CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0CVE-2009-4335
https://notcve.org/view.php?id=CVE-2009-4335
Multiple unspecified vulnerabilities in bundled stored procedures in the Spatial Extender component in IBM DB2 9.5 before FP5 have unknown impact and remote attack vectors, related to "remote exploits." Múltiples vulnerabilidades sin especificar en el paquete de procedimientos de almacenado en el componente Spatial Extender en IBM DB2 v9.5 anterior a FP5, tiene un impacto y vectores de ataque desconocidos. Relacionado con "exploits remotos". • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62625 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 https://exchange.xforce.ibmcloud.com/vulnerabilities/55007 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4326
https://notcve.org/view.php?id=CVE-2009-4326
The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces "repeating" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value. La función RAND scalar en el componente Common Code Infrastructure en IBM DB2 v9.5 anterior a FP5 y v9.7 anterior a FP1, cuando se usa la característica Database Partitioning Feature (DPF), provoca repetición ("repeting") en las variables de retorno, lo que podría permitir a atacantes evitar los mecanismos de protección basado en la predicción de un valor aleatorio. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 2CVE-2009-4329
https://notcve.org/view.php?id=CVE-2009-4329
Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (segmentation fault) by modifying the db2ra data stream sent in a request from the Load Utility. Vulnerabilidad sin especificar en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5, permite a usuarios autenticados remotamente provocar una denegación de servicio (fallo de segmentación) mediante la modificación de la cadena db2ra enviada en una petición desde la Utilidad de Carga (Load Utility). • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ52083 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2009-4333
https://notcve.org/view.php?id=CVE-2009-4333
The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. El componente Relational Data Services en IBM DB2 v9.5 anterior a FP5, permite a atacantes obtener el argumento "password" (contraseña) desde la declaración SET ENCRYPTION PASSWORD a través de ventores que involucran el comando GET SNAPSHOT FOR DYNAMIC SQL. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 0CVE-2009-4330
https://notcve.org/view.php?id=CVE-2009-4330
Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors. Vulnerabilidad sin especificar en db2licm en el componente Engine Utilities en IBM DB2 v9.5 anterior a FP5 tiene un impacto y vectores de ataque desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62501 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 •