Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Db2
Total 265 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-3959 1 Ibm 1 Db2 2024-02-28 5.0 MEDIUM N/A
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request.
CVE-2008-1997 1 Ibm 1 Db2 2024-02-28 9.0 HIGH N/A
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.
CVE-2009-4331 1 Ibm 1 Db2 2024-02-28 7.2 HIGH N/A
The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors.
CVE-2009-1905 1 Ibm 1 Db2 2024-02-28 2.6 LOW N/A
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors.
CVE-2009-4326 1 Ibm 1 Db2 2024-02-28 4.3 MEDIUM N/A
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value.
CVE-2007-2582 1 Ibm 1 Db2 2024-02-28 10.0 HIGH N/A
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow."
CVE-2007-1228 2 Ibm, Unix 2 Db2, Unix 2024-02-28 4.4 MEDIUM N/A
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
CVE-2008-0697 1 Ibm 1 Db2 2024-02-28 7.2 HIGH N/A
Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 allows local users to gain root privileges via unspecified vectors.
CVE-2008-0699 1 Ibm 1 Db2 2024-02-28 9.0 HIGH N/A
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
CVE-2007-1027 1 Ibm 1 Db2 2024-02-28 4.4 MEDIUM N/A
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file.
CVE-2007-5090 2 Ibm, Microsoft 3 Db2, Rational Clearquest, Sql Server 2024-02-28 7.5 HIGH N/A
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors.
CVE-2007-1088 1 Ibm 1 Db2 2024-02-28 7.2 HIGH N/A
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.
CVE-2007-1087 1 Ibm 1 Db2 2024-02-28 7.2 HIGH N/A
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.
CVE-2008-0698 1 Ibm 1 Db2 2024-02-28 7.8 HIGH N/A
Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 has unknown attack vectors, and an impact probably involving "invalid memory access."
CVE-2008-0696 1 Ibm 1 Db2 2024-02-28 7.5 HIGH N/A
IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization for the ALTER TABLE statement, which has unknown impact and attack vectors.
CVE-2007-5652 1 Ibm 1 Db2 2024-02-28 7.8 HIGH N/A
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-3676 1 Ibm 1 Db2 2024-02-28 10.0 HIGH N/A
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. NOTE: this might be the same issue as CVE-2008-0698.
CVE-2006-4257 1 Ibm 1 Db2 2024-02-28 4.0 MEDIUM N/A
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.
CVE-2005-4871 1 Ibm 1 Db2 2024-02-28 4.3 MEDIUM N/A
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
CVE-2005-4869 1 Ibm 1 Db2 2024-02-28 2.1 LOW N/A
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.