CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1711
https://notcve.org/view.php?id=CVE-2018-1711
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir a un usuario local obtener privilegios debido a que se permite la modificación de columnas en tareas existentes. IBM X-Force ID: 146369. • http://www.securityfocus.com/bid/105390 http://www.securitytracker.com/id/1042175 https://exchange.xforce.ibmcloud.com/vulnerabilities/146369 https://www.ibm.com/support/docview.wss?uid=ibm10729983 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1458
https://notcve.org/view.php?id=CVE-2018-1458
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10,1, 10.5 and 11.1 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM X-Force ID: 140209. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podría permitir a un usuario local ejecutar código arbitrario y llevar a cabo ataques de secuestro de DLL. IBM X-Force ID: 140209. • http://www.securitytracker.com/id/1041230 https://exchange.xforce.ibmcloud.com/vulnerabilities/140209 https://www.ibm.com/support/docview.wss?uid=swg22016624 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1487
https://notcve.org/view.php?id=CVE-2018-1487
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5 and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege users full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 140972. Los binarios IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 cargan bibliotecas compartidas de una ruta no fiable que puede otorgar a usuarios con pocos privilegios acceso total a la cuenta de la instancia DB2 mediante la carga de una biblioteca compartida maliciosa. IBM X-Force ID: 140972. • http://www.ibm.com/support/docview.wss?uid=swg22016505 http://www.securitytracker.com/id/1041231 https://exchange.xforce.ibmcloud.com/vulnerabilities/140972 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1566
https://notcve.org/view.php?id=CVE-2018-1566
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to execute arbitrary code due to a format string error. IBM X-Force ID: 143023. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) podría permitir a un usuario local ejecutar código arbitrario debido a un error de cadena de formato. IBM X-Force ID: 143023. • http://www.ibm.com/support/docview.wss?uid=swg22016182 http://www.securityfocus.com/bid/104740 http://www.securitytracker.com/id/1041229 https://exchange.xforce.ibmcloud.com/vulnerabilities/143023 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1449
https://notcve.org/view.php?id=CVE-2018-1449
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podría permitir a un usuario local sobrescribir archivos arbitrarios pertenecientes al propietario de la instancia del DB2. IBM X-Force ID: 140044. • http://www.ibm.com/support/docview.wss?uid=swg22016181 http://www.securitytracker.com/id/1041004 https://exchange.xforce.ibmcloud.com/vulnerabilities/140044 •