Vulnerabilities > IBM > DB2 > 8.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-05-10 | CVE-2007-2582 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | 10.0 |
2007-02-23 | CVE-2007-1088 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | 7.2 |
2007-02-23 | CVE-2007-1087 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | 7.2 |
2006-08-21 | CVE-2006-4257 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | 4.0 |
2005-12-31 | CVE-2005-4871 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | 4.3 |
2005-12-31 | CVE-2005-4870 | Buffer Errors vulnerability in IBM DB2 8.1 Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | 4.3 |
2005-12-31 | CVE-2005-4869 | Denial Of Service vulnerability in IBM DB2 8.1 The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | 2.1 |