Vulnerabilities > IBM > DB2 > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-25 | CVE-2012-3324 | Path Traversal vulnerability in IBM DB2 and DB2 Connect Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field. | 9.0 |
2012-03-20 | CVE-2012-1797 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. | 10.0 |
2010-10-05 | CVE-2010-3731 | Buffer Errors vulnerability in IBM DB2 9.5 Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string. | 10.0 |
2010-08-31 | CVE-2010-3193 | Unspecified vulnerability in IBM DB2 9.1/9.5/9.7 Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. | 10.0 |
2009-12-16 | CVE-2009-4335 | Remote Security vulnerability in IBM DB2 9.5 Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." | 10.0 |
2009-09-29 | CVE-2009-3473 | Remote Security vulnerability in IBM DB2 9.1 IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors. | 10.0 |
2009-06-03 | CVE-2008-6820 | Configuration vulnerability in IBM DB2 8.0/9.1/9.5 The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | 10.0 |
2009-06-03 | CVE-2008-6821 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | 10.0 |
2008-10-22 | CVE-2008-4692 | Remote Security vulnerability in DB2 The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. | 10.0 |
2008-02-13 | CVE-2007-3676 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access. | 10.0 |