CVE-2011-0757
https://notcve.org/view.php?id=CVE-2011-0757
IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, UNIX, and Windows does not properly revoke the DBADM authority, which allows remote authenticated users to execute non-DDL statements by leveraging previous possession of this authority. IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP6a, y v9.7 anterior a FP2 en Linux, UNIX y Windows no revoca correctamente la autorización DBADM, que permite a usuarios autenticados remotamente ejecutar instrucciones no-DDL aprovechandose de la posesión anterior de esta autoridad. • http://osvdb.org/70773 http://secunia.com/advisories/43148 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66811 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66814 http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1IC66815 http://www.ibm.com/support/docview.wss?uid=swg1IC66811 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0731
https://notcve.org/view.php?id=CVE-2011-0731
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el componente DB2 Administration Server (DAS) para IBM DB2 v9.1 anterior a FP10, v9.5 anterior a FP7, y v9.7 anterior a FP3 en Linux, UNIX, y Windows permite a atacantes remotos ejecutar código a través de vectores desconocidos • http://secunia.com/advisories/43059 http://www-01.ibm.com/support/docview.wss?uid=swg1IC71203 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72028 http://www-01.ibm.com/support/docview.wss?uid=swg1IC72029 http://www.osvdb.org/70683 http://www.securityfocus.com/bid/46052 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14699 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2010-3194
https://notcve.org/view.php?id=CVE-2010-3194
The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner. El programa DB2DART en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 permite a atacantes evitar las restricciones de los ficheros de acceso previstas a través de vectores sin especificar relacionados con con la sobreescritura de ficheros propietarios por una instancia propietaria. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65749 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65756 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65762 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-3193
https://notcve.org/view.php?id=CVE-2010-3193
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el programa DB2STST en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 tienen un impacto y vactores de ataque desconocidos. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •
CVE-2010-3195
https://notcve.org/view.php?id=CVE-2010-3195
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." Vulnerabilidad sin especificar en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 en Windows Server 2008 permite a atacantes remotos provocar una denegación de servicio (trampa) a través de vectores involucrados "Grupo especial y enumeración de usuarios" ("special group and user enumeration"). • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •