Ibm

Db2 Universal Database

66 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2007-6049

  • EPSS 0.06%
  • Veröffentlicht 20.11.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.

7.2

CVE-2007-6050

  • EPSS 0.06%
  • Veröffentlicht 20.11.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory."

10

CVE-2007-6051

  • EPSS 0.48%
  • Veröffentlicht 20.11.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.

7.8

CVE-2007-6052

  • EPSS 0.42%
  • Veröffentlicht 20.11.2007 20:46:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too ...

6.9

CVE-2007-4270

  • EPSS 0.05%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain root privileges via a symlink attack on certain files.

5

CVE-2007-4423

  • EPSS 1.03%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.

5.5

CVE-2007-4418

  • EPSS 0.74%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, which allows remote authenticated users with a certain SELECT privilege to have an unknown impact via unspecified vectors. NOTE: this issue is probably related to CVE-2007-1089, b...

6

CVE-2007-4417

  • EPSS 1.08%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not properly revoke privileges on methods, which allows remote authenticated users to execute a method after revocation until the routine auth cache is flushed.

6.9

CVE-2007-4276

  • EPSS 0.09%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows attackers to execute arbitrary code via a long DASPROF and possibly other environment variables, which are copied into the buildDasPaths buffer.

6.9

CVE-2007-4275

  • EPSS 0.06%
  • Veröffentlicht 18.08.2007 21:17:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to gain privileges via certain vectors related to (1) DB2 instance or FMP startup on Linux and Solaris; (2) exec of executables...