CVE-2010-3739
https://notcve.org/view.php?id=CVE-2010-3739
The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. La característica de auditoría en el componente de seguridad de IBM DB2 UDB v9.5 antes de FP6a utiliza la configuración de auditoría a nivel de instancia para capturar los eventos de conexión (también conocidos como CONNECT y AUTHENTICATION) en determinadas circunstancias, lo que podría hacer más fácil a atacantes remotos a la hora de conectarse sin ser descubiertos. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://www-01.ibm.com/support/docview.wss?uid=swg1JR34218 • CWE-287: Improper Authentication •
CVE-2009-4150
https://notcve.org/view.php?id=CVE-2009-4150
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors. dasauto en IBM DB2 v8 anterior a FP18, v9.1 anterior a FP8, v9.5 anterior a FP4, y v9.7 anterior a FP1, permite la ejecución a través de cuentas de usuario sin privilegios, lo que tiene un impacto y vectores de ataque no especificados. • http://secunia.com/advisories/36890 http://secunia.com/advisories/37454 http://securitytracker.com/id?1023242 http://www-01.ibm.com/support/docview.wss?uid=swg1IC64759 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40340 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ40343 http://www-01.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-0173
https://notcve.org/view.php?id=CVE-2009-0173
Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote authenticated users to cause a denial of service (trap) via a crafted data stream. Vulnerabilidad no especificada en el servidor en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP3a permite a atacantes remotos causar denegación de servicio (trampa) a través de una secuencia de datos manipulada. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/33529 http://securitytracker.com/id?1021591 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ39652 http://www-01.ibm.com/support/docview.wss?uid=swg21363936 http://www • CWE-20: Improper Input Validation •
CVE-2009-0172 – IBM DB2 < 9.5 pack 3a - Connect Denial of Service
https://notcve.org/view.php?id=CVE-2009-0172
Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, and 9.5 before FP3a allows remote attackers to cause a denial of service (infinite loop) via a crafted CONNECT data stream. Vulnerabilidad no especificada en IBM DB2 v9.1 anterior a FP6a y 9.5 anterior a FP3a permite a atacantes remotos causar denegación de servicio a través de una secuencia de datos CONNECT manipulada. • https://www.exploit-db.com/exploits/8344 ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/33529 http://securitytracker.com/id?1021591 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ37696 http://www-01.ibm.com/sup • CWE-20: Improper Input Validation •
CVE-2008-3854
https://notcve.org/view.php?id=CVE-2008-3854
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. Múltiples desbordamientos de búfer en la región stack de la memoria en DB2 de IBM versión 9.1 anterior a Fixpak 5 y versión 9.5 anterior a Fixpak 1, permite a atacantes remotos causar una denegación de servicio (interrupción del sistema) por medio de vectores relacionados con (1) el uso de XQuery para emitir sentencias; las sentencias (2) XMLQUERY, (3) XMLEXISTS y (4) XMLTABLE; y (5) la función sqlrlaka. • http://secunia.com/advisories/30558 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ16346 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18431 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18434 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/archive/1/496406/100/0/threaded http://www.securityfocus.com/bid/29601 http://www.vupen.com/english/advisories/2008/1769 https://exchange.xforce.ibmcloud.com/vulnerabilities/42930 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •