CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2010-3197
https://notcve.org/view.php?id=CVE-2010-3197
31 Aug 2010 — IBM DB2 9.7 before FP2 does not perform the expected access control on the monitor administrative views in the SYSIBMADM schema, which allows remote attackers to obtain sensitive information via unspecified vectors. IBM DB2 v9.7 anterior a FP2 no realiza correctamente el control de acceso en el monitor de vistas administrativas en el esquema SYSIBMADM, lo que permite a atacantes remotos obtener información sensible a través de vectores sin especificar. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC67819 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 12EXPL: 0CVE-2010-1560
https://notcve.org/view.php?id=CVE-2010-1560
27 Apr 2010 — Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 allows remote authenticated users to cause a denial of service (trap) via unspecified vectors. NOTE: this might overlap CVE-2010-0462. Un desbordamiento de búfer en la función REPEAT en DB2 de IBM versión 9.1 anterior a FP9, permite a los usuarios autenticados remotos causar una denegación de servicio (trampa) por medio de vectores no especificados. NOTA: esto podría solaparse al CVE-2010-0462. • http://attrition.org/pipermail/vim/2010-April/002341.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 13%CPEs: 26EXPL: 3CVE-2010-0462 – IBM DB2 - 'REPEAT()' Local Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0462
28 Jan 2010 — Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. Un desbordamiento de búfer en la región heap de la memoria en DB2 de IBM versión 9.1 anterior a FP9, versión 9.5 anterior a FP6 y versión 9.7 anterior a FP2, permite a los usuarios autenticados remotos tener un impacto no especificado por medio de una declaración SELECT q... • https://www.exploit-db.com/exploits/33572 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 1%CPEs: 19EXPL: 0CVE-2009-4438
https://notcve.org/view.php?id=CVE-2009-4438
28 Dec 2009 — The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. El componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.1 anteriores a FP8, v9.5 anteriores a FP5, v9.7 anteriores a FP1 no refuerza los requisitos de privilegios para acceder a (1) una secuencia o (2)... • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 1%CPEs: 8EXPL: 0CVE-2009-4439
https://notcve.org/view.php?id=CVE-2009-4439
28 Dec 2009 — Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. Vulnerabilidad no especificada en el componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.5 anteriores a FP5 permite a usuarios autenticados remotamente provocar una denegación de servicio (parada de la instancia) al compilar una consulta SQL. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4326
https://notcve.org/view.php?id=CVE-2009-4326
16 Dec 2009 — The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. La función RAND scalar en el componente Common Code Infrastructure en IBM DB2 v9.5 anterior a FP5 y v9.7 anterior a FP1, cuando se usa la característica Database Partitioning Feature (DPF), provoca rep... • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 8EXPL: 0CVE-2009-4327
https://notcve.org/view.php?id=CVE-2009-4327
16 Dec 2009 — The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service (memory consumption) via unspecified vectors. El componente Common Code Infrastructure en IBM DB2 v9.5 anterior a FP5 y v9.7 anterior a FP1, no valida adecuadamente el tamaño del pool de memoria durante un intento de creación, lo que permite a atacantes provocar una denegación de servicio (con... • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 1%CPEs: 7EXPL: 2CVE-2009-4329
https://notcve.org/view.php?id=CVE-2009-4329
16 Dec 2009 — Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. Vulnerabilidad sin especificar en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5, permite a usuarios autenticados remotamente provocar una denegación de servicio (fallo de segmentación) mediante la modificación de la cadena db2ra enviada en una petici... • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2009-4330
https://notcve.org/view.php?id=CVE-2009-4330
16 Dec 2009 — Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. Vulnerabilidad sin especificar en db2licm en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5 tiene un impacto y vectores de ataque desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT •
CVSS: 7.2EPSS: 0%CPEs: 8EXPL: 2CVE-2009-4331
https://notcve.org/view.php?id=CVE-2009-4331
16 Dec 2009 — The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 configures the High Availability (HA) scripts with incorrect file-permission and authorization settings, which has unknown impact and local attack vectors. El componente Install en IBM DB2 v9.5 anterior FP5 y v9.7 anterior a FP1, configura las secuencias de comandos High Availability (HA) los permisos de archivos y la autorización de configuración de manera incorrecta, lo que supone un impacto y vectores de ataque locales desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •