Vulnerabilities > IBM > DB2 Universal Database
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-4735 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | 6.8 |
| 2005-11-16 | CVE-2005-3643 | Authentication Bypass vulnerability in IBM DB2 Windows XP Simple File Sharing IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. | 7.5 |
| 2005-04-27 | CVE-2005-0417 | Unspecified vulnerability in IBM DB2 Universal Database Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. | 10.0 |
| 2004-10-20 | CVE-2004-0795 | Remote Command Server Privilege Escalation vulnerability in IBM DB2 Universal Database 8.1 DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | 7.2 |
| 2004-09-28 | CVE-2003-1052 | Unspecified vulnerability in IBM DB2 and DB2 Universal Database IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | 7.2 |
| 2004-09-28 | CVE-2003-1049 | Unspecified vulnerability in IBM DB2 Universal Database 7.0/8.0 IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | 4.6 |
| 2004-09-28 | CVE-2002-1583 | Buffer Overflow vulnerability in IBM DB2 db2ckpw Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. | 7.2 |
| 2004-09-01 | CVE-2004-1372 | Buffer Overflow vulnerability in IBM DB2 Universal Database REC2XML and GENERATE_DISTFILE Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. | 7.2 |
| 2003-11-17 | CVE-2003-0898 | Local Security vulnerability in Db2 Universal Database 7.1/8.0 IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. | 4.6 |
| 2003-11-17 | CVE-2003-0837 | Buffer Overflow vulnerability in IBM DB2 Universal Database 7.2 Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command. | 7.5 |