Page 13 of 67 results (0.009 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. • https://www.exploit-db.com/exploits/24677 http://marc.info/?l=bugtraq&m=110495483501494&w=2 http://secunia.com/advisories/12733 http://www-1.ibm.com/support/docview.wss?uid=swg1IY61781 http://www.nextgenss.com/advisories/db205012005G.txt http://www.securityfocus.com/bid/11400 https://exchange.xforce.ibmcloud.com/vulnerabilities/17614 •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. • http://marc.info/?l=bugtraq&m=110495620513954&w=2 http://secunia.com/advisories/12733 http://www.ngssoftware.com/advisories/db205012005I.txt http://www.securityfocus.com/bid/12170 https://exchange.xforce.ibmcloud.com/vulnerabilities/18761 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 2%CPEs: 1EXPL: 0

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. • http://marc.info/?l=bugtraq&m=110495554227717&w=2 http://secunia.com/advisories/12733 http://www-1.ibm.com/support/docview.wss?uid=swg1IY62297 http://www.nextgenss.com/advisories/db205012005H.txt http://www.securityfocus.com/bid/11404 https://exchange.xforce.ibmcloud.com/vulnerabilities/17617 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 2.1EPSS: 0%CPEs: 9EXPL: 0

Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY73104&apar=only •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 4

Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd. Múltiples desbordamientos de búfer en IBM DB2 Universal Database 8.1 pueden permitir a usuarios locales ejecutar código de su elección mediante argumentos de línea de comandos largos a (1)db2start, (2) db2stop, o (3) db2govd. • https://www.exploit-db.com/exploits/23349 https://www.exploit-db.com/exploits/23347 https://www.exploit-db.com/exploits/23348 http://www.secnetops.com/research/advisories/SRT2003-11-06-0710.txt http://www.securityfocus.com/archive/1/343804 http://www.securityfocus.com/bid/8990 https://exchange.xforce.ibmcloud.com/vulnerabilities/13633 •