVE-2007-4273Aug 18, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment…

  • CVE-2007-4275Aug 18, 2007
    risk 0.00cvss epss 0.00

    Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on…

  • CVE-2007-4276Aug 18, 2007
    risk 0.00cvss epss 0.01

    Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.

  • CVE-2007-4270Aug 18, 2007
    risk 0.00cvss epss 0.00

    Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

  • CVE-2007-1228Mar 2, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

Page 2 of 2