CVSS: 7.1EPSS: 10%CPEs: 43EXPL: 0CVE-2012-2197
https://notcve.org/view.php?id=CVE-2012-2197
Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. Un desbordamiento de búfer basado en pila en la infraestructura de procedimiento almacenado de Java ('Java Stored Procedure infrastructure') en IBM DB2 v9.1 antes de FP12, v9.5 a FP9, v9.7 a FP6, v9.8 a FP5, y v10.1 permite a usuarios remotos autenticados ejecutar código de su elección aprovechándose de ciertos privilegios CONNECT y EXECUTE. • http://secunia.com/advisories/49919 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84555 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84752 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84753 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84754 http://www-01.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2194
https://notcve.org/view.php?id=CVE-2012-2194
Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored procedure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to replace JAR files via unspecified vectors. Una vulnerabilidad de salto de directorio en el procedimiento almacenado SQLJ.DB2_INSTALL_JAR en IBM DB2 v9.1 antes de FP12, v9.5 hasta FP9, v9.7 hasta FP6, v9.8 hasta FP5 y v10.1 permite a atacantes remotos reemplazar los archivos JAR a través de vectores no especificados. • http://secunia.com/advisories/49919 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84019 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84711 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84714 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84715 http://www-01.ibm.com/support/docview.wss? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 43EXPL: 0CVE-2012-2196
https://notcve.org/view.php?id=CVE-2012-2196
IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote attackers to read arbitrary XML files via the (1) GET_WRAP_CFG_C or (2) GET_WRAP_CFG_C2 stored procedure. IBM DB2 v9.1 antes de FP12, v9.5 hasta el FP9, v9.7 hasta el FP6, v9.8 hasta el FP5 y v10.1 permite a atacantes remotos leer archivos XML de su elección a través de los procedimientos almacenados (1) GET_WRAP_CFG_C o (2) GET_WRAP_CFG_C2. • http://secunia.com/advisories/49919 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84614 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84712 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84748 http://www-01.ibm.com/support/docview.wss?uid=swg1IC84750 http://www-01.ibm.com/support/docview.wss? • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2012-1797
https://notcve.org/view.php?id=CVE-2012-1797
IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has unspecified impact and attack vectors. IBM DB2 v9.5 utiliza permisos de escritura globales para nodes.reg, lo que tiene un impacto y vectores de ataque no especificados. • http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC79518 http://www-01.ibm.com/support/docview.wss?uid=swg1IC79518 https://exchange.xforce.ibmcloud.com/vulnerabilities/74326 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14922 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 18EXPL: 0CVE-2012-1796
https://notcve.org/view.php?id=CVE-2012-1796
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en IBM Tivoli Monitoring Agent (ITMA), tal como se utiliza en IBM DB2 9.5 antes de FP9 en UNIX, permite a usuarios locales conseguir privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970 http://www-01.ibm.com/support/docview.wss?uid=swg21586193 https://exchange.xforce.ibmcloud.com/vulnerabilities/74325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526 •