CVE-2021-20579
https://notcve.org/view.php?id=CVE-2021-20579
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user who can create a view or inline SQL function to obtain sensitive information when AUTO_REVAL is set to DEFFERED_FORCE. IBM X-Force ID: 199283. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario que pueda crear una visualización o una función SQL en línea obtener información confidencial cuando la función AUTO_REVAL está ajustado como la función DEFFERED_FORCE. IBM X-Force ID: 199283 • https://exchange.xforce.ibmcloud.com/vulnerabilities/199283 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466369 •
CVE-2020-4945
https://notcve.org/view.php?id=CVE-2020-4945
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow an authenticated user to overwrite arbirary files due to improper group permissions. IBM X-Force ID: 191945. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) 11.5, podría permitir a un usuario autentificado sobrescribir archivos arbitrarios debido a permisos de grupo inapropiados. IBM X-Force ID: 191945 • https://exchange.xforce.ibmcloud.com/vulnerabilities/191945 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466367 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-4885
https://notcve.org/view.php?id=CVE-2020-4885
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 could allow a local user to access and change the configuration of Db2 due to a race condition of a symbolic link,. IBM X-Force ID: 190909. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versión 11.5, podría permitir a un usuario local acceder y cambiar la configuración de Db2 debido a una condición de carrera de un enlace simbólico,. IBM X-Force ID: 190909 • https://exchange.xforce.ibmcloud.com/vulnerabilities/190909 https://security.netapp.com/advisory/ntap-20210720-0006 https://www.ibm.com/support/pages/node/6466363 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-29702
https://notcve.org/view.php?id=CVE-2021-29702
Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1.4 and 11.5.5 is vulnerable to a denial of service as the server terminates abnormally when executing a specially crafted SELECT statement. IBM X-Force ID: 200658. Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 11.1.4 y 11.5.5, es vulnerable a una denegación de servicio, ya que el servidor termina de forma anormal cuando se ejecuta una sentencia SELECT especialmente diseñada. IBM X-Force ID: 200658 • https://exchange.xforce.ibmcloud.com/vulnerabilities/200658 https://security.netapp.com/advisory/ntap-20210720-0005 https://www.ibm.com/support/pages/node/6463985 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVE-2019-4588
https://notcve.org/view.php?id=CVE-2019-4588
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to execute arbitrary code and conduct DLL hijacking attacks. IBM Db2 para Linux, UNIX y Windows (incluye Db2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local ejecutar código arbitrario y conducir ataques de secuestro de DLL • https://exchange.xforce.ibmcloud.com/vulnerabilities/167365 https://security.netapp.com/advisory/ntap-20210629-0004 https://www.ibm.com/support/pages/node/6456029 • CWE-427: Uncontrolled Search Path Element •