Lucene search

K
IbmDb2 Universal Database

9 matches found

CVE
CVE
added 2007/08/18 9:17 p.m.55 views

CVE-2007-4271

Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink follo...

2.1CVSS6AI score0.00049EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.55 views

CVE-2007-4275

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as...

6.9CVSS6.5AI score0.00055EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.51 views

CVE-2007-4270

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

6.9CVSS6.3AI score0.00047EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.50 views

CVE-2007-4276

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.

6.9CVSS7.6AI score0.00092EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.49 views

CVE-2007-4418

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, but this is uncertain due to lack of details.

5.5CVSS6.1AI score0.00738EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.46 views

CVE-2007-4273

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd ...

4.6CVSS6.9AI score0.00079EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.40 views

CVE-2007-4272

Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly inv...

1.9CVSS6.4AI score0.00065EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.40 views

CVE-2007-4417

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

6CVSS6.4AI score0.00943EPSS
CVE
CVE
added 2007/08/18 9:17 p.m.40 views

CVE-2007-4423

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

5CVSS7.8AI score0.01027EPSS