CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4061
https://notcve.org/view.php?id=CVE-2011-4061
18 Oct 2011 — Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. Múltiples vulnerabilidades de búsqueda no confiable en (1) db2rspgn y (2) kbbacf1 en IBM DB2 Express Edition v9.7, que se utiliza en el IBM Tivoli Monitoring para bases de datos: El agente de DB2, permi... • http://securityreason.com/securityalert/8476 •
CVSS: 8.1EPSS: 1%CPEs: 16EXPL: 0CVE-2011-1846
https://notcve.org/view.php?id=CVE-2011-1846
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no revoca correctamente la pertenencia a grupos, lo que permite a usuar... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 1%CPEs: 16EXPL: 0CVE-2011-1847
https://notcve.org/view.php?id=CVE-2011-1847
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no fuerzan correctamente los requisitos de privilegios para acceder a la tabla, permitiendo a usuarios remotos autentica... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 28EXPL: 0CVE-2011-0757
https://notcve.org/view.php?id=CVE-2011-0757
02 Feb 2011 — IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP6a, y v9.7 anterior a FP2 en Linux, UNIX y Windows no revoca correctamente la autorización DBADM, que permite a usuarios autenticados remotamente ejecutar instrucciones no-DDL aprovechandose de la posesión ... • http://osvdb.org/70773 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 7%CPEs: 30EXPL: 0CVE-2011-0731
https://notcve.org/view.php?id=CVE-2011-0731
01 Feb 2011 — Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el componente DB2 Administration Server (DAS) para IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP7, y v9.7 anterior a FP3 en Linux, UNIX, y Windows permite a atacantes remotos ejecutar código a través de vectores desconocidos • http://secunia.com/advisories/43059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 43%CPEs: 10EXPL: 0CVE-2010-3731
https://notcve.org/view.php?id=CVE-2010-3731
05 Oct 2010 — Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string. Un desbordamiento de búfer en la región stack de la memoria en la implementación validateUser en la función com.ibm.db2.das.core.DasSysCmd en db2dasrrm en el componente DB2 Administration Server (DA... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3732
https://notcve.org/view.php?id=CVE-2010-3732
05 Oct 2010 — The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. El componente DRDA Services en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegación de servicio (ABEND en el servidor de base de datos) usando el cliente CLI sobre Linux, UNIX o Windows par... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3733
https://notcve.org/view.php?id=CVE-2010-3733
05 Oct 2010 — The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. El componente Utilities en IBM DB2 UDB v9.5 anterior a FP6a emplea permisos de escritura para todo el mundo (world-writable) para el archivo sqllib/cfg/db2sprf, lo que podría permitir a usuarios locales obtener privilegios mediante la modificación de este archivo. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3734
https://notcve.org/view.php?id=CVE-2010-3734
05 Oct 2010 — The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. El componente Install en IBM DB2 UDB v9.5 anterior a FP6a sobre Linux, UNIX y Windows, tiene una limitación en el número de caracteres en la longitud de una contraseña, lo que facilita a atacantes acceder a través de un ataque de fuerza bruta. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3735
https://notcve.org/view.php?id=CVE-2010-3735
05 Oct 2010 — The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. El componente Query Compiler, Rewrite, Optimizer en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegación de servicio (consumo de CPU) a través de una petición que involucra a determina... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-399: Resource Management Errors •