189 matches found
CVE-2007-3676
IBM DB2 Universal Database UDB Administration Server DAS 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory...
CVE-2007-3676
IBM DB2 Universal Database UDB Administration Server DAS 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory...
CVE-2007-5757
The CVE-2007-5757 issue concerns IBM DB2 UDB and specifically the db2pd component. A untrusted search path allows a local user to gain root privileges by manipulating the DB2INSTANCE environment variable to point to a malicious library. Affected versions are IBM DB2 UDB 8 before FixPak 16 and 9 b...
CVE-2007-3676
CVE-2007-3676 concerns IBM DB2 UDB DAS prior to Fix Pack 16 (DAS 8.x) and Fix Pack 4 (DAS 9.x). The vulnerability allows a remote attacker to crash the DAS service or potentially execute arbitrary code by sending specially crafted remote administration requests that modify pointer values, trigger...
Design/Logic Flaw
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors...
CVE-2008-0699
Unspecified vulnerability in the ADMINSPC procedure SYSPROC.ADMINSPC in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors...
Authorization
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors...
Code injection
Unspecified vulnerability in the ADMINSPC procedure SYSPROC.ADMINSPC in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors...
CVE-2008-0696
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors...
Buffer overflow
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."...
CVE-2008-0699
Unspecified vulnerability in the ADMINSPC procedure SYSPROC.ADMINSPC in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors...
CVE-2008-0697
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors...
CVE-2008-0699
The CVE-2008-0699 entry relates to an unspecified remote code execution vulnerability in IBM DB2 UDB via the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C). Affected products/versions include IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1. The underlying issue is within the ADMI...
CVE-2008-0696
CVE-2008-0696 affects IBM DB2 UDB prior to 8.2 Fixpak 16, where the ALTER TABLE statement does not properly enforce authorization. The provided sources describe the issue but do not specify concrete impact, attack vectors, or affected subcomponents beyond the ALTER TABLE authorization check. No e...
CVE-2008-0698
CVE-2008-0698 : IBM DB2 UDB DAS server has a buffer overflow in the DAS component prior to 8.2 Fixpak 16. This memory corruption likely stems from modified pointer values in remote administration requests and may enable denial of service or arbitrary code execution, per related Red Hat and NVD en...
CVE-2007-6051
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the 1 DB2ADMNS and 2 DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related...
CVE-2007-6048
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related...
Directory traversal
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."...
CVE-2007-6047
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART...
CVE-2007-6053
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related...