CVE-2009-1239
https://notcve.org/view.php?id=CVE-2009-1239
IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query. IBM DB2 v9.1 anteriores a FP7 devuelve resultados incorrectos en ciertas situaciones relacionadas con la orden de aplicación de una identificación INNER JOIN y una identificación OUTER JOIN, lo que permitiría a atacantes conseguir información sensible a través de una petición manipulada. • http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886 http://www-01.ibm.com/support/docview.wss?uid=swg21381257 http://www.vupen.com/english/advisories/2009/0912 https://exchange.xforce.ibmcloud.com/vulnerabilities/49864 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4692
https://notcve.org/view.php?id=CVE-2008-4692
The Native Managed Provider for .NET component in IBM DB2 8 before FP17, 9.1 before FP6, and 9.5 before FP2, when a definer cannot maintain objects, preserves views and triggers without marking them inoperative or dropping them, which has unknown impact and attack vectors. El componete Native Managed Provider para .NET en IBM DB2 v8 anterior a FP17, v9.1 anteior a FP6, y v9.5 anterior a FP2, cuando un "definer" no puede mantener objetos, conserva las vistas (Views) y los disparadores (triggers) sin señalarlos como desactivados/no operativos para su ejecución, lo que tiene un impacto y vectores de ataque desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/31787 http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22287 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22306 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22307 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 https://exchange.xforce.ibmcloud •
CVE-2008-4693
https://notcve.org/view.php?id=CVE-2008-4693
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." El componente SORT/LIST SERVICES en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP2 escribe información sensible en la salida del trazado (trace), lo que permite a atacantes obtener información sensible mediante la lectura de "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 https://exchange.xforce.ibmcloud.com/vulnerabilities/46022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4691
https://notcve.org/view.php?id=CVE-2008-4691
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. Vulnerabilidad sin especificar en la función SQLNLS_UNPADDEDCHARLEN en el componente New Compiler (también conocido como Starburst derived compiler) en el servidor en IBM DB2 v9.1 anterior a FP6, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación y "trap" -trampa-) a través de vectores desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 •
CVE-2008-3959
https://notcve.org/view.php?id=CVE-2008-3959
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. IBM DB2 UDB 8.1 anterior FixPak 16, y v8.2 anterior al FixPak 9, permite a atacantes remotos provocar una denegación de servicio (caída de instancia) a través de un flujo de datos CONNECT/ATTACH manipulado que simula una petición cliente connect/attach V7. • http://secunia.com/advisories/29022 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043 http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 •