Vulnerabilities > IBM > DB2 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-09-12 | CVE-2017-1451 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.2 |
2017-09-12 | CVE-2017-1439 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.2 |
2017-09-12 | CVE-2017-1438 | Unspecified vulnerability in IBM DB2 and DB2 Connect IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. | 7.2 |
2015-07-20 | CVE-2015-1935 | Code vulnerability in IBM DB2 The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors. | 8.0 |
2014-09-04 | CVE-2014-3094 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to execute arbitrary code via a crafted ALTER MODULE statement. | 8.5 |
2014-05-30 | CVE-2014-0907 | Local Privilege Escalation vulnerability in Multiple IBM DB2 Products Multiple untrusted search path vulnerabilities in unspecified (1) setuid and (2) setgid programs in IBM DB2 9.5, 9.7 before FP9a, 9.8, 10.1 before FP3a, and 10.5 before FP3a on Linux and UNIX allow local users to gain root privileges via a Trojan horse library. | 7.2 |
2014-05-30 | CVE-2013-6744 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority. | 8.5 |
2013-06-05 | CVE-2013-3475 | Buffer Errors vulnerability in IBM Db2, DB2 Connect and Smart Analytics System 7600 Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 and DB2 Connect 9.1, 9.5, 9.7, 9.8, and 10.1, as used in Smart Analytics System 7600 and other products, allows local users to gain privileges via unspecified vectors. | 7.2 |
2012-10-20 | CVE-2012-4826 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 8.5 |
2012-07-25 | CVE-2012-2197 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. | 7.1 |