CVE-2007-4273
- EPSS 0.08%
- Published 18.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or ...
CVE-2007-4272
- EPSS 0.07%
- Published 18.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locat...
CVE-2007-4271
- EPSS 0.05%
- Published 18.08.2007 21:17:00
- Last modified 09.04.2025 00:30:58
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. ...
CVE-2007-1089
- EPSS 0.05%
- Published 23.02.2007 22:28:00
- Last modified 09.04.2025 00:30:58
IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local users with table SELECT privileges to perform unauthorized UPDATE and DELETE SQL commands via unknown vectors.
CVE-2007-1086
- EPSS 0.06%
- Published 23.02.2007 22:28:00
- Last modified 09.04.2025 00:30:58
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
- EPSS 1.08%
- Published 19.12.2006 20:28:00
- Last modified 09.04.2025 00:30:58
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
- EPSS 0.92%
- Published 19.06.2006 10:02:00
- Last modified 03.04.2025 01:03:51
IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote attackers to cause a denial of service (application crash) by sending "incorrect information ... regarding the package name/creator," which leads to a "memory overwrite."
- EPSS 1.63%
- Published 19.06.2006 10:02:00
- Last modified 03.04.2025 01:03:51
Multiple unspecified vulnerabilities in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allow remote attackers to cause a denial of service (application crash) via a (1) "long column list" in the (a) REPLACE INTO and (b) INSERT INTO portions of...
- EPSS 1.56%
- Published 19.06.2006 10:02:00
- Last modified 03.04.2025 01:03:51
Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database (UDB) before 8.1 FixPak 12 allows remote attackers to cause a denial of service (application crash) via a long MGRLVLLS message inside of an EXCSAT message when establishing a conne...
CVE-2005-4736
- EPSS 0.69%
- Published 31.12.2005 05:00:00
- Last modified 03.04.2025 01:03:51
IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.