Ibm Db2 Universal Database — known CVE vulnerabilities
Every CVE whose affected-product data names Ibm Db2 Universal Database, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (66)
CVE-2005-4865 — CVSS 10.0 (critical): Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
CVE-2007-6047 — CVSS 10.0 (critical): Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2…
CVE-2005-0417 — CVSS 10.0 (critical): Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed…
CVE-2007-6048 — CVSS 10.0 (critical): IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the…
CVE-2007-6051 — CVSS 10.0 (critical): IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown…
CVE-2007-6045 — CVSS 10.0 (critical): Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
CVE-2005-4867 — CVSS 9.3 (critical): Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote…
CVE-2007-6053 — CVSS 9.3 (critical): IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an…
CVE-2008-3853 — CVSS 9.3 (critical): Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote…
CVE-2007-6052 — CVSS 7.8 (high): IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service…
CVE-2008-3854 — CVSS 7.8 (high): Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of…
CVE-2005-4737 — CVSS 7.5 (high): IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU…
CVE-2003-0837 — CVSS 7.5 (high): Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Windows, before Fixpak 10a, allows attackers with "Connect" privileges…
CVE-2005-3643 — CVSS 7.5 (high): IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on…
CVE-2001-0051 — CVSS 7.5 (high): IBM DB2 Universal Database version 6.1 creates an account with a default user name and password, which allows remote attackers to gain…
CVE-2003-0836 — CVSS 7.5 (high): Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before Fixpak 10 and 10a, and 8.1 before Fixpak 2, allows attackers with…
CVE-2008-3856 — CVSS 7.5 (high): The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the…
CVE-2007-1089 — CVSS 7.2 (high): IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and…
CVE-2002-1583 — CVSS 7.2 (high): Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a…
CVE-2003-0758 — CVSS 7.2 (high): Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before Fixpak 10 allows local users to gain root privileges via a long…
CVE-2003-0759 — CVSS 7.2 (high): Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before Fixpak 10a allows local users to gain root privileges via a long…
CVE-2003-1052 — CVSS 7.2 (high): IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
CVE-2004-0795 — CVSS 7.2 (high): DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to…
CVE-2004-1372 — CVSS 7.2 (high): Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to…
CVE-2007-6050 — CVSS 7.2 (high): Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an…
CVE-2007-6049 — CVSS 7.2 (high): Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving…
CVE-2005-4863 — CVSS 7.2 (high): Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
CVE-2005-4864 — CVSS 7.2 (high): Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT…
CVE-2007-6046 — CVSS 7.2 (high): Unspecified vulnerability in unspecified setuid programs in IBM DB2 UDB 9.1 before Fixpak 4 allows local users to have an unknown impact.
CVE-2007-1086 — CVSS 7.2 (high): Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files…
CVE-2005-4868 — CVSS 7.1 (high): Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local…
CVE-2007-4270 — CVSS 6.9 (medium): Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink…
CVE-2007-4275 — CVSS 6.9 (medium): Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain…
CVE-2007-4276 — CVSS 6.9 (medium): Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long…
CVE-2007-5664 — CVSS 6.9 (medium): db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before…
CVE-2007-5757 — CVSS 6.9 (medium): Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local…
CVE-2007-5758 — CVSS 6.9 (medium): Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1…
CVE-2005-4736 — CVSS 6.8 (medium): IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via…
CVE-2005-4866 — CVSS 6.8 (medium): Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a…
CVE-2005-4739 — CVSS 6.8 (medium): IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service…
CVE-2005-4735 — CVSS 6.8 (medium): IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via…
CVE-2005-4738 — CVSS 6.5 (medium): IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object…
CVE-2008-3852 — CVSS 6.5 (medium): Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net…
CVE-2010-3739 — CVSS 6.4 (medium): The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka…
CVE-2007-4417 — CVSS 6.0 (medium): IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated…
CVE-2007-4418 — CVSS 5.5 (medium): IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT…
CVE-2008-3960 — CVSS 5.0 (medium): Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause…
CVE-2009-0172 — CVSS 5.0 (medium): Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of…
CVE-2007-4423 — CVSS 5.0 (medium): Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a…
CVE-2009-0173 — CVSS 5.0 (medium): Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users…
CVE-2006-3067 — CVSS 5.0 (medium): Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of…
CVE-2006-3066 — CVSS 5.0 (medium): Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial…
CVE-2003-0827 — CVSS 5.0 (medium): The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote attackers to cause a denial of service (crash) via a long packet to…
CVE-2001-1143 — CVSS 5.0 (medium): IBM DB2 7.0 allows a remote attacker to cause a denial of service (crash) via a single byte to (1) db2ccs.exe on port 6790, or (2)…
CVE-2006-6638 — CVSS 5.0 (medium): IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer…
CVE-2006-3068 — CVSS 5.0 (medium): IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending…
CVE-2008-3857 — CVSS 4.6 (medium): The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection…
CVE-2009-4150 — CVSS 4.6 (medium): dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which…
CVE-2008-3855 — CVSS 4.6 (medium): Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows…
CVE-2003-0898 — CVSS 4.6 (medium): IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via…
CVE-2003-1049 — CVSS 4.6 (medium): IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to…
CVE-2007-4273 — CVSS 4.6 (medium): IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a…
CVE-2008-3858 — CVSS 4.3 (medium): The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash)…
CVE-2007-4271 — CVSS 2.1 (low): Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files…
CVE-2001-0052 — CVSS 2.1 (low): IBM DB2 Universal Database version 6.1 allows users to cause a denial of service via a malformed query.
CVE-2007-4272 — CVSS 1.9 (low): Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1)…