Search Results (Refine Search)
- CPE Product Version: cpe:/a:ibm:db2_universal_database:8.1.6c
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2010-3739 |
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. Published: October 05, 2010; 2:00:33 PM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2008-3960 |
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." Published: September 10, 2008; 9:13:47 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2008-3852 |
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors. Published: August 28, 2008; 1:41:00 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2008-3856 |
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. Published: August 28, 2008; 1:41:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2007-6045 |
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6046 |
Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-6047 |
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6048 |
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6049 |
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-6050 |
Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-6051 |
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-6052 |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-6053 |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. Published: November 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2007-4270 |
Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files. Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-4271 |
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following. Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2007-4272 |
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm). Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2007-4273 |
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2007-4275 |
Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables while running as root on non-Windows systems, as demonstrated by AIX; and unspecified vectors involving (3) db2licm and (4) db2pd. Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-4276 |
Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer. Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-4417 |
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed. Published: August 18, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |