Vulnerabilities > Ingres > Ingres > 2.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-05 | CVE-2008-3389 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ingres 2.6/2006 Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport. | 4.6 |
| 2008-08-05 | CVE-2008-3357 | Permissions, Privileges, and Access Controls vulnerability in multiple products Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges via a crafted shared library, related to a "pointer overwrite vulnerability." Fixes are available for the current release of Ingres 2006 release 2 (9.1.0), for Ingres 2006 release 1 (9.0.4), and for Ingres 2.6 versions on their respective platforms. | 7.2 |
| 2008-08-05 | CVE-2008-3356 | Permissions, Privileges, and Access Controls vulnerability in Ingres 2.6/2006 verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and other Unix platforms sets the ownership or permissions of an iivdb.log file without verifying that it is the application's own log file, which allows local users to overwrite arbitrary files by creating a symlink with an iivdb.log filename. | 4.6 |
| 2007-12-20 | CVE-2007-6334 | Permissions, Privileges, and Access Controls vulnerability in Ingres 2.5/2.6 Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and possibly other products, assigns the privileges and identity of users to be the same as the first user, which allows remote attackers to gain privileges. | 5.0 |