Vulnerabilities > IBM > DB2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-12 | CVE-2008-0696 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | 7.5 |
2007-10-23 | CVE-2007-5652 | Buffer Errors vulnerability in IBM DB2 9.1 IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. | 7.8 |
2007-05-10 | CVE-2007-2582 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | 10.0 |
2007-03-02 | CVE-2007-1228 | Improper Authentication vulnerability in IBM DB2 8.2/9.0 IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | 4.4 |
2007-02-23 | CVE-2007-1088 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | 7.2 |
2007-02-23 | CVE-2007-1087 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | 7.2 |
2007-02-21 | CVE-2007-1027 | Link Following vulnerability in IBM DB2 9.0 Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | 4.4 |
2006-08-21 | CVE-2006-4257 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | 4.0 |
2005-12-31 | CVE-2005-4871 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1 Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | 4.3 |
2005-12-31 | CVE-2005-4870 | Buffer Errors vulnerability in IBM DB2 8.1 Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | 4.3 |