CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4945
https://notcve.org/view.php?id=CVE-2020-4945
24 Jun 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5, podría permitir a un usuario autentificado sobrescribir archivos arbitrarios debido a permisos de grupo inapropiados. IBM X-Force ID: 191945 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191945 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.2EPSS: 0%CPEs: 3EXPL: 0CVE-2020-4885
https://notcve.org/view.php?id=CVE-2020-4885
24 Jun 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versión 11.5, podría permitir a un usuario local acceder y cambiar la configuración de Db2 debido a una condición de carrera de un enlace simbólico,. IBM X-Force ID: 190909 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190909 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29702
https://notcve.org/view.php?id=CVE-2021-29702
16 Jun 2021 — Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 11.1.4 y 11.5.5, es vulnerable a una denegación de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente diseñada. IBM X-Force ID: 200658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4588
https://notcve.org/view.php?id=CVE-2019-4588
26 May 2021 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local ejecutar código arbitrario y conducir ataques de secuestro de DLL • https://exchange.xforce.ibmcloud.com/vulnerabilities/167365 • CWE-427: Uncontrolled Search Path Element •
CVSS: 8.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5025
https://notcve.org/view.php?id=CVE-2020-5025
11 Mar 2021 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, db2fm es vulnerable a un desbordamiento del búfer, causado por una comprobación inapropiada de límites que podrí... • https://exchange.xforce.ibmcloud.com/vulnerabilities/193661 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 36EXPL: 0CVE-2020-5024
https://notcve.org/view.php?id=CVE-2020-5024
11 Mar 2021 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un atacante no autenticado causar una denegación de servicio debido a un bloqueo en la respuesta de protocolo de enlace SSL. IBM X-Force ID: 193660 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193660 •
CVSS: 5.1EPSS: 0%CPEs: 36EXPL: 0CVE-2020-4976
https://notcve.org/view.php?id=CVE-2020-4976
11 Mar 2021 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podrían permitir a un usuario local leer y escribir archivos específicos debido a permisos de archivo débiles. IBM X-Force ID: 192469 • https://exchange.xforce.ibmcloud.com/vulnerabilities/192469 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4642
https://notcve.org/view.php?id=CVE-2020-4642
23 Dec 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the "DB2 Management Service". IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podrían permitir a un atacante local causar una denegación de servicio dentro del "DB2 Management Service" • https://exchange.xforce.ibmcloud.com/vulnerabilities/185589 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4739
https://notcve.org/view.php?id=CVE-2020-4739
20 Nov 2020 — IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. IBM DB2 Accessories Suite p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188149 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2020-4701
https://notcve.org/view.php?id=CVE-2020-4701
19 Nov 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.5, 11.1 y 11.5, es vulnerable a un desbordamiento del búfer, causado por una comprobación inapropiada de límites que podría permitir a un atacante local ejecutar código arbitrario ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/187078 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •