Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
266 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2003-1050 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. | ||||
CVE-2005-4869 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | ||||
CVE-2005-4871 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | ||||
CVE-2005-4870 | 1 Ibm | 1 Db2 | 2024-08-08 | N/A |
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | ||||
CVE-2006-4257 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | ||||
CVE-2024-31881 | 1 Ibm | 1 Db2 | 2024-08-07 | 6.5 Medium |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | ||||
CVE-2024-28762 | 1 Ibm | 1 Db2 | 2024-08-07 | 5.3 Medium |
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | ||||
CVE-2007-5652 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a list containing authentication information, which might allow attackers to cause a denial of service (instance crash) or trigger memory corruption. NOTE: the vendor description of this issue is too vague to be certain that it is security-related. | ||||
CVE-2007-5090 | 2 Ibm, Microsoft | 3 Db2, Rational Clearquest, Sql Server | 2024-08-07 | N/A |
Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a Microsoft SQL Server or an IBM DB2 database is used, allows attackers to corrupt data via unspecified vectors. | ||||
CVE-2007-2582 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2) a long packet that generates a "MemTree overflow." | ||||
CVE-2007-1228 | 2 Ibm, Unix | 2 Db2, Unix | 2024-08-07 | N/A |
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories. | ||||
CVE-2007-1087 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | ||||
CVE-2007-1027 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux and Unix allow local users to overwrite arbitrary files via a symlink attack on the DB2DIAG.LOG temporary file. | ||||
CVE-2007-1088 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. | ||||
CVE-2008-6820 | 2 Ibm, Microsoft | 2 Db2, Windows | 2024-08-07 | N/A |
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | ||||
CVE-2008-6821 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | ||||
CVE-2008-4692 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | ||||
CVE-2008-4693 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." | ||||
CVE-2008-4691 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. | ||||
CVE-2008-3959 | 1 Ibm | 1 Db2 | 2024-08-07 | N/A |
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. |