Db2 Universal Database Security Vulnerabilities and Issues — Db2 Universal Database CVE List

Lucene search

IbmDb2 Universal Database

11 matches found

CVE•added 2003/10/06 4:0 a.m.•65 views

CVE-2003-0827

The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to UDP port 523.

5CVSS6.5AI score0.0079EPSS

CVE•added 2006/12/19 8:28 p.m.•55 views

CVE-2006-6638

IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

5CVSS6.2AI score0.0121EPSS

CVE•added 2002/03/15 5:0 a.m.•51 views

CVE-2001-1143

IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2) db2jds.exe on port 6789.

5CVSS6.5AI score0.01085EPSS

CVE•added 2007/08/18 9:17 p.m.•49 views

CVE-2007-4418

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.

5.5CVSS6.1AI score0.00738EPSS

CVE•added 2006/06/19 10:2 a.m.•46 views

CVE-2006-3066

Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.

5CVSS6.7AI score0.01562EPSS

CVE•added 2006/06/19 10:2 a.m.•43 views

CVE-2006-3068

IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."

5CVSS6.8AI score0.0092EPSS

CVE•added 2009/01/16 9:30 p.m.•41 views

CVE-2009-0172

Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream.

5CVSS6.6AI score0.05717EPSS

CVE•added 2007/08/18 9:17 p.m.•40 views

CVE-2007-4423

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

5CVSS7.8AI score0.01027EPSS

CVE•added 2008/09/11 1:13 a.m.•39 views

CVE-2008-3960

Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

5CVSS6.2AI score0.01419EPSS

CVE•added 2006/06/19 10:2 a.m.•38 views

CVE-2006-3067

Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values...

5CVSS7.5AI score0.01628EPSS

CVE•added 2009/01/16 9:30 p.m.•37 views

CVE-2009-0173

Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.

5CVSS6.2AI score0.01961EPSS