CVE-2012-0711
https://notcve.org/view.php?id=CVE-2012-0711
Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow. Un error de entero sin signo en el proceso db2dasrrm del servidor de administración de DB2 (DAS) en IBM DB2 v9.1 hasta FP11, v9.5 antes de vFP9, y v9.7 hasta FP5 para UNIX permite a atacantes remotos ejecutar código de su elección a través de una solicitud modificada a mano que ocasiona un desbordamiento del búfer basado en memoria dinámica. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC80561 http://www-01.ibm.com/support/docview.wss?uid=swg1IC80728 http://www-01.ibm.com/support/docview.wss?uid=swg1IC80729 http://www-01.ibm.com/support/docview.wss?uid=swg21588093 http://www.securityfocus.com/bid/77826 https://exchange.xforce.ibmcloud.com/vulnerabilities/73495 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14842 • CWE-189: Numeric Errors •
CVE-2012-1796
https://notcve.org/view.php?id=CVE-2012-1796
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors. Vulnerabilidad no especificada en IBM Tivoli Monitoring Agent (ITMA), tal como se utiliza en IBM DB2 9.5 antes de FP9 en UNIX, permite a usuarios locales conseguir privilegios a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC79970 http://www-01.ibm.com/support/docview.wss?uid=swg21586193 https://exchange.xforce.ibmcloud.com/vulnerabilities/74325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14526 •
CVE-2012-0709
https://notcve.org/view.php?id=CVE-2012-0709
IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not properly check variables, which allows remote authenticated users to bypass intended restrictions on viewing table data by leveraging the CREATEIN privilege to execute crafted SQL CREATE VARIABLE statements. IBM DB2 v9.5 anteriores a vFP9, v9.7 hasta vFP5, y v9.8 hasta vFP4 no comprueban las variables de forma adecuada, lo que permite a usuarios remotos autenticados evitar las restricciones de visionado de datos de tablas, mediante la elevación del privilegio CREATEIN al ejecutar sentencias SQL CREATE VARIABLE manipuladas. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC81387 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81390 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81836 http://www-01.ibm.com/support/docview.wss?uid=swg21588100 https://exchange.xforce.ibmcloud.com/vulnerabilities/73493 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15004 • CWE-20: Improper Input Validation •
CVE-2012-0712
https://notcve.org/view.php?id=CVE-2012-0712
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. La función de XML en IBM DB2 v9.5 antes de FP9, v9.7 hasta FP5, y v9.8 hasta FP4 permite a usuarios remotos autenticados provocar una denegación de servicio (bucle infinito) llamando a la función XMLPARSE con una expresión de cadena modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837 http://www-01.ibm.com/support/docview.wss?uid=swg21588098 https://exchange.xforce.ibmcloud.com/vulnerabilities/73496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450 • CWE-399: Resource Management Errors •
CVE-2012-0710
https://notcve.org/view.php?id=CVE-2012-0710
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. IBM DB2 9.1 antes de FP11, 9.5 antes de FP9, 9.7 antes de FP5, y 9.8 antes de FP4 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud Distributed Relational Database Architecture (DRDA) modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •