IBM » Db2 Universal Database » 8.1.7b : Security Vulnerabilities, CVEs,
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-02-23
Updated
2018-10-30
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
Max CVSS
5.0
EPSS Score
0.27%
Published
2006-12-19
Updated
2008-09-05
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a connection.
Max CVSS
5.0
EPSS Score
2.95%
Published
2006-06-19
Updated
2018-10-18
IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.
Max CVSS
6.8
EPSS Score
0.17%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.
Max CVSS
6.5
EPSS Score
0.23%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.
Max CVSS
7.5
EPSS Score
0.27%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.
Max CVSS
6.8
EPSS Score
0.15%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
Max CVSS
6.8
EPSS Score
0.16%
Published
2005-12-31
Updated
2008-09-05
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
Max CVSS
7.5
EPSS Score
0.33%
Published
2005-11-16
Updated
2008-09-05
9 vulnerabilities found