Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Db2_universal_database
(Ibm)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 67 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-12-31 | CVE-2005-4868 | Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | Db2_universal_database | 7.1 | ||
| 2003-11-17 | CVE-2003-0836 | Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with "Connect" privileges to execute arbitrary code via a LOAD command. | Db2_universal_database | N/A | ||
| 2010-10-05 | CVE-2010-3739 | The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | Db2_universal_database | N/A | ||
| 2009-12-02 | CVE-2009-4150 | dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. | Db2, Db2_universal_database | N/A | ||
| 2009-01-16 | CVE-2009-0173 | Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. | Db2_universal_database | N/A | ||
| 2009-01-16 | CVE-2009-0172 | Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. | Db2_universal_database | N/A | ||
| 2008-09-10 | CVE-2008-3960 | Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." | Db2_universal_database | N/A | ||
| 2008-08-28 | CVE-2008-3858 | The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request. | Db2_universal_database | N/A | ||
| 2008-08-28 | CVE-2008-3857 | The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. | Db2_universal_database | N/A | ||
| 2008-08-28 | CVE-2008-3856 | The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors. | Db2_universal_database | N/A |