Vulnerabilities > IBM > DB2 Universal Database > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-28 | CVE-2008-3856 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database 8/8.0/9.1 The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | 7.5 |
| 2008-08-28 | CVE-2008-3854 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database 9.1/9.5 Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. | 7.8 |
| 2007-11-20 | CVE-2007-6052 | Privilege Escalation vulnerability in IBM DB2 IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | 7.8 |
| 2007-11-20 | CVE-2007-6050 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." | 7.2 |
| 2007-11-20 | CVE-2007-6049 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 Universal Database Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. | 7.2 |
| 2007-11-20 | CVE-2007-6046 | Privilege Escalation vulnerability in IBM DB2 Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact. | 7.2 |
| 2007-02-23 | CVE-2007-1089 | Local Security vulnerability in IBM DB2 Universal Database 8.0/9.1 IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors. | 7.2 |
| 2007-02-23 | CVE-2007-1086 | Local Privilege Escalation vulnerability in IBM DB2 Universal Database Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | 7.2 |
| 2005-12-31 | CVE-2005-4868 | Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | 7.1 |
| 2005-12-31 | CVE-2005-4864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | 7.2 |