CVE-2008-4693
https://notcve.org/view.php?id=CVE-2008-4693
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." El componente SORT/LIST SERVICES en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP2 escribe información sensible en la salida del trazado (trace), lo que permite a atacantes obtener información sensible mediante la lectura de "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 https://exchange.xforce.ibmcloud.com/vulnerabilities/46022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4691
https://notcve.org/view.php?id=CVE-2008-4691
Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in the New Compiler (aka Starburst derived compiler) component in the server in IBM DB2 9.1 before FP6 allows attackers to cause a denial of service (segmentation violation and trap) via unknown vectors. Vulnerabilidad sin especificar en la función SQLNLS_UNPADDEDCHARLEN en el componente New Compiler (también conocido como Starburst derived compiler) en el servidor en IBM DB2 v9.1 anterior a FP6, permite a atacantes remotos provocar una denegación de servicio (violación de segmentación y "trap" -trampa-) a través de vectores desconocidos. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1LI73364 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 •
CVE-2008-3958
https://notcve.org/view.php?id=CVE-2008-3958
IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. NOTE: this may overlap CVE-2008-3858. NOTE: this issue exists because of an incomplete fix for CVE-2008-3959. IBM DB2 UDB 8 antes del Fixpak 17 permite a atacantes remotos provocar una denegación de servicio (caída de la instancia) mediante una cadena de datos CONNECT/ATTACH manipulada que simula una petición de cliente V7 conectar/adjuntar. NOTA: esto podría superponerse con CVE-2008-3858. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT http://osvdb.org/48144 http://secunia.com/advisories/31787 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08134 http://www.securityfocus.com/bid/31058 https://exchange.xforce.ibmcloud.com/vulnerabilities/45133 •
CVE-2008-3959
https://notcve.org/view.php?id=CVE-2008-3959
IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. IBM DB2 UDB 8.1 anterior FixPak 16, y v8.2 anterior al FixPak 9, permite a atacantes remotos provocar una denegación de servicio (caída de instancia) a través de un flujo de datos CONNECT/ATTACH manipulado que simula una petición cliente connect/attach V7. • http://secunia.com/advisories/29022 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05043 http://www.appsecinc.com/resources/alerts/db2/2008-01.shtml https://exchange.xforce.ibmcloud.com/vulnerabilities/45134 •
CVE-2008-3960
https://notcve.org/view.php?id=CVE-2008-3960
Unspecified vulnerability in the JDBC Applet Server Service (aka db2jds) in IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a denial of service (service crash) via "malicious packets." Vulnerabilidad sin especificar en el JDBC Applet Server Service (también conocido como db2jds) en IBM DB2 UDB 8 anterior al fixpack 17, permite a atacantes remotos provocar una denegación de servicio (caída de servicio) a través de "paquetes maliciosos". • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT http://osvdb.org/48148 http://secunia.com/advisories/31787 http://www-01.ibm.com/support/docview.wss?uid=swg21318189 http://www-1.ibm.com/support/docview.wss?uid=swg1JR29274 http://www.securityfocus.com/bid/31058 http://www.securitytracker.com/id?1020826 https://exchange.xforce.ibmcloud.com/vulnerabilities/44984 • CWE-20: Improper Input Validation •