CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1980
https://notcve.org/view.php?id=CVE-2018-1980
11 Mar 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 154078. IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM... • http://www.securityfocus.com/bid/107398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2019-4015
https://notcve.org/view.php?id=CVE-2019-4015
11 Mar 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to a buffer overflow, which could allow an authenticated local attacker to execute arbitrary code on the system as root. IBM X-ForceID: 155893. IBM DB2 para Linux, UNIX y Windows, en sus versiones 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server), es vulnerable a un desbordamiento de búfer, lo que podría permitir que un atacante local autenticado ejecute código arbitrario en el sistema como root. IBM... • http://www.securityfocus.com/bid/107398 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1923
https://notcve.org/view.php?id=CVE-2018-1923
11 Mar 2019 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 152859. IBM DB2 para Linux, UNIX y WIndows (incluye DB2 Connect Server), en versiones 9.7, 10.1, 10.5 y 11.1, está afectado por una vulnerabilidad de desbordamiento de búfer que puede resultar en una ejecución de código arbitrario. IBM X-Force ID: 152859. • http://www.securityfocus.com/bid/107398 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-1897
https://notcve.org/view.php?id=CVE-2018-1897
30 Nov 2018 — IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5., and 11.1 db2pdcfg is vulnerable to a stack based buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 152462. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 db2pdcfg es vulnerable a un desbordamiento de búfer basado en pila provocado por una comprobación de límites incorrecta que podría permitir que un atacante ejecute código arbitrario. IBM X-Force ID: 152462. • http://www.ibm.com/support/docview.wss?uid=ibm10737295 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1781
https://notcve.org/view.php?id=CVE-2018-1781
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148804. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local obtenga acceso root explotando un ataque de enlace simbólico para leer/escribir/corromper un archivo a... • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1799
https://notcve.org/view.php?id=CVE-2018-1799
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local unprivileged user to overwrite files on the system which could cause damage to the database. IBM X-Force ID: 149429. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un usuario local no privilegiado sobrescriba archivos en el sistema, lo que podría provocar daños en la base de datos. IBM X-Force ID: 149429. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1780
https://notcve.org/view.php?id=CVE-2018-1780
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local db2 instance owner to obtain root access by exploiting a symbolic link attack to read/write/corrupt a file that they originally did not have permission to access. IBM X-Force ID: 148803. IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir que un propietario local de instancias db2 obtenga acceso root explotando un ataque de enlace simbólico para ... • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1834
https://notcve.org/view.php?id=CVE-2018-1834
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to escalate their privileges to root through a symbolic link attack. IBM X-Force ID: 150511. IBM DB2 para Linux, UNIX y Windows 9.7, 10.1, 10.5 y 11.1 (incluido DB2 Connect Server) contiene una vulnerabilidad que podría permitir a un usuario local escalar sus privilegios a root a través de un ataque de enlace simbólico. IBM X-Force ID: 150511. • http://www.ibm.com/support/docview.wss?uid=ibm10733939 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1802
https://notcve.org/view.php?id=CVE-2018-1802
09 Nov 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 binaries load shared libraries from an untrusted path potentially giving low privilege user full access to the DB2 instance account by loading a malicious shared library. IBM X-Force ID: 149640. En IBM DB2 para Linux, UNIX y Windows (incluido DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1, los binarios cargaban librerías compartidas de una ruta no fiable, dando a un usuario de bajos privilegios acceso total a la cuenta d... • http://www.ibm.com/support/docview.wss?uid=ibm10733122 • CWE-426: Untrusted Search Path •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2018-1711
https://notcve.org/view.php?id=CVE-2018-1711
21 Sep 2018 — IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 could allow a local user to to gain privileges due to allowing modification of columns of existing tasks. IBM X-Force ID: 146369. IBM DB2 para Linux, UNIX y Windows (incluye DB2 Connect Server) 9.7, 10.1, 10.5 y 11.1 podría permitir a un usuario local obtener privilegios debido a que se permite la modificación de columnas en tareas existentes. IBM X-Force ID: 146369. • http://www.securityfocus.com/bid/105390 • CWE-732: Incorrect Permission Assignment for Critical Resource •