CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3740
https://notcve.org/view.php?id=CVE-2010-3740
05 Oct 2010 — The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. La implementación de Net Search Extender (NSE) en el componente de búsqueda de texto en IBM DB2 UDB v9.5 antes de FP6a no controla correctamente una búsqueda alfanumérica difusa, lo que permite causar a usuario... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 29%CPEs: 10EXPL: 0CVE-2010-3731
https://notcve.org/view.php?id=CVE-2010-3731
05 Oct 2010 — Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute arbitrary code via a long username string. Un desbordamiento de búfer en la región stack de la memoria en la implementación validateUser en la función com.ibm.db2.das.core.DasSysCmd en db2dasrrm en el componente DB2 Administration Server (DA... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3733
https://notcve.org/view.php?id=CVE-2010-3733
05 Oct 2010 — The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses world-writable permissions for the sqllib/cfg/db2sprf file, which might allow local users to gain privileges by modifying this file. El componente Utilities en IBM DB2 UDB v9.5 anterior a FP6a emplea permisos de escritura para todo el mundo (world-writable) para el archivo sqllib/cfg/db2sprf, lo que podría permitir a usuarios locales obtener privilegios mediante la modificación de este archivo. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3737
https://notcve.org/view.php?id=CVE-2010-3737
05 Oct 2010 — Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. Fuga de memoria en el componente Relational Data Services en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios remotos autenticados provocar una denegación de servicio (consumo de la memoria dinámica -hea... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2010-3735
https://notcve.org/view.php?id=CVE-2010-3735
05 Oct 2010 — The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. El componente Query Compiler, Rewrite, Optimizer en IBM DB2 UDB v9.5 anterior a FP6a, permite a usuarios autenticados remotamente provocar una denegación de servicio (consumo de CPU) a través de una petición que involucra a determina... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2010-3739
https://notcve.org/view.php?id=CVE-2010-3739
05 Oct 2010 — The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. La característica de auditoría en el componente de seguridad de IBM DB2 UDB v9.5 antes de FP6a utiliza la configuración de auditoría a nivel de instancia para capturar los eventos de... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3474
https://notcve.org/view.php?id=CVE-2010-3474
20 Sep 2010 — IBM DB2 9.7 before FP3 does not perform the expected drops or invalidations of dependent functions upon a loss of privileges by the functions' owners, which allows remote authenticated users to bypass intended access restrictions via calls to these functions, a different vulnerability than CVE-2009-3471. IBM DB2 v9.7 anteriores a FP3 no realiza las descargas esperadas o invalidaciones de las funciones dependientes de una pérdida de privilegios por los propietarios de las funciones, que permite a los usuario... • http://osvdb.org/68121 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-3475
https://notcve.org/view.php?id=CVE-2010-3475
20 Sep 2010 — IBM DB2 9.7 before FP3 does not properly enforce privilege requirements for execution of entries in the dynamic SQL cache, which allows remote authenticated users to bypass intended access restrictions by leveraging the cache to execute an UPDATE statement contained in a compiled compound SQL statement. IBM DB2 v9.7 anteriores a FP3 no aplican correctamente los requisitos de privilegio para la ejecución de las entradas en la caché dinámica SQL, lo que permite a usuarios remotos autenticados eludir las restr... • http://osvdb.org/68122 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2010-3195
https://notcve.org/view.php?id=CVE-2010-3195
31 Aug 2010 — Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." Vulnerabilidad sin especificar en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 en Windows Server 2008 permite a atacantes remotos provocar una denegación de servicio (trampa) a través de vectores involucrados "Grupo especial y enumeración de usuarios" ("special... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT •
CVSS: 9.1EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3194
https://notcve.org/view.php?id=CVE-2010-3194
31 Aug 2010 — The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. El programa DB2DART en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 permite a atacantes evitar las restricciones de los ficheros de acceso previstas a través de vectores sin especificar relacionados con con la sobreescritura de ficheros propietarios por una ins... • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT • CWE-264: Permissions, Privileges, and Access Controls •