Db2 Universal Database@7.0 Security Vulnerabilities and Issues — Db2 Universal Database@7.0 CVE List

Lucene search

IbmDb2 Universal Database7.0

11 matches found

CVE•added 2002/03/15 5:0 a.m.•51 views

CVE-2001-1143

IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

5CVSS6.5AI score0.01085EPSS

CVE•added 2004/09/28 4:0 a.m.•50 views

CVE-2003-1049

IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.

4.6CVSS6.5AI score0.00051EPSS

CVE•added 2005/01/19 5:0 a.m.•44 views

CVE-2004-1372

Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.

7.2CVSS7.2AI score0.00051EPSS

CVE•added 2005/04/27 4:0 a.m.•42 views

CVE-2005-0417

Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor...

10CVSS6.8AI score0.00553EPSS

CVE•added 2007/10/06 9:0 p.m.•42 views

CVE-2005-4864

Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.

7.2CVSS7.2AI score0.00049EPSS

CVE•added 2007/10/06 9:0 p.m.•40 views

CVE-2005-4863

Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.

7.2CVSS7.2AI score0.00049EPSS

CVE•added 2004/09/28 4:0 a.m.•39 views

CVE-2002-1583

Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.

7.2CVSS7.6AI score0.00061EPSS

CVE•added 2004/09/28 4:0 a.m.•38 views

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

7.2CVSS7AI score0.00373EPSS

CVE•added 2007/10/06 9:0 p.m.•37 views

CVE-2005-4866

Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator ...

6.8CVSS7.4AI score0.01587EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4867

Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.

9.3CVSS7.4AI score0.20526EPSS

CVE•added 2007/10/06 9:0 p.m.•35 views

CVE-2005-4865

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

10CVSS7.4AI score0.28779EPSS