CVSS: 4.0EPSS: 0%CPEs: 24EXPL: 0CVE-2012-0712
https://notcve.org/view.php?id=CVE-2012-0712
The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 allows remote authenticated users to cause a denial of service (infinite loop) by calling the XMLPARSE function with a crafted string expression. La función de XML en IBM DB2 v9.5 antes de FP9, v9.7 hasta FP5, y v9.8 hasta FP4 permite a usuarios remotos autenticados provocar una denegación de servicio (bucle infinito) llamando a la función XMLPARSE con una expresión de cadena modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC81379 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81380 http://www-01.ibm.com/support/docview.wss?uid=swg1IC81837 http://www-01.ibm.com/support/docview.wss?uid=swg21588098 https://exchange.xforce.ibmcloud.com/vulnerabilities/73496 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14450 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 7%CPEs: 38EXPL: 0CVE-2012-0710
https://notcve.org/view.php?id=CVE-2012-0710
IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 before FP4 allows remote attackers to cause a denial of service (daemon crash) via a crafted Distributed Relational Database Architecture (DRDA) request. IBM DB2 9.1 antes de FP11, 9.5 antes de FP9, 9.7 antes de FP5, y 9.8 antes de FP4 permite a atacantes remotos causar una denegación de servicio (caída de demonio) a través de una solicitud Distributed Relational Database Architecture (DRDA) modificada. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC76781 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76899 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76901 http://www-01.ibm.com/support/docview.wss?uid=swg1IC76902 http://www-01.ibm.com/support/docview.wss? • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4435
https://notcve.org/view.php?id=CVE-2011-4435
The web-server component in the Consolidation and Analysis Engine (CAE) Server in DB2 Query Monitor in IBM DB2 Tools 2.3.0 for z/OS does not prevent directory browsing, which allows remote attackers to obtain sensitive information via HTTP requests. El componente de servidor web en Consolidation and Analysis Engine (CAE) Server en DB2 Query Monitor en IBM DB2 Tools v2.3.0 para z/OS no impide la exploración de directorios, lo que permite a atacantes remotos obtener información sensible a través de peticiones HTTP. • http://secunia.com/advisories/46487 http://www.ibm.com/support/docview.wss?uid=swg1PM41190 http://www.securitytracker.com/id?1026278 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 1.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-1373
https://notcve.org/view.php?id=CVE-2011-1373
Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors. Vulnerabilidad no especificada en IBM DB2 v9.7 antes de FP5 en UNIX, cuando las características Self Tuning Memory Manager (STMM) y AUTOMATIC DATABASE_MEMORY están configuradas, permite a usuarios locales provocar una denegación de servicio (caída del demonio) a través de vectores desconocidos. • http://www-01.ibm.com/support/docview.wss?uid=swg1IC70473 https://exchange.xforce.ibmcloud.com/vulnerabilities/71043 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14720 •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 2CVE-2011-4061
https://notcve.org/view.php?id=CVE-2011-4061
Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header. Múltiples vulnerabilidades de búsqueda no confiable en (1) db2rspgn y (2) kbbacf1 en IBM DB2 Express Edition v9.7, que se utiliza en el IBM Tivoli Monitoring para bases de datos: El agente de DB2, permite a usuarios locales conseguir privilegios a través de un caballo de Troya libkbb.so en el directorio de trabajo actual, en relación con la cabecera ELF DT_RPATH. • http://securityreason.com/securityalert/8476 http://www.nth-dimension.org.uk/downloads.php?id=77 http://www.nth-dimension.org.uk/downloads.php?id=83 http://www.securityfocus.com/archive/1/518659 http://www.securityfocus.com/bid/48514 http://www.securityfocus.com/bid/51181 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14063 •