CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1373
https://notcve.org/view.php?id=CVE-2011-1373
09 Nov 2011 — Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad no especificada en IBM DB2 v9.7 antes de FP5 en UNIX, cuando las características Self Tuning Memory Manager (STMM) y AUTOMATIC DATABASE_MEMORY están configuradas, permite a usuarios locales provocar una denegación de servicio (caída del demoni... • http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4061
https://notcve.org/view.php?id=CVE-2011-4061
18 Oct 2011 — Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. Múltiples vulnerabilidades de búsqueda no confiable en (1) db2rspgn y (2) kbbacf1 en IBM DB2 Express Edition v9.7, que se utiliza en el IBM Tivoli Monitoring para bases de datos: El agente de DB2, permi... • http://securityreason.com/securityalert/8476 •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1846
https://notcve.org/view.php?id=CVE-2011-1846
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly revoke role membership from groups, which allows remote authenticated users to execute non-DDL statements by leveraging previous inherited possession of a role, a different vulnerability than CVE-2011-0757. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no revoca correctamente la pertenencia a grupos, lo que permite a usuar... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.1EPSS: 0%CPEs: 16EXPL: 0CVE-2011-1847
https://notcve.org/view.php?id=CVE-2011-1847
03 May 2011 — IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows does not properly enforce privilege requirements for table access, which allows remote authenticated users to modify SYSSTAT.TABLES statistics columns via an UPDATE statement. NOTE: some of these details are obtained from third party information. IBM DB2 v9.5 anterior a FP7 y v9.7 anterior a FP4 en Linux, UNIX y Windows no fuerzan correctamente los requisitos de privilegios para acceder a la tabla, permitiendo a usuarios remotos autentica... • http://secunia.com/advisories/44229 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2011-0757
https://notcve.org/view.php?id=CVE-2011-0757
02 Feb 2011 — IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP6a, y v9.7 anterior a FP2 en Linux, UNIX y Windows no revoca correctamente la autorización DBADM, que permite a usuarios autenticados remotamente ejecutar instrucciones no-DDL aprovechandose de la posesión ... • http://osvdb.org/70773 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 77%CPEs: 30EXPL: 0CVE-2011-0731
https://notcve.org/view.php?id=CVE-2011-0731
01 Feb 2011 — Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el componente DB2 Administration Server (DAS) para IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP7, y v9.7 anterior a FP3 en Linux, UNIX, y Windows permite a atacantes remotos ejecutar código a través de vectores desconocidos • http://secunia.com/advisories/43059 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3732
https://notcve.org/view.php?id=CVE-2010-3732
05 Oct 2010 — The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (database server ABEND) by using the client CLI on Linux, UNIX, or Windows for executing a prepared statement with a large number of parameter markers. El componente DRDA Services en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegación de servicio (ABEND en el servidor de base de datos) usando el cliente CLI sobre Linux, UNIX o Windows par... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3738
https://notcve.org/view.php?id=CVE-2010-3738
05 Oct 2010 — The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. El componente Security en IBM DB2 UDB v9.5 anterior a FP6a registra eventos usando valores USERID y AUTHID correspondientes a la instancia del usuario propietario en v... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3734
https://notcve.org/view.php?id=CVE-2010-3734
05 Oct 2010 — The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, and Windows enforces an unintended limit on password length, which makes it easier for attackers to obtain access via a brute-force attack. El componente Install en IBM DB2 UDB v9.5 anterior a FP6a sobre Linux, UNIX y Windows, tiene una limitación en el número de caracteres en la longitud de una contraseña, lo que facilita a atacantes acceder a través de un ataque de fuerza bruta. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3736
https://notcve.org/view.php?id=CVE-2010-3736
05 Oct 2010 — Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. Fuga de memoria en el componente Relational Data Services en IBM DB2 UDB v9.5 anterior a FP6a, cuando el concentrador de conexión está activado, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de la... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-399: Resource Management Errors •