CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4739
https://notcve.org/view.php?id=CVE-2020-4739
20 Nov 2020 — IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 188149. IBM DB2 Accessories Suite p... • https://exchange.xforce.ibmcloud.com/vulnerabilities/188149 • CWE-426: Untrusted Search Path •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4420
https://notcve.org/view.php?id=CVE-2020-4420
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a terminate command. IBM X-Force ID: 180076. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podrían permitir a un atacante no autenticado causar una denegación de servicio debido a un bloqueo en la ejecución de un comando de finalización. IBM X-Force ID: 18... • https://exchange.xforce.ibmcloud.com/vulnerabilities/180076 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4414
https://notcve.org/view.php?id=CVE-2020-4414
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage of shared memory. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podrían permitir a u... • https://exchange.xforce.ibmcloud.com/vulnerabilities/179989 •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4387
https://notcve.org/view.php?id=CVE-2020-4387
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179269. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local obtener información confidencial usando una condición de carrera de un enlace simbólico. IBM X-Force ID: 179269 • https://exchange.xforce.ibmcloud.com/vulnerabilities/179269 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4386
https://notcve.org/view.php?id=CVE-2020-4386
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. IBM X-Force ID: 179268. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario local obtener información confidencial usando una condición de carrera de un enlace simbólico. IBM X-Force ID: 179268 • https://exchange.xforce.ibmcloud.com/vulnerabilities/179268 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.4EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4363
https://notcve.org/view.php?id=CVE-2020-4363
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 178960. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a un desbordamiento del búfer, causado por una comprobación de límites inapropiada que podría permitir a... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178960 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2020-4355
https://notcve.org/view.php?id=CVE-2020-4355
01 Jul 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by improper handling of Secure Sockets Layer (SSL) renegotiation requests. By sending specially-crafted requests, a remote attacker could exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, es vulnerable a una denegación... • https://exchange.xforce.ibmcloud.com/vulnerabilities/178507 •
CVSS: 8.4EPSS: 0%CPEs: 8EXPL: 0CVE-2020-4204
https://notcve.org/view.php?id=CVE-2020-4204
19 Feb 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 174960. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, son vulnerables a un desbordamiento del búfer, causado por una comprobación de límites inapropiada que podría permitir... • https://exchange.xforce.ibmcloud.com/vulnerabilities/174960 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-4135
https://notcve.org/view.php?id=CVE-2020-4135
19 Feb 2020 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated user to send specially crafted packets to cause a denial of service from excessive memory usage. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, 11.1 y 11.5, podría permitir a un usuario no autenticado enviar paquetes especialmente diseñados para causar una denegación de servicio debido a un uso excesivo de memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/173806 •
CVSS: 8.4EPSS: 0%CPEs: 9EXPL: 0CVE-2019-4322
https://notcve.org/view.php?id=CVE-2019-4322
01 Jul 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-Force ID: 161202. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) versiones 9.7, 10.1, 10.5, y 11.1 es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM X-Force... • http://www.securityfocus.com/bid/109002 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •