Db2@8.1 Security Vulnerabilities and Issues — Db2@8.1 CVE List

Lucene search

IbmDb28.1

10 matches found

CVE•added 2009/08/19 5:30 p.m.•71 views

CVE-2009-2858

Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.

5CVSS8.8AI score0.00371EPSS

CVE•added 2009/08/19 5:30 p.m.•53 views

CVE-2009-2860

Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."

5CVSS8.8AI score0.0107EPSS

CVE•added 2009/08/19 5:30 p.m.•50 views

CVE-2009-2859

IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.

4.6CVSS8.9AI score0.00072EPSS

CVE•added 2007/02/23 10:28 p.m.•42 views

CVE-2007-1087

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

7.2CVSS7.3AI score0.00076EPSS

CVE•added 2008/09/11 1:13 a.m.•42 views

CVE-2008-3959

IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.

5CVSS8.9AI score0.00885EPSS

CVE•added 2006/08/21 8:4 p.m.•41 views

CVE-2006-4257

IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.

4CVSS6.1AI score0.0121EPSS

CVE•added 2007/02/23 10:28 p.m.•38 views

CVE-2007-1088

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

7.2CVSS7.5AI score0.00076EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4869

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

2.1CVSS6.6AI score0.00164EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4870

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a poi...

4.3CVSS7.3AI score0.02197EPSS

CVE•added 2007/10/06 9:0 p.m.•35 views

CVE-2005-4871

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

4.3CVSS6.9AI score0.00321EPSS