CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1834
https://notcve.org/view.php?id=CVE-2018-1834
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podría permitir a un usuario local escalar sus privilegios a root a través de un ataque de enlace simbólico. IBM X-Force ID: 150511. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 http://www.securityfocus.com/bid/105885 http://www.securitytracker.com/id/1042086 https://exchange.xforce.ibmcloud.com/vulnerabilities/150511 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-1857
https://notcve.org/view.php?id=CVE-2018-1857
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 could allow a user to bypass FGAC control and gain access to data they shouldn't be able to see. IBM X-Force ID: 151155. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 11.1 podría permitir que un usuario omita el control FGAC y obtenga acceso a datos que no deberían ser visibles. IBM X-Force ID: 151155. • http://www.ibm.com/support/docview.wss?uid=ibm10734059 http://www.securityfocus.com/bid/105883 http://www.securitytracker.com/id/1042176 https://exchange.xforce.ibmcloud.com/vulnerabilities/151155 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1685
https://notcve.org/view.php?id=CVE-2018-1685
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 contiene una vulnerabilidad en db2cacpy que podría permitir que un usuario local lea cualquier archivo en el sistema. IBM X-Force ID: 145502. • http://www.securityfocus.com/bid/105395 http://www.securitytracker.com/id/1041671 https://exchange.xforce.ibmcloud.com/vulnerabilities/145502 https://www.ibm.com/support/docview.wss?uid=ibm10729979 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.4EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1710
https://notcve.org/view.php?id=CVE-2018-1710
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364. En IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 10.1, 10.5 y 11.1, la herramienta db2licm se ve afectada por una vulnerabilidad de desbordamiento de búfer que podría resultar en la ejecución de código arbitrario. IBM X-Force ID: 146364. • http://www.securityfocus.com/bid/105391 https://exchange.xforce.ibmcloud.com/vulnerabilities/146364 https://usn.ubuntu.com/3906-2 https://www.ibm.com/support/docview.wss?uid=ibm10729981 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1711
https://notcve.org/view.php?id=CVE-2018-1711
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir a un usuario local obtener privilegios debido a que se permite la modificación de columnas en tareas existentes. IBM X-Force ID: 146369. • http://www.securityfocus.com/bid/105390 http://www.securitytracker.com/id/1042175 https://exchange.xforce.ibmcloud.com/vulnerabilities/146369 https://www.ibm.com/support/docview.wss?uid=ibm10729983 • CWE-732: Incorrect Permission Assignment for Critical Resource •