CVSS: 7.8EPSS: 0%CPEs: 16EXPL: 0CVE-2005-4863
https://notcve.org/view.php?id=CVE-2005-4863
31 Dec 2005 — Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. • http://marc.info/?l=bugtraq&m=110494995113579&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 1%CPEs: 24EXPL: 0CVE-2005-4866
https://notcve.org/view.php?id=CVE-2005-4866
31 Dec 2005 — Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. • http://marc.info/?l=bugtraq&m=110495251101381&w=2 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2005-4738
https://notcve.org/view.php?id=CVE-2005-4738
31 Dec 2005 — IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. • http://secunia.com/advisories/17031 •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 3CVE-2005-4735
https://notcve.org/view.php?id=CVE-2005-4735
31 Dec 2005 — IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817. • http://secunia.com/advisories/17031 •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2005-3643
https://notcve.org/view.php?id=CVE-2005-3643
16 Nov 2005 — IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password. • http://www.ngssoftware.com/papers/database-on-xp.pdf •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0417
https://notcve.org/view.php?id=CVE-2005-0417
14 Feb 2005 — Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. Vulnerabilidad desconocida de "alto riesgo" en DB2 Universal Database 8.1 y anteriores con impacto y vectores de ataque desconocidos. • http://marc.info/?l=bugtraq&m=110801212422825&w=2 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2004-1372
https://notcve.org/view.php?id=CVE-2004-1372
01 Sep 2004 — Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure. • http://marc.info/?l=bugtraq&m=110382462924162&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 3CVE-2003-1052 – IBM DB2 - Shared Library Injection
https://notcve.org/view.php?id=CVE-2003-1052
20 Aug 2004 — IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs. IBM DB2 7.1 y 8.1 permite al usuario bin ganar privilegios de root modificando las librerías compartidas usadas por programas con setuid de root. • https://www.exploit-db.com/exploits/22989 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2003-1049
https://notcve.org/view.php?id=CVE-2003-1049
20 Aug 2004 — IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files. IBM DB2 Universal Database 7 antes de FixPak 12 crea ciertos directorios DMS con permisos inseguros (777), lo que permite a usuarios locales modificar o borrar ciertos ficheros DB2. • http://www-1.ibm.com/support/search.wss?rs=0&q=IY44841&apar=only •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1583
https://notcve.org/view.php?id=CVE-2002-1583
20 Aug 2004 — Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument. Desbordamiento de búfer en sqllib/security/db2ckpw de IBM DB2 Universal Database 6.0 y 7.0 permite a usuarios locales ejecutar código de su elección mediante un nombre de usuario largo que se lee de un argumento de descriptor de fichero. • http://www.iss.net/security_center/static/9078.php •