189 matches found
CVE-2010-3735
CVE-2010-3735 affects IBM DB2 UDB 9.5 before FP6a. The vulnerability lies in the Query Compiler, Rewrite, Optimizer component, where remote authenticated users can cause a denial of service by sending a crafted query involving certain UNION ALL views, resulting in an indefinitely large amount of ...
CVE-2010-3738
IBM DB2 UDB 9.5 prior to FP6a is affected by an audit-logging issue in the Security component, which uses the instance owner’s USERID/AUTHID instead of the logged-in user’s, enabling remote authenticated users to run Audit administration commands without discovery. This is documented in CVE-2010-...
CVE-2010-3733
The CVE-2010-3733 entry concerns IBM DB2 UDB 9.5 before FP6a. The Engine Utilities component uses world-writable permissions on sqllib/cfg/db2sprf, enabling local users to modify the file to gain privileges. Public references in the initial documents confirm this file-level permission issue; othe...
IBM DB2 Universal Database Connection Handshake Denial of Service (CVE-2006-4257)
The IBM DB2 Universal Database UDB is a relational database management system. The product supports the Distributed Relational Database Architecture DRDA, an Open Group standard, to meet the needs of application programs requiring access to distributed relational data. There exists a denial of...
Team SHATTER Security Advisory: IBM DB2 UDB - Buffer overrun in XMLQUERY and XMLEXISTS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory Buffer overrun in XMLQUERY and XMLEXISTS September 15th 2008 Risk Level: High Affected versions: IBM DB2 Database Server v9.1 and 9.5 on Windows platform. Remote exploitable: Yes Authentication to Database Server is need...
DB2 < 8 FixPak 17 Multiple Vulnerabilities (deprecated)
Binary data 4680.prm...
IBM DB2 8 < Fix Pack 17 Multiple Vulnerabilities
According to its version, the installation of IBM DB2 8 running on the remote host is affected by multiple issues : - By sending malicious DB2 UDB v7 client CONNECT/DETACH requests it may be possible to crash the remote DB2 server. IZ08134 - Failure to switch the owner of the 'DB2FMP' process may...
CVE-2008-3959
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service instance crash via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request...
CVE-2008-3960
Unspecified vulnerability in the JDBC Applet Server Service aka db2jds in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service service crash via "malicious packets."...
Cross site request forgery (csrf)
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service instance crash via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request...
Code injection
Unspecified vulnerability in the JDBC Applet Server Service aka db2jds in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service service crash via "malicious packets."...
Design/Logic Flaw
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service instance crash via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-39...
CVE-2008-3960
IBM DB2 UDB 8 is affected by CVE-2008-3960 in the JDBC Applet Server Service (db2jds) prior to Fixpak 17, enabling remote denial of service via malicious packets. The vulnerability is documented as unspecified in the initial description, with the primary remediation being upgrading to Fixpak 17. ...
CVE-2008-3960
Unspecified vulnerability in the JDBC Applet Server Service aka db2jds in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service service crash via "malicious packets."...
CVE-2008-3959
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service instance crash via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request...
CVE-2008-3959
CVE-2008-3959 affects IBM DB2 UDB. The vulnerability allows remote attackers to cause a denial of service (instance crash) by sending a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. Affected versions include DB2 UDB 8.1 before FixPak ...
CVE-2008-3958
CVE-2008-3958 affects IBM DB2 UDB 8 before Fixpak 17, where a remote attacker can crash the instance by sending a crafted CONNECT/ATTACH stream that mimics a V7 client connect/attach request. The note indicates overlap with CVE-2008-3858 and an incomplete fix related to CVE-2008-3959. The provide...
Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary code execution in ADMIN_SP_C/ADMIN_SP_C2 procedures
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory IBM DB2 UDB Arbitrary code execution in ADMINSPC/ADMINSPC2 procedures April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server. Remotely exploitable: Yes Authentication to Database Serv...
Team SHATTER Security Advisory: IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Team SHATTER Security Advisory IBM DB2 UDB Arbitrary file overwrite in SYSPROC.NNSTAT procedure April 17th 2008 Risk Level: High Affected versions: All versions of IBM DB2 Database Server. Remotely exploitable: Yes Authentication to Database Server is...
CVE-2007-5757
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database UDB 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as...