Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:db2_universal_database:8.0::linux
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-3852 |
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. Published: August 28, 2008; 1:41:00 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2008-3856 |
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. Published: August 28, 2008; 1:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-1086 |
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." Published: February 23, 2007; 5:28:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2006-3066 |
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection. Published: June 19, 2006; 6:02:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2005-4735 |
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-4736 |
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-4737 |
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-4738 |
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2005-4739 |
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-4740 |
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2005-4864 |
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2005-4865 |
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2005-4866 |
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2005-4867 |
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. Published: December 31, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2005-3643 |
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. Published: November 16, 2005; 4:22:00 PM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2005-0417 |
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. Published: April 27, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2003-1049 |
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2003-1052 |
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. Published: September 28, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2003-0898 |
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. Published: November 17, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.6 MEDIUM |