CVSS: 5.0EPSS: 0%CPEs: 10EXPL: 0CVE-2008-4693
https://notcve.org/view.php?id=CVE-2008-4693
The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 before FP2 writes sensitive information to the trace output, which allows attackers to obtain sensitive information by reading "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." El componente SORT/LIST SERVICES en IBM DB2 v9.1 anterior a FP6 y v9.5 anterior a FP2 escribe información sensible en la salida del trazado (trace), lo que permite a atacantes obtener información sensible mediante la lectura de "PASSWORD-RELATED CONNECTION STRING KEYWORD VALUES." • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v91/APARLIST.TXT http://secunia.com/advisories/32368 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ23915 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ28489 http://www-01.ibm.com/support/docview.wss?uid=swg27013892 http://www.vupen.com/english/advisories/2008/2893 https://exchange.xforce.ibmcloud.com/vulnerabilities/46022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.6EPSS: 0%CPEs: 25EXPL: 0CVE-2008-3855
https://notcve.org/view.php?id=CVE-2008-3855
Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a "FILE CREATION VULNERABILITY." NOTE: this may be the same as CVE-2007-5664. Vulnerabilidad no especificada en DB2 Administration Server (DAS) en el componente de la función Core DAS de IBM DB2 9.1 antes de Fixpak 5 permite a usuarios locales obtener privilegios, también conocido como "VULNERABILIDAD DE CREACIÓN DE ARCHIVO". NOTA: esto podría ser lo mismo que CVE-2007-5664. • http://secunia.com/advisories/30558 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12735 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/bid/29601 http://www.vupen.com/english/advisories/2008/1769 https://exchange.xforce.ibmcloud.com/vulnerabilities/42932 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 0CVE-2008-3857
https://notcve.org/view.php?id=CVE-2008-3857
The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump. El componente Base Service Utilities en IBM DB2 9.1 antes de Fixpak 5 conserva una contraseña en texto claro en memoria después de que la conexión a la base de datos que envía la contraseña está totalmente establecida, lo que podría permitir a usuarios locales obtener información sensible leyendo una descarga de memoria. • http://www-1.ibm.com/support/docview.wss?uid=swg1JR27422 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/bid/29601 http://www.vupen.com/english/advisories/2008/1769 https://exchange.xforce.ibmcloud.com/vulnerabilities/45139 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 4%CPEs: 16EXPL: 0CVE-2008-3853
https://notcve.org/view.php?id=CVE-2008-3853
Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2007-3676. Desbordamiento de búfer en el programa DAS server en el componente de la función Core DAS en IBM DB2 9.1 antes del Fixpak 4a permite a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída del demonio) mediante vectores no especificados. NOTA: esto podría estar relacionado con CVE-2008-0698. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/29784 http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/bid/29601 https://exchange.xforce.ibmcloud.com/vulnerabilities/45141 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 13%CPEs: 30EXPL: 0CVE-2008-3854
https://notcve.org/view.php?id=CVE-2008-3854
Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 and 9.5 before Fixpak 1 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function. Múltiples desbordamientos de búfer en la región stack de la memoria en DB2 de IBM versión 9.1 anterior a Fixpak 5 y versión 9.5 anterior a Fixpak 1, permite a atacantes remotos causar una denegación de servicio (interrupción del sistema) por medio de vectores relacionados con (1) el uso de XQuery para emitir sentencias; las sentencias (2) XMLQUERY, (3) XMLEXISTS y (4) XMLTABLE; y (5) la función sqlrlaka. • http://secunia.com/advisories/30558 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ16346 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18431 http://www-1.ibm.com/support/docview.wss?uid=swg1IZ18434 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/archive/1/496406/100/0/threaded http://www.securityfocus.com/bid/29601 http://www.vupen.com/english/advisories/2008/1769 https://exchange.xforce.ibmcloud.com/vulnerabilities/42930 https: • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •