CVE-2017-1677
https://notcve.org/view.php?id=CVE-2017-1677
IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) deserializes the contents of /tmp/connlicj.bin which leads to object injection and potentially arbitrary code execution depending on the classpath. IBM X-Force ID: 133999. IBM Data Server Driver para JDBC y SQLJ (IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1) deserializa el contenido de /tmp/connlicj.bin, lo que conduce a una inyección de objetos y a una potencial ejecución de código arbitrario dependiendo del classpath. IBM X-Force ID: 133999. • http://www.ibm.com/support/docview.wss?uid=swg22012896 http://www.securityfocus.com/bid/103422 http://www.securitytracker.com/id/1041227 https://exchange.xforce.ibmcloud.com/vulnerabilities/133999 • CWE-502: Deserialization of Untrusted Data •
CVE-2017-1519
https://notcve.org/view.php?id=CVE-2017-1519
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829. IBM DB2 10.5 y 11.1 es vulnerable a denegaciones de servicio. Un usuario remoto puede provocar la interrupción del servicio en la instalación de DB2 Connect Server con una configuración específica. • http://www.ibm.com/support/docview.wss?uid=swg22007183 http://www.securityfocus.com/bid/100688 http://www.securitytracker.com/id/1039298 https://exchange.xforce.ibmcloud.com/vulnerabilities/129829 • CWE-20: Improper Input Validation •
CVE-2017-1439
https://notcve.org/view.php?id=CVE-2017-1439
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058. IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podría permitir a un usuario local con privilegios de propietario en la instancia DB2 obtener acceso root. IBM X-Force ID: 128058. • http://www.ibm.com/support/docview.wss?uid=swg22006061 http://www.securityfocus.com/bid/100690 http://www.securitytracker.com/id/1039301 https://exchange.xforce.ibmcloud.com/vulnerabilities/128058 •
CVE-2017-1438
https://notcve.org/view.php?id=CVE-2017-1438
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057. IBM DB2 para Linux, UNIX y Windows 9.7, 10,1, 10.5 y 11.1 (incluido DB2 Connect Server) podría permitir a un usuario local con privilegios de propietario en la instancia DB2 obtener acceso root. IBM X-Force ID: 128057. • http://www.ibm.com/support/docview.wss?uid=swg22006885 http://www.securityfocus.com/bid/100685 http://www.securitytracker.com/id/1039300 https://exchange.xforce.ibmcloud.com/vulnerabilities/128057 •
CVE-2017-1434
https://notcve.org/view.php?id=CVE-2017-1434
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user. IBM DB2 para Linux, UNIX y Windows 11.1 (incluye DB2 Connect Server), bajo circunstancias no habituales, podría exponer información altamente sensible a un usuario local mediante el registro de errores. • http://www.ibm.com/support/docview.wss?uid=swg22005740 http://www.securityfocus.com/bid/100693 http://www.securitytracker.com/id/1039297 https://exchange.xforce.ibmcloud.com/vulnerabilities/127806 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •