Vulnerabilities > IBM > DB2 Universal Database > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-19 | CVE-2006-3068 | Resource Management Errors vulnerability in IBM DB2 Universal Database 8.1 IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... | 5.0 |
| 2006-06-19 | CVE-2006-3067 | Denial-Of-Service vulnerability in IBM DB2 Universal Database 8.0/8.1 Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of the LOAD command or a (2) large number of values in an IN clause, possibly related to a buffer overflow. | 5.0 |
| 2006-06-19 | CVE-2006-3066 | Denial of Service vulnerability in IBM DB2 Universal Database Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. | 5.0 |
| 2005-12-31 | CVE-2005-4866 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | 6.8 |
| 2005-12-31 | CVE-2005-4740 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | 4.0 |
| 2005-12-31 | CVE-2005-4739 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | 6.8 |
| 2005-12-31 | CVE-2005-4738 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | 6.5 |
| 2005-12-31 | CVE-2005-4736 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. | 6.8 |
| 2005-12-31 | CVE-2005-4735 | Multiple vulnerability in IBM DB2 Universal Database IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. | 6.8 |
| 2004-09-28 | CVE-2003-1049 | Unspecified vulnerability in IBM DB2 Universal Database 7.0/8.0 IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. | 4.6 |