Db2@8.1 Security Vulnerabilities and Issues — Db2@8.1 CVE List

Lucene search

IbmDb28.1

5 matches found

CVE•added 2007/02/23 10:28 p.m.•42 views

CVE-2007-1087

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

7.2CVSS7.3AI score0.00076EPSS

CVE•added 2007/02/23 10:28 p.m.•38 views

CVE-2007-1088

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

7.2CVSS7.5AI score0.00076EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4869

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

2.1CVSS6.6AI score0.00164EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4870

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a poi...

4.3CVSS7.3AI score0.02197EPSS

CVE•added 2007/10/06 9:0 p.m.•35 views

CVE-2005-4871

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

4.3CVSS6.9AI score0.00321EPSS