Vulnerabilities > IBM > DB2 > Critical

DATE CVE VULNERABILITY TITLE RISK
2012-09-25 CVE-2012-3324 Path Traversal vulnerability in IBM DB2 and DB2 Connect
Directory traversal vulnerability in the UTL_FILE module in IBM DB2 and DB2 Connect 10.1 before FP1 on Windows allows remote authenticated users to modify, delete, or read arbitrary files via a pathname in the file field.
network
low complexity
ibm microsoft CWE-22
critical
9.0
2012-03-20 CVE-2012-1797 Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors.
network
low complexity
ibm CWE-264
critical
10.0
2010-10-05 CVE-2010-3731 Buffer Errors vulnerability in IBM DB2 9.5
Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string.
network
low complexity
ibm CWE-119
critical
10.0
2010-08-31 CVE-2010-3193 Unspecified vulnerability in IBM DB2 9.1/9.5/9.7
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
network
low complexity
ibm
critical
10.0
2009-12-16 CVE-2009-4335 Remote Security vulnerability in IBM DB2 9.5
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits."
network
low complexity
ibm
critical
10.0
2009-09-29 CVE-2009-3473 Remote Security vulnerability in IBM DB2 9.1
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
network
low complexity
ibm
critical
10.0
2009-06-03 CVE-2008-6820 Configuration vulnerability in IBM DB2 8.0/9.1/9.5
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
network
low complexity
ibm microsoft CWE-16
critical
10.0
2009-06-03 CVE-2008-6821 Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
network
low complexity
ibm CWE-119
critical
10.0
2008-10-22 CVE-2008-4692 Remote Security vulnerability in DB2
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors.
network
low complexity
ibm
critical
10.0
2008-02-13 CVE-2007-3676 Resource Management Errors vulnerability in IBM DB2
IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before Fix Pack 16 and 9 before Fix Pack 4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via modified pointer values in unspecified remote administration requests, which triggers memory corruption or other invalid memory access.
network
low complexity
ibm CWE-399
critical
10.0