Vulnerabilities > IBM > DB2 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-04-28 | CVE-2008-1998 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.0/9.1/9.5 The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | 8.5 |
| 2008-02-12 | CVE-2008-0698 | Buffer Errors vulnerability in IBM DB2 8.2Fixpack15 Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access." | 7.8 |
| 2008-02-12 | CVE-2008-0697 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors. | 7.2 |
| 2008-02-12 | CVE-2008-0696 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.2Fixpack15 IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors. | 7.5 |
| 2007-10-23 | CVE-2007-5652 | Buffer Errors vulnerability in IBM DB2 9.1 IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. | 7.8 |
| 2007-02-23 | CVE-2007-1088 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | 7.2 |
| 2007-02-23 | CVE-2007-1087 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | 7.2 |
| 2004-09-28 | CVE-2003-1052 | Unspecified vulnerability in IBM DB2 and DB2 Universal Database IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. | 7.2 |
| 2004-09-28 | CVE-2003-1051 | Command-line Format String vulnerability in IBM DB2 9.0 Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | 7.2 |
| 2004-09-28 | CVE-2003-1050 | Command-Line Argument Buffer Overflow vulnerability in IBM DB2 Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | 7.2 |