Vulnerabilities (CVE)

Filtered by vendor Ibm Subscribe
Filtered by product Db2 Universal Database
Total 67 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6053 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 9.3 HIGH N/A
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-4271 1 Ibm 1 Db2 Universal Database 2025-04-09 2.1 LOW N/A
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. (dot dot) in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink following.
CVE-2007-6052 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 7.8 HIGH N/A
IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2008-3852 1 Ibm 1 Db2 Universal Database 2025-04-09 6.5 MEDIUM N/A
Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 2 allows remote authenticated users to execute arbitrary code via unknown vectors.
CVE-2007-4272 1 Ibm 1 Db2 Universal Database 2025-04-09 1.9 LOW N/A
Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allow local users to create arbitrary files via (1) unspecified vectors where an attacker's umask is honored, (2) /etc/ld.so.preload, (3) certain "cron data file locations", and other unspecified vectors possibly involving the (4) OSSEMEMDBG or (5) TRC_LOG_FILE environment variable in db2licd (db2licm).
CVE-2007-4273 1 Ibm 1 Db2 Universal Database 2025-04-09 4.6 MEDIUM N/A
IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm).
CVE-2007-6051 4 Ibm, Linux, Microsoft and 1 more 4 Db2 Universal Database, Linux Kernel, Windows and 1 more 2025-04-09 10.0 HIGH N/A
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
CVE-2007-1086 5 Hp, Ibm, Linux and 2 more 6 Hp-ux, Aix, Db2 Universal Database and 3 more 2025-04-09 7.2 HIGH N/A
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."
CVE-2008-3854 1 Ibm 1 Db2 Universal Database 2025-04-09 7.8 HIGH N/A
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.
CVE-2009-0173 1 Ibm 1 Db2 Universal Database 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream.
CVE-2007-5757 1 Ibm 1 Db2 Universal Database 2025-04-09 6.9 MEDIUM N/A
Untrusted search path vulnerability in db2pd in IBM DB2 Universal Database (UDB) 8 before FixPak 16 and 9 before Fix Pack 4 allows local users to gain root privileges via a modified DB2INSTANCE environment variable that points to a malicious library. NOTE: this might be the same issue as CVE-2008-0697.
CVE-2008-3856 1 Ibm 1 Db2 Universal Database 2025-04-09 7.5 HIGH N/A
The routine infrastructure component in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP1 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.
CVE-2007-5664 1 Ibm 1 Db2 Universal Database 2025-04-09 6.9 MEDIUM N/A
db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to overwrite arbitrary files via a symlink attack on files used for initialization.
CVE-2007-6049 3 Ibm, Linux, Unix 3 Db2 Universal Database, Linux Kernel, Unix 2025-04-09 7.2 HIGH N/A
Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, involving a call to dlopen when the effective uid is root.
CVE-2008-3855 1 Ibm 1 Db2 Universal Database 2025-04-09 4.6 MEDIUM N/A
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664.
CVE-2007-5758 1 Ibm 1 Db2 Universal Database 2025-04-09 6.9 MEDIUM N/A
Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable.
CVE-2005-4735 1 Ibm 1 Db2 Universal Database 2025-04-03 6.8 MEDIUM N/A
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
CVE-2005-4740 1 Ibm 1 Db2 Universal Database 2025-04-03 4.0 MEDIUM N/A
IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."
CVE-2005-0417 1 Ibm 1 Db2 Universal Database 2025-04-03 10.0 HIGH N/A
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor.
CVE-2003-1052 1 Ibm 2 Db2, Db2 Universal Database 2025-04-03 7.2 HIGH N/A
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.