CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2018-1977
https://notcve.org/view.php?id=CVE-2018-1977
14 Dec 2018 — IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) contains a denial of service vulnerability. A remote, authenticated DB2 user could exploit this vulnerability by issuing a specially-crafted SELECT statement with TRUNCATE function. IBM X-Force ID: 154032. IBM DB2 para Linux, UNIX y Windows 11.1 (incluye DB2 Connect Server) contiene una vulnerabilidad de denegación de servicio (DoS). Un usuario DB2 remoto autenticado podría explotar esta vulnerabilidad enviando una instrucción SELECT esp... • http://www.ibm.com/support/docview.wss?uid=ibm10788089 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1897
https://notcve.org/view.php?id=CVE-2018-1897
30 Nov 2018 — IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 db2pdcfg es vulnerable a un desbordamiento de búfer basado en pila provocado por una comprobación de límites incorrecta que podría permitir que un atacante ejecute código arbitrario. IBM X-Force ID: 152462. • http://www.ibm.com/support/docview.wss?uid=ibm10737295 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1781
https://notcve.org/view.php?id=CVE-2018-1781
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local obtenga acceso root explotando un ataque de enlace simbólico para leer/escribir/corromper un archivo a... • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1799
https://notcve.org/view.php?id=CVE-2018-1799
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local no privilegiado sobrescriba archivos en el sistema, lo que podría provocar daños en la base de datos. IBM X-Force ID: 149429. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1857
https://notcve.org/view.php?id=CVE-2018-1857
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 11.1 podría permitir que un usuario omita el control FGAC y obtenga acceso a datos que no deberían ser visibles. IBM X-Force ID: 151155. • http://www.ibm.com/support/docview.wss?uid=ibm10734059 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1780
https://notcve.org/view.php?id=CVE-2018-1780
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un propietario local de instancias db2 obtenga acceso root explotando un ataque de enlace simbólico para ... • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1834
https://notcve.org/view.php?id=CVE-2018-1834
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podría permitir a un usuario local escalar sus privilegios a root a través de un ataque de enlace simbólico. IBM X-Force ID: 150511. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1802
https://notcve.org/view.php?id=CVE-2018-1802
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. En IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1, los binarios cargaban librerías compartidas de una ruta no fiable, dando a un usuario de bajos privilegios acceso total a la cuenta d... • http://www.ibm.com/support/docview.wss?uid=ibm10733122 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1711
https://notcve.org/view.php?id=CVE-2018-1711
21 Sep 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir a un usuario local obtener privilegios debido a que se permite la modificación de columnas en tareas existentes. IBM X-Force ID: 146369. • http://www.securityfocus.com/bid/105390 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1685
https://notcve.org/view.php?id=CVE-2018-1685
21 Sep 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 contiene una vulnerabilidad en db2cacpy que podría permitir que un usuario local lea cualquier archivo en el sistema. IBM X-Force ID: 145502. • http://www.securityfocus.com/bid/105395 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •