CVE-2007-1087
https://notcve.org/view.php?id=CVE-2007-1087
IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 no finaliza adecuadamente ciertas cadenas de entrada, lo cual permite a usuarios locales ejecutar código de su elección a través de variables de entorno no especificadas que disparan un desbordamiento de búfer basado en pila. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481 http://osvdb.org/40970 http://www-1.ibm.com/support/docview.wss?uid=swg21255747 http://www.attrition.org/pipermail/vim/2007-August/001765.html http://www.securityfocus.com/bid/22677 https://exchange.xforce.ibmcloud.com/vulnerabilities/32651 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-1088
https://notcve.org/view.php?id=CVE-2007-1088
Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables. Desbordamiento de búfer basado en pila en IBM DB2 8.x anterior a 8.1 FixPak 15 y 9.1 anterior a Fix Pack 2 permite a usuarios locales ejecutar código de su elección a través de una cadenas largas en variables no especificadas de entorno. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=481 http://osvdb.org/40971 http://www-1.ibm.com/support/docview.wss?uid=swg21255747 http://www.attrition.org/pipermail/vim/2007-August/001765.html http://www.securityfocus.com/bid/22677 https://exchange.xforce.ibmcloud.com/vulnerabilities/32652 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2006-4257
https://notcve.org/view.php?id=CVE-2006-4257
IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. IBM DB2 Universal Database (UDB) anterior a 8.1 FixPak 13 permite a atacantes autenticados remotamente provocar una denegación de servicio (caída) (1) enviando el primer comando ACCSEC sin un parámetro RDBNAM durante el proceso de conexión (CONNECT), o (2) enviando paquetes SQLJRA manipulados, lo cual resulta en una referencia a nulo. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v82/APARLIST.TXT http://secunia.com/advisories/21550 http://www-1.ibm.com/support/docview.wss?uid=swg24013114 http://www.appsecinc.com/resources/alerts/db2/2006-09-05.shtml http://www.securityfocus.com/archive/1/445298/100/0/threaded http://www.securityfocus.com/archive/1/454307/100/0/threaded http://www.securityfocus.com/bid/19586 http://www.vupen.com/english/advisories/2006/3328 • CWE-399: Resource Management Errors •
CVE-2005-3569
https://notcve.org/view.php?id=CVE-2005-3569
INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. • http://secunia.com/advisories/17388 http://www-1.ibm.com/support/docview.wss?uid=swg27005891&aid=3#wq213 http://www.osvdb.org/20708 http://www.securityfocus.com/bid/15376 https://exchange.xforce.ibmcloud.com/vulnerabilities/23089 •
CVE-2005-3568
https://notcve.org/view.php?id=CVE-2005-3568
db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." • http://secunia.com/advisories/17388 http://www-1.ibm.com/support/docview.wss?uid=swg1IO00737 http://www.osvdb.org/20707 http://www.securityfocus.com/bid/15376 https://exchange.xforce.ibmcloud.com/vulnerabilities/23088 •