Db2 Security Vulnerabilities and Issues — Db2 CVE List

Lucene search

IbmDb2

9 matches found

CVE•added 2007/05/10 12:19 a.m.•68 views

CVE-2007-2582

Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that ...

10CVSS9.5AI score0.07326EPSS

CVE•added 2007/02/21 11:28 a.m.•46 views

CVE-2007-1027

Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.

4.4CVSS6.2AI score0.00046EPSS

CVE•added 2007/02/23 10:28 p.m.•42 views

CVE-2007-1087

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

7.2CVSS7.3AI score0.00076EPSS

CVE•added 2007/10/23 9:47 p.m.•42 views

CVE-2007-5652

IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is ...

7.8CVSS9.2AI score0.00792EPSS

CVE•added 2007/03/02 10:19 p.m.•40 views

CVE-2007-1228

IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.

4.4CVSS6.2AI score0.00057EPSS

CVE•added 2007/02/23 10:28 p.m.•38 views

CVE-2007-1088

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

7.2CVSS7.5AI score0.00076EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4869

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

2.1CVSS6.6AI score0.00164EPSS

CVE•added 2007/10/06 9:0 p.m.•36 views

CVE-2005-4870

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a poi...

4.3CVSS7.3AI score0.02197EPSS

CVE•added 2007/10/06 9:0 p.m.•35 views

CVE-2005-4871

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

4.3CVSS6.9AI score0.00321EPSS