| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. |
| Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. |
| IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks. |
| IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. |
| IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. |
| Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. |
| Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. |
| IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. |
| IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2. |
| IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query. |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. |
| IBM Db2 Recovery Expert for Linux, UNIX and Windows 5.5 IF 2 could allow an attacker to modify or corrupt data due to an insecure mechanism used for verifying the integrity of the data during transmission. |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 does not invalidate session after a timeout which could allow an authenticated user to impersonate another user on the system. |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 discloses sensitive information in an environment variable that could aid in further attacks against the system. |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. |
| IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
