CVE-2020-4945
https://notcve.org/view.php?id=CVE-2020-4945
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5, podría permitir a un usuario autentificado sobrescribir archivos arbitrarios debido a permisos de grupo inapropiados. IBM X-Force ID: 191945 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191945 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466367 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-4885
https://notcve.org/view.php?id=CVE-2020-4885
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versión 11.5, podría permitir a un usuario local acceder y cambiar la configuración de Db2 debido a una condición de carrera de un enlace simbólico,. IBM X-Force ID: 190909 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190909 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466363 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-29702
https://notcve.org/view.php?id=CVE-2021-29702
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 11.1.4 y 11.5.5, es vulnerable a una denegación de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente diseñada. IBM X-Force ID: 200658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 https://security.netapp.com/advisory/ntap-20210720-0005 https://www.ibm.com/support/pages/node/6463985 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2019-4588
https://notcve.org/view.php?id=CVE-2019-4588
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local ejecutar código arbitrario y conducir ataques de secuestro de DLL • https://exchange.xforce.ibmcloud.com/vulnerabilities/167365 https://security.netapp.com/advisory/ntap-20210629-0004 https://www.ibm.com/support/pages/node/6456029 • CWE-427: Uncontrolled Search Path Element •
CVE-2020-5025
https://notcve.org/view.php?id=CVE-2020-5025
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, db2fm es vulnerable a un desbordamiento del búfer, causado por una comprobación inapropiada de límites que podría permitir a un atacante local ejecutar código arbitrario en el sistema con privilegios root. IBM X-Force ID: 193661 • https://exchange.xforce.ibmcloud.com/vulnerabilities/193661 https://security.netapp.com/advisory/ntap-20210409-0003 https://www.ibm.com/support/pages/node/6427855 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •