CVSS: 5.0EPSS: 0%CPEs: 27EXPL: 0CVE-2010-3195
https://notcve.org/view.php?id=CVE-2010-3195
Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration." Vulnerabilidad sin especificar en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 en Windows Server 2008 permite a atacantes remotos provocar una denegación de servicio (trampa) a través de vectores involucrados "Grupo especial y enumeración de usuarios" ("special group and user enumeration"). • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66099 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66642 http://www-01.ibm.com/support/docview.wss?uid=swg1IC66643 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •
CVSS: 10.0EPSS: 0%CPEs: 26EXPL: 0CVE-2010-3193
https://notcve.org/view.php?id=CVE-2010-3193
Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors. Vulnerabilidad sin especificar en el programa DB2STST en IBM DB2 v9.1 anterior a FP9, v9.5 anterior a FP6, y v9.7 anterior a FP2 tienen un impacto y vactores de ataque desconocidos. • ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/41218 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65408 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65703 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65742 http://www-01.ibm.com/support/docview.wss?uid=swg21426108 http://www-01.ibm.com/support/docview.wss? •
CVSS: 6.5EPSS: 11%CPEs: 26EXPL: 3CVE-2010-0462 – IBM DB2 - 'REPEAT()' Local Heap Buffer Overflow
https://notcve.org/view.php?id=CVE-2010-0462
Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows remote authenticated users to have an unspecified impact via a SELECT statement that has a long column name generated with the REPEAT function. Un desbordamiento de búfer en la región heap de la memoria en DB2 de IBM versión 9.1 anterior a FP9, versión 9.5 anterior a FP6 y versión 9.7 anterior a FP2, permite a los usuarios autenticados remotos tener un impacto no especificado por medio de una declaración SELECT que presenta un nombre de columna largo generado con la función REPEAT. • https://www.exploit-db.com/exploits/33572 ftp://public.dhe.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://intevydis.blogspot.com/2010/01/ibm-db2-97-heap-overflow.html http://securitytracker.com/id?1023509 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65922 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65933 http://www-01.ibm.com/support/docview.wss?uid=swg1IC65935 http://www-01.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 19EXPL: 0CVE-2009-4438
https://notcve.org/view.php?id=CVE-2009-4438
The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a (1) sequence or (2) global-variable object, which allows remote authenticated users to make use of data via unspecified vectors. El componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.1 anteriores a FP8, v9.5 anteriores a FP5, v9.7 anteriores a FP1 no refuerza los requisitos de privilegios para acceder a (1) una secuencia o (2) objetos de variables globales, permite a usuarios autenticados remotamente usar los datos mediante vectores no especificados. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62543 http://www-01.ibm.com/support/docview.wss?uid=swg1IC62583 http://www-01.ibm.com/support/docview.wss?uid=swg1IC64852 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.0EPSS: 0%CPEs: 8EXPL: 0CVE-2009-4439
https://notcve.org/view.php?id=CVE-2009-4439
Unspecified vulnerability in the Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service (instance crash) by compiling a SQL query. Vulnerabilidad no especificada en el componente Query Compiler, Rewrite, and Optimizer en IBM DB2 v9.5 anteriores a FP5 permite a usuarios autenticados remotamente provocar una denegación de servicio (parada de la instancia) al compilar una consulta SQL. • ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT http://secunia.com/advisories/37759 http://www-01.ibm.com/support/docview.wss?uid=swg1JR31948 http://www-01.ibm.com/support/docview.wss?uid=swg21293566 http://www-01.ibm.com/support/docview.wss?uid=swg21412902 http://www.securityfocus.com/bid/37332 http://www.vupen.com/english/advisories/2009/3520 •