CVSS: 8.8EPSS: 12%CPEs: 43EXPL: 0CVE-2012-2197
https://notcve.org/view.php?id=CVE-2012-2197
25 Jul 2012 — Stack-based buffer overflow in the Java Stored Procedure infrastructure in IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through FP5, and 10.1 allows remote authenticated users to execute arbitrary code by leveraging certain CONNECT and EXECUTE privileges. Un desbordamiento de búfer basado en pila en la infraestructura de procedimiento almacenado de Java ('Java Stored Procedure infrastructure') en IBM DB2 v9.1 antes de FP12, v9.5 a FP9, v9.7 a FP6, v9.8 a FP5, y v10.1 permite a usuarios rem... • http://secunia.com/advisories/49919 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 9EXPL: 0CVE-2012-2180
https://notcve.org/view.php?id=CVE-2012-2180
20 Jun 2012 — The chaining functionality in the Distributed Relational Database Architecture (DRDA) module in IBM DB2 9.7 before FP6 and 9.8 before FP5 allows remote attackers to cause a denial of service (NULL pointer dereference, and resource consumption or daemon crash) via a crafted request. La funcionalidad de encadenamiento en el módulo de arquitectura de bases de datos relacionales distribuidas - 'Distributed Relational Database Architecture'(DRDA) en IBM DB2 v9.7 antes de FP6 y 9.8 antes de FP5, permite a atacant... • http://www.ibm.com/support/docview.wss?uid=swg1IC82234 •
CVSS: 8.1EPSS: 0%CPEs: 24EXPL: 0CVE-2012-0709
https://notcve.org/view.php?id=CVE-2012-0709
20 Mar 2012 — IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. IBM DB2 v9.5 anteriores a vFP9, v9.7 hasta vFP5, y v9.8 hasta vFP4 no comprueban las variables de forma adecuada, lo que permite a usuarios remotos autenticados evitar las restricciones de visionado de datos de tablas, mediante la ele... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 38EXPL: 0CVE-2012-0710
https://notcve.org/view.php?id=CVE-2012-0710
20 Mar 2012 — IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. IBM DB2 9.1 antes de FP11, 9.5 antes de FP9, 9.7 antes de FP5, y 9.8 antes de FP4 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud Distributed Relational Database Architecture (DRDA) modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 7%CPEs: 41EXPL: 0CVE-2012-0711
https://notcve.org/view.php?id=CVE-2012-0711
20 Mar 2012 — Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow. Un error de entero sin signo en el proceso db2dasrrm del servidor de administración de DB2 (DAS) en IBM DB2 v9.1 hasta FP11, v9.5 antes de vFP9, y v9.7 hasta FP5 para UNIX permite a atacantes remotos ejecutar código de su el... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 1%CPEs: 24EXPL: 0CVE-2012-0712
https://notcve.org/view.php?id=CVE-2012-0712
20 Mar 2012 — The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. La función de XML en IBM DB2 v9.5 antes de FP9, v9.7 hasta FP5, y v9.8 hasta FP4 permite a usuarios remotos autenticados provocar una denegación de servicio (bucle infinito) llamando a la función XMLPARSE con una expresión de cadena modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379 • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1373
https://notcve.org/view.php?id=CVE-2011-1373
09 Nov 2011 — Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad no especificada en IBM DB2 v9.7 antes de FP5 en UNIX, cuando las características Self Tuning Memory Manager (STMM) y AUTOMATIC DATABASE_MEMORY están configuradas, permite a usuarios locales provocar una denegación de servicio (caída del demoni... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4061
https://notcve.org/view.php?id=CVE-2011-4061
18 Oct 2011 — Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. Múltiples vulnerabilidades de búsqueda no confiable en (1) db2rspgn y (2) kbbacf1 en IBM DB2 Express Edition v9.7, que se utiliza en el IBM Tivoli Monitoring para bases de datos: El agente de DB2, permi... • http://securityreason.com/securityalert/8476 •
CVSS: 8.1EPSS: 1%CPEs: 16EXPL: 0CVE-2011-1846
https://notcve.org/view.php?id=CVE-2011-1846
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no revoca correctamente la pertenencia a grupos, lo que permite a usuar... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 16EXPL: 0CVE-2011-1847
https://notcve.org/view.php?id=CVE-2011-1847
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no fuerzan correctamente los requisitos de privilegios para acceder a la tabla, permitiendo a usuarios remotos autentica... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •