CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4135
https://notcve.org/view.php?id=CVE-2020-4135
19 Feb 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario no autenticado enviar paquetes especialmente diseñados para causar una denegación de servicio debido a un uso excesivo de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173806 •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2019-4606
https://notcve.org/view.php?id=CVE-2019-4606
12 Dec 2019 — IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a local attacker to execute arbitrary code on the system, caused by an untrusted search path vulnerability. By using a executable file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 168298. La carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, podría permitir a un atacante local ejecutar código arbitrario en el sistema, causado por una vulnerabilidad de ruta de bús... • https://exchange.xforce.ibmcloud.com/vulnerabilities/168298 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2019-4523
https://notcve.org/view.php?id=CVE-2019-4523
22 Oct 2019 — IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 165481. Una carga de IBM DB2 High Performance Unload para LUW versiones 6.1 y 6.5, es vulnerable a un desbordamiento del búfer, causado por una comprobación de límites inapropiada que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privil... • https://exchange.xforce.ibmcloud.com/vulnerabilities/165481 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4448
https://notcve.org/view.php?id=CVE-2019-4448
26 Aug 2019 — IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum and db2hpum_debug binaries are setuid root and have built-in options that allow an low privileged user the ability to load arbitrary db2 libraries from a privileged context. This results in arbitrary code being executed with root authority. IBM X-Force ID: 163489. IBM DB2 High Performance Unload carga para LUW versiones 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1 y 6.1.0.1 IF2, los archi... • http://www.ibm.com/support/docview.wss?uid=ibm10964592 • CWE-269: Improper Privilege Management •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2019-4447
https://notcve.org/view.php?id=CVE-2019-4447
26 Aug 2019 — IBM DB2 High Performance Unload load for LUW 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1, and 6.1.0.1 IF2 db2hpum_debug is a setuid root binary which trusts the PATH environment variable. A low privileged user can execute arbitrary commands as root by altering the PATH variable to point to a user controlled location. When a crash is induced the trojan gdb command is executed. IBM X-Force ID: 163488. IBM DB2 High Performance Unload carga para LUW versiones 6.1, 6.1.0.1, 6.1.0.1 IF1, 6.1.0.2, 6.1.0.2 IF1 ... • http://www.ibm.com/support/docview.wss?uid=ibm10964592 • CWE-427: Uncontrolled Search Path Element •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-4386
https://notcve.org/view.php?id=CVE-2019-4386
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow an authenticated user to execute a function that would cause the server to crash. IBM X-Force ID: 162714. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) en la versión 11.1 podría permitir que un usuario autenticado ejecute una función que podría hacer que el servidor se bloquee. ID de IBM X-Force: 162714. • http://www.securityfocus.com/bid/109019 • CWE-749: Exposed Dangerous Method or Function •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4322
https://notcve.org/view.php?id=CVE-2019-4322
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM X-Force... • http://www.securityfocus.com/bid/109002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 39EXPL: 0CVE-2019-4154
https://notcve.org/view.php?id=CVE-2019-4154
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 158519. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM X-Force... • http://www.securityfocus.com/bid/109024 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2019-4102
https://notcve.org/view.php?id=CVE-2019-4102
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 158092. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.0 usa algoritmos criptográficos más débiles de lo esperado que permitiría que un atacante descifre información muy confidencial. ID de IBM X-Force: 158092. • http://www.securityfocus.com/bid/109026 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.2EPSS: 0%CPEs: 37EXPL: 0CVE-2019-4101
https://notcve.org/view.php?id=CVE-2019-4101
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 is vulnerable to a denial of service. Users that have both EXECUTE on PD_GET_DIAG_HIST and access to the diagnostic directory on the DB2 server can cause the instance to crash. IBM X-Force ID: 158091. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 10.1, 10.5, y 11.1 es vulnerable a un ataque de Denegación de Servicio. Los usuarios que tienen EXECUTE en PD_GET_DIAG_HIST y el acceso al directorio ... • http://www.securityfocus.com/bid/109021 •