Search Results (444 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0837 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges to execute arbitrary code via the INVOKE command.
CVE-2003-0898 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
CVE-2003-1050 1 Ibm 1 Db2 2026-04-16 N/A
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
CVE-2006-3068 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."
CVE-2003-0759 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long command line argument.
CVE-2006-4257 1 Ibm 1 Db2 2026-04-16 N/A
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference.
CVE-2003-1052 1 Ibm 2 Db2, Db2 Universal Database 2026-04-16 N/A
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
CVE-2005-4871 1 Ibm 1 Db2 2026-04-16 N/A
Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.
CVE-2005-4870 1 Ibm 1 Db2 2026-04-16 N/A
Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.
CVE-2005-4866 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.
CVE-2005-3643 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
CVE-2005-4867 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
CVE-2005-4865 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
CVE-2001-0051 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain access to the database.
CVE-2003-1049 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
CVE-2005-2073 1 Ibm 1 Db2 2026-04-16 N/A
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
CVE-2005-4735 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
CVE-2005-4737 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.
CVE-2005-4738 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.
CVE-2005-4740 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."