CVE-2021-20579
https://notcve.org/view.php?id=CVE-2021-20579
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario que pueda crear una visualización o una función SQL en línea obtener información confidencial cuando la función AUTO_REVAL está ajustado como la función DEFFERED_FORCE. IBM X-Force ID: 199283 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199283 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466369 •
CVE-2021-29702
https://notcve.org/view.php?id=CVE-2021-29702
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 11.1.4 y 11.5.5, es vulnerable a una denegación de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente diseñada. IBM X-Force ID: 200658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 https://security.netapp.com/advisory/ntap-20210720-0005 https://www.ibm.com/support/pages/node/6463985 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2019-4588
https://notcve.org/view.php?id=CVE-2019-4588
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local ejecutar código arbitrario y conducir ataques de secuestro de DLL • https://exchange.xforce.ibmcloud.com/vulnerabilities/167365 https://security.netapp.com/advisory/ntap-20210629-0004 https://www.ibm.com/support/pages/node/6456029 • CWE-427: Uncontrolled Search Path Element •
CVE-2020-5025
https://notcve.org/view.php?id=CVE-2020-5025
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, db2fm es vulnerable a un desbordamiento del búfer, causado por una comprobación inapropiada de límites que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios root. IBM X-Force ID: 193661 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193661 https://security.netapp.com/advisory/ntap-20210409-0003 https://www.ibm.com/support/pages/node/6427855 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2020-5024
https://notcve.org/view.php?id=CVE-2020-5024
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un atacante no autenticado causar una denegación de servicio debido a un bloqueo en la respuesta de protocolo de enlace SSL. IBM X-Force ID: 193660 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193660 https://security.netapp.com/advisory/ntap-20210409-0003 https://www.ibm.com/support/pages/node/6427861 •