CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2008-4691
https://notcve.org/view.php?id=CVE-2008-4691
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. Vulnerabilidad sin especificar en la función SQLNLS_UNPADDEDCHARLEN en el componente New Compiler (también conocido como Starburst derived compiler) en el servidor en IBM DB2 v9.1 anterior a FP6, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación y "trap" -trampa-) a través de vectores desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 •
CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2008-4693
https://notcve.org/view.php?id=CVE-2008-4693
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." El componente SORT/LIST SERVICES en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP2 escribe información sensible en la salida del trazado (trace), lo que permite a atacantes obtener información sensible mediante la lectura de "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 https://exchange.xforce.ibmcloud.com/vulnerabilities/46022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2008-3959
https://notcve.org/view.php?id=CVE-2008-3959
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. IBM DB2 UDB 8.1 anterior FixPak 16, y v8.2 anterior al FixPak 9, permite a atacantes remotos provocar una denegación de servicio (caída de instancia) a través de un flujo de datos CONNECT/ATTACH manipulado que simula una petición cliente connect/attach V7. • http://secunia.com/advisories/29022 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043 http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 •
CVSS: 7.5EPSS: 1%CPEs: 23EXPL: 0CVE-2008-3958
https://notcve.org/view.php?id=CVE-2008-3958
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. IBM DB2 UDB 8 antes del Fixpak 17 permite a atacantes remotos provocar una denegación de servicio (caída de la instancia) mediante una cadena de datos CONNECT/ATTACH manipulada que simula una petición de cliente V7 conectar/adjuntar. NOTA: esto podría superponerse con CVE-2008-3858. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT http://osvdb.org/48144 http://secunia.com/advisories/31787 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134 http://www.securityfocus.com/bid/31058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 •
CVSS: 9.0EPSS: 0%CPEs: 31EXPL: 0CVE-2008-1997
https://notcve.org/view.php?id=CVE-2008-1997
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699. Vulnerabilidad no especificada en el procedimiento ADMIN_SP_C2 de IBM DB2 8 anterior a FP16, 9.1 anterior a FP4a, y 9.5 anterior a FP1; permite a usuarios autenticados en remoto ejecutar código de su elección mediante vectores desconocidos. NOTA: la vulnerabilidad de ADMIN_SP_C ya fue tratada en CVE-2008-0699. • http://secunia.com/advisories/29022 http://securityreason.com/securityalert/3841 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ06972 http://www.appsecinc.com/resources/alerts/db2/2008-02.shtml http://www.securityfocus.com/archive/1/491075/100/0/threaded • CWE-94: Improper Control of Generation of Code ('Code Injection') •