Lucene search
K
IbmDb2 Universal Database

66 matches found

CVE
CVE
added 2007/08/18 9:0 p.m.226 views

CVE-2007-4276

CVE-2007-4276: A stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local attackers to execute arbitrary code by sending a long value via the DASPROF environment variable (and possibly others) that is copied into the buildDasPaths buffer. Affected product...

6.9CVSS7.6AI score0.00499EPSS
CVE
CVE
added 2001/02/02 5:0 a.m.115 views

CVE-2001-0051

CVE-2001-0051 is linked to IBM DB2 UDB 6.1 where a default account/password enables remote access. Connected docs corroborate generic risk through default-db2 credentials (db2as, db2inst1, db2fenc1, etc.) and multiple related CVEs (CVE-1999-0501, CVE-1999-0502, CVE-2001-0051). OpenVAS/Nessus entr...

7.5CVSS6.3AI score0.0279EPSS
CVE
CVE
added 2003/09/23 4:0 a.m.82 views

CVE-2003-0827

CVE-2003-0827 concerns the IBM DB2 Discovery Service. The DB2 discovery service on UDP port 523 can be crashed by a remote attacker sending a long UDP packet, causing a denial of service. The issue is associated with IBM DB2 before FixPak 10a. OpenVAS entries corroborate a UDP-based DoS affecting...

5CVSS6.5AI score0.01227EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.80 views

CVE-2007-4270

CVE-2007-4270 affects IBM DB2 Universal Database (UDB) 8 before Fixpak 15 and 9.1 before Fixpak 3. Local users can elevate to root via a race condition involving symbolic links when handling privileged files. The issue is documented in multiple sources, including NVD and iDefense advisories, with...

6.9CVSS6.3AI score0.00328EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.74 views

CVE-2007-4275

IBM DB2 UDB 8.x (Fixpak 15) and 9.1 (Fixpak 3) have multiple local privilege-escalation vulnerabilities due to untrusted search paths and environment-based file/binary loading. Exploitable vectors include startup of the DB2 instance or FMP on Linux/Solaris, execution of executables while running ...

6.9CVSS6.5AI score0.00361EPSS
CVE
CVE
added 2006/12/19 8:0 p.m.73 views

CVE-2006-6638

CVE-2006-6638 affects IBM DB2 UDB 8.1 before FixPak 14. A remote attacker can trigger a denial of service by sending a crafted SQLJRA packet, leading to a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL. This is the same issue described in CVE-2006-4257 family bu...

5CVSS6.2AI score0.02175EPSS
CVE
CVE
added 2008/02/12 11:0 p.m.73 views

CVE-2007-5757

The CVE-2007-5757 issue concerns IBM DB2 UDB and specifically the db2pd component. A untrusted search path allows a local user to gain root privileges by manipulating the DB2INSTANCE environment variable to point to a malicious library. Affected versions are IBM DB2 UDB 8 before FixPak 16 and 9 b...

6.9CVSS6.1AI score0.00329EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.69 views

CVE-2007-4271

CVE-2007-4271 affects IBM DB2 Universal Database 8 (before Fixpak 15) and 9.1 (before Fixpak 3). Local attackers can cause directory traversal by an environment variable appended to /tmp/ for log file creation, enabling arbitrary file creation and potential privilege escalation via setuid-root bi...

2.1CVSS6AI score0.00478EPSS
CVE
CVE
added 2008/04/16 6:0 p.m.68 views

CVE-2007-5664

DB2 DB2 Administration Server (DAS) component db2dasrrm is vulnerable to a local, symlink-based file-overwrite during initialization. Affected versions are IBM DB2 Universal Database: 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16. The underlying issue allows a local user t...

6.9CVSS6AI score0.00342EPSS
CVE
CVE
added 2007/02/23 10:0 p.m.66 views

CVE-2007-1089

CVE-2007-1089 affects IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1. The vulnerability arises when local users with table SELECT privileges can execute unauthorized UPDATE and DELETE SQL commands via unknown vectors. Affected component appears to be the database access/authorization pat...

7.2CVSS6.6AI score0.00304EPSS
CVE
CVE
added 2008/08/28 5:0 p.m.66 views

CVE-2008-3852

CVE-2008-3852 affects IBM DB2 Server via the CLR stored procedure deployment feature of IBM Database Add-Ins for Visual Studio. A vulnerability in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code through unknown vectors in the CLR dep...

6.5CVSS6.8AI score0.0343EPSS
CVE
CVE
added 2002/03/15 5:0 a.m.64 views

CVE-2001-1143

CVE-2001-1143 affects IBM DB2 7.0. A remote attacker can cause a denial-of-service (crash) by sending a single byte to (1) db2ccs.exe on port 6790 or (2) db2jds.exe on port 6789. This vulnerability is documented across multiple feeds (NVD, CVE List, Nessus/DOS plugin) with CVSSv2 vector AV:N/AC:L...

5CVSS6.5AI score0.01632EPSS
CVE
CVE
added 2003/09/19 4:0 a.m.64 views

CVE-2003-0759

CVE-2003-0759 describes a local privilege escalation in IBM DB2 Universal Data Base 7.2 for Linux (x86 and s390) via a stack-based buffer overflow in the setuid binary db2licm. The issue is triggered by a long command line and can grant root privileges. Vendor fixes are provided in Fixpak 10a for...

7.2CVSS6.7AI score0.01049EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.64 views

CVE-2007-4418

IBM DB2 UDB 8 prior to Fixpak 15 is reported to fail an authorization check, allowing remote authenticated users with a specific SELECT privilege to trigger an unknown impact via unspecified vectors. The entry notes a possible relation to CVE-2007-1089, but details are unclear. The provided conne...

5.5CVSS6.1AI score0.01341EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.64 views

CVE-2007-4423

CVE-2007-4423 : A stack-based buffer overflow in IBM DB2 UDB 9.1 (prior to Fixpak 3) occurs in the AUTH_LIST_GROUPS_FOR_AUTHID function. This vulnerability allows denial of service and may enable arbitrary code execution via a long argument. Affected product/version: IBM DB2 UDB 9.1 before Fixpak...

5CVSS7.8AI score0.03528EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.63 views

CVE-2007-6045

CVE-2007-6045 affects IBM DB2 UDB 9.1 before Fixpak 4, specifically the DB2WATCH and DB2FREEZE components. The description states an unspecified vulnerability with unknown impact and attack vectors; no explicit exploitation details, affected versions beyond the mentioned FixPak, or remediation ar...

10CVSS6.4AI score0.01826EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.63 views

CVE-2007-6053

CVE-2007-6053 affects IBM DB2 UDB 9.1 before Fixpak 4, where handling of a large number of file descriptors is not robust, potentially leading to memory corruption. The vendor description is vague, and the available documents do not provide a confirmed security impact, exploit details, or a state...

9.3CVSS6.3AI score0.01272EPSS
CVE
CVE
added 2001/02/02 5:0 a.m.62 views

CVE-2001-0052

IBM DB2 Universal Database 6.1 is affected by CVE-2001-0052, where a malformed query can cause a denial of service. Affected product: IBM DB2 UDB 6.1. Vulnerability type: denial of service via malformed query. Root cause details are not provided in the supplied documents. Exploitation status and ...

2.1CVSS6.6AI score0.0121EPSS
CVE
CVE
added 2004/08/20 4:0 a.m.62 views

CVE-2003-1049

CVE-2003-1049 affects IBM DB2 Universal Database 7 before FixPak 12, where DMS directories are created with insecure 777 permissions, allowing local users to modify or delete certain DB2 files. Root cause: insecure directory permissions on DMS components. Impact as per CVSS: partial confidentiali...

4.6CVSS6.5AI score0.00331EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.62 views

CVE-2004-1372

CVE-2004-1372 affects IBM DB2 7.x and 8.1. multiple stack-based buffer overflows allow local users to execute arbitrary code via (1) a long third argument to rec2xml, or (2) a long filename argument to generate_distfile. Root cause is stack-based overflow in these input paths; impact is local cod...

7.2CVSS7.2AI score0.00488EPSS
CVE
CVE
added 2006/03/19 11:0 p.m.62 views

CVE-2005-4736

CVE-2005-4736 affects IBM DB2 Universal Database (UDB) 8.2 until FP10. The vulnerability allows remote authenticated users to cause a denial of service (disk consumption) by triggering an infinite loop in the hash-join path (hsjn) through sqlri_hsjnFlushBlocks. The issue is tied to the specific h...

6.8CVSS6.3AI score0.02315EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.62 views

CVE-2007-6048

CVE-2007-6048 : IBM DB2 UDB 9.1 before Fixpak 4 allegedly uses incorrect permissions on ACLs for DB2NODES.CFG. The NVD entry notes unknown impact and attack vectors; connected sources also reference this ACL issue among several vulnerabilities in DB2 9.x before Fix Pack 4. No explicit exploitatio...

10CVSS6.3AI score0.01769EPSS
CVE
CVE
added 2008/08/28 5:0 p.m.62 views

CVE-2008-3858

The CVE-2008-3858 entry concerns IBM DB2 9.1’s Downlevel DB2RA Support component. A crafted CONNECT data stream simulating a V7 client connect request can remotely cause an instance crash (DoS) prior to Fixpak 4a. The description does not provide details on affected subcomponents beyond this, nor...

4.3CVSS6.2AI score0.01855EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.61 views

CVE-2007-4273

CVE-2007-4273 affects IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3. Local attackers could create arbitrary directories and execute arbitrary code by supplying a crafted localized message file that enables a format-string attack, potentially involving the OSSEMEMDBG or TRC_LOG_FILE envir...

4.6CVSS6.9AI score0.00414EPSS
CVE
CVE
added 2003/10/08 4:0 a.m.60 views

CVE-2003-0836

CVE-2003-0836 concerns IBM DB2 Universal Database: a stack-based buffer overflow in the LOAD command. Affected versions are DB2 UDB v7.2 before Fixpak 10/10a and v8.1 before Fixpak 2. An attacker with Connect privileges can execute arbitrary code. IBM fixed the issue via Fixpak 10/10a for v7.2 an...

7.5CVSS7.7AI score0.02149EPSS
CVE
CVE
added 2010/10/05 5:0 p.m.60 views

CVE-2010-3739

The CVE-2010-3739 issue affects IBM DB2 UDB 9.5 prior to Fix Pack 6a, where the audit facility in the Security component uses instance-level audit settings to capture CONNECT/AUTHENTICATION events in cases where database-level settings were intended. This could allow remote attackers to connect w...

6.4CVSS6.6AI score0.01102EPSS
CVE
CVE
added 2009/01/16 9:0 p.m.59 views

CVE-2009-0172

CVE-2009-0172 affects IBM DB2 Server: versions 8 (before FP17a), 9.1 (before FP6a), and 9.5 (before FP3a) are vulnerable to a denial-of-service by processing a crafted DRDA CONNECT data stream. The root cause is insufficient input validation in handling malformed CONNECT data, which can cause the...

5CVSS6.6AI score0.08471EPSS
CVE
CVE
added 2009/12/02 11:0 a.m.59 views

CVE-2009-4150

CVE-2009-4150 describes a local vulnerability in IBM DB2 where the component/function dasauto can be exploited by unprivileged user accounts to achieve code execution on affected versions (DB2 8 before FP18; 9.1 before FP8; 9.5 before FP4; 9.7 before FP1). The impact is unspecified in the provide...

4.6CVSS6.3AI score0.00436EPSS
CVE
CVE
added 2005/02/14 5:0 a.m.58 views

CVE-2005-0417

Technical details for CVE-2005-0417 are not publicly available in the provided documents; NVD entries describe unknown impact and delayed disclosure. Monitor for updates.

10CVSS6.8AI score0.01647EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.58 views

CVE-2007-6046

CVE-2007-6046 concerns IBM DB2 UDB 9.1 before Fixpak 4, with an unspecified vulnerability in unspecified setuid programs. The issue allows local users to impact the system in an unspecified manner. Documented details indicate the vulnerability is local-exploit, with no explicit vector, scope, or ...

7.2CVSS6.1AI score0.00314EPSS
CVE
CVE
added 2008/08/28 5:0 p.m.58 views

CVE-2008-3853

CVE-2008-3853 is a buffer overflow in the IBM DB2 DAS (Database Administration Server) component that affected multiple DB2 releases. Connected documents show the root cause as a memory corruption/overflow in the DAS handling of remote administration requests, allowing a remote attacker to crash ...

9.3CVSS9.7AI score0.05767EPSS
CVE
CVE
added 2006/03/19 11:0 p.m.57 views

CVE-2005-4735

IBM DB2 Universal Database (UDB) 8.1 Release 810 before 8.1 FP10 is affected by a DoS vulnerability reported as CVE-2005-4735. The issue allows remote authenticated users to crash the application via two input-based vectors: (1) certain equality predicates that trigger self-removal (IY70808) and ...

6.8CVSS6.4AI score0.0155EPSS
CVE
CVE
added 2006/06/19 10:0 a.m.57 views

CVE-2006-3068

IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 is affected by a remote denial of service due to a memory overwrite caused by sending "incorrect information" about the package name/creator. This CVE involves a flaw in how the database handles certain crafted input, leading to an application...

5CVSS6.8AI score0.01566EPSS
CVE
CVE
added 2008/08/28 5:0 p.m.57 views

CVE-2008-3856

The CVE-2008-3856 entry concerns IBM DB2 on Unix/Linux where the db2fmp process does not change its ownership for DB2 versions 8 before FP17, 9.1 before FP5, and 9.5 before FP1. The underlying cause is stated as an ownership handling issue, with unknown impact and attack vectors; the provided doc...

7.5CVSS6.1AI score0.02397EPSS
CVE
CVE
added 2006/06/19 10:0 a.m.56 views

CVE-2006-3066

CVE-2006-3066 affects IBM DB2 Universal Database (UDB) prior to 8.1 FixPak 12. The issue is a buffer overflow in the TCP/IP listener triggered by a long MGRLVLLS message inside an EXCSAT during connection establishment, which may allow a remote attacker to cause an application crash (DoS). This v...

5CVSS6.7AI score0.01935EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.56 views

CVE-2007-6051

CVE-2007-6051 concerns IBM DB2 UDB 9.1 before Fixpak 4, where privileges are assigned to the DB2ADMNS and DB2USERS groups in an incorrect way. The sources confirm the affected product and version but state the impact is unknown and that vendor descriptions are too vague to determine if it is secu...

10CVSS6.3AI score0.01541EPSS
CVE
CVE
added 2008/08/28 5:0 p.m.56 views

CVE-2008-3854

CVE-2008-3854 affects IBM DB2 UDB (DB2 9.1 before Fix Pak 5 and 9.5 before Fixpak 1). The vulnerability consists of multiple stack-based buffer overflows in XML-related SQL semantics (XMLQUERY, XMLEXISTS, XMLTABLE) and the sqlrlaka function, allowing remote attackers to cause a denial of service ...

7.8CVSS6.4AI score0.03684EPSS
CVE
CVE
added 2004/08/20 4:0 a.m.55 views

CVE-2004-0795

CVE-2004-0795 affects IBM DB2 Universal Database 8.1: the DB2RCMD remote command server (DB2REMOTECMD named pipe) can cause the db2rcmdc.exe process to run as the db2admin administrator, enabling a locally authenticated user to gain privileges. Public references describe an exploit path via the D...

7.2CVSS7.2AI score0.02212EPSS
Web
CVE
CVE
added 2006/03/19 11:0 p.m.54 views

CVE-2005-4737

CVE-2005-4737 affects IBM DB2 Universal Database (UDB) 8.2 before ESE AIX 5765F4100. The issue allows remote authenticated users to cause a denial of service (CPU consumption) by abnormally terminating a connection, which prevents db2agents from being properly cleared. Documentation consistently ...

7.5CVSS6.4AI score0.01536EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.54 views

CVE-2005-4863

CVE-2005-4863 describes a stack-based buffer overflow in IBM DB2’s db2fmp component, enabling local users to execute arbitrary code via a long parameter. Affected products include IBM DB2 Universal Database 7.x and 8.x (DB2 8.1). Root cause is a buffer overflow in db2fmp; impact is arbitrary code...

7.2CVSS7.2AI score0.00486EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.54 views

CVE-2005-4864

CVE-2005-4864 describes a stack-based buffer overflow in IBM DB2 UDB 7.x and 8.1, triggered by a long DB2LPORT environment variable in the libdb2.so library. This vulnerability allows local users to execute arbitrary code with the privileges of the running DB2 process. Affected product/version: I...

7.2CVSS7.2AI score0.00486EPSS
CVE
CVE
added 2007/10/06 9:0 p.m.54 views

CVE-2005-4868

The CVE-2005-4868 entry affects IBM DB2 8.1. Shared memory sections and events have default read/write permissions for the Everyone group, enabling local users to gain unauthorized access and potentially view sensitive data (e.g., cleartext passwords) and cause a denial of service. Exploitation i...

7.1CVSS6.9AI score0.00762EPSS
CVE
CVE
added 2007/02/23 10:0 p.m.54 views

CVE-2007-1086

IBM DB2 vulnerable components: 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2. Local users can create or modify arbitrary files via unsafe file access controlled by unspecified environment variables. Root cause: environment-variable handling allows file writes. Impact is limited to local atta...

7.2CVSS6.3AI score0.00372EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.54 views

CVE-2007-6049

IBM DB2 UDB 9.1 before Fixpak 4 is affected by an unspecified vulnerability in the SSL LOAD GSKIT action that involves a call to dlopen when the effective UID is root. The issue is reported in CVE-2007-6049; the impact details are not fully disclosed in the provided documents beyond the initial d...

7.2CVSS6.3AI score0.00351EPSS
CVE
CVE
added 2007/11/20 8:0 p.m.54 views

CVE-2007-6050

CVE-2007-6050 affects IBM DB2 UDB 9.1 prior to Fixpak 4, specifically the DB2LICD component. The vulnerability is described as unspecified and related to the creation of an ‘insecure directory’ . The NVD metrics indicate a local attack vector with potential complete confidentiality, integrity, an...

7.2CVSS6.3AI score0.0032EPSS
CVE
CVE
added 2003/09/19 4:0 a.m.53 views

CVE-2003-0758

IBM DB2 Universal Data Base v7.2 for Linux/x86 and Linux/s390 are vulnerable to a local buffer-overflow in two setuid binaries, db2dart and db2licm. A long command-line argument can cause a stack-based overflow, allowing a local attacker to execute arbitrary code with root privileges. Affected ve...

7.2CVSS6.7AI score0.01105EPSS
CVE
CVE
added 2005/11/16 9:17 p.m.53 views

CVE-2005-3643

CVE-2005-3643 affects the IBM DB2 Database Server running on Windows XP with Simple File Sharing enabled . The vulnerability allows remote attackers to bypass authentication and log on to the guest account without a password . The connected/available documents provide the impact description but d...

7.5CVSS7.2AI score0.01481EPSS
CVE
CVE
added 2007/08/18 9:0 p.m.53 views

CVE-2007-4272

CVE-2007-4272 involves multiple local vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3. The issues allow local users to create arbitrary files via several vectors: (1) vectors where an attacker’s umask is honored, (2) using /etc/ld.so.preload, (3) specific cron data file ...

1.9CVSS6.4AI score0.0033EPSS
CVE
CVE
added 2008/04/16 6:0 p.m.53 views

CVE-2007-5758

CVE-2007-5758 describes a stack-based buffer overflow in the IBM DB2 Universal Database component db2dasrrm (DAS) that can be triggered by a long DASPROF environment variable. Affected are DB2 UDB 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16. Local users could execute arb...

6.9CVSS7.4AI score0.00567EPSS
CVE
CVE
added 2009/01/16 9:0 p.m.53 views

CVE-2009-0173

CVE-2009-0173 affects IBM DB2 server components (8.x before FP17a, 9.1 before FP6a, 9.5 before FP3a). The vulnerability is a denial-of-service caused by insufficient input validation when processing malformed DRDA data streams, allowing remote authenticated users to cause the server to terminate....

5CVSS6.2AI score0.03012EPSS
Total number of security vulnerabilities66