All the vulnerabilites related to ibm - informix_dynamic_server
Vulnerability from fkie_nvd
Published
2006-11-03 01:07
Modified
2024-11-21 00:20
Severity ?
Summary
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.
References
cve@mitre.orghttp://secunia.com/advisories/22609Patch, Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017156
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21247438Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4280
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22609Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017156
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21247438Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4280
Impacted products
Vendor Product Version
ibm informix_client_sdk 2.90
ibm informix_dynamic_server 10.00
ibm informix_i-connect 2.90


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_client_sdk:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF7C636-610B-4B06-A95A-D8C0759F83CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_i-connect:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8A3B85-A61C-4734-8DA0-F5E8AD64B592",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 utilizan permisos no seguros para los scripts de instalaci\u00f3n, que permite a los usuarios locales obtener privilegios modificando estos scripts."
    }
  ],
  "id": "CVE-2006-5663",
  "lastModified": "2024-11-21T00:20:07.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-03T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017156"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4280"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-11-03 01:07
Modified
2024-11-21 00:20
Severity ?
Summary
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.
References
cve@mitre.orghttp://secunia.com/advisories/22609Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017156
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21247438
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/4280
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22609Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017156
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21247438
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/4280
Impacted products
Vendor Product Version
ibm informix_client_sdk 2.90
ibm informix_dynamic_server 10.00
ibm informix_i-connect 2.90


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_client_sdk:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBF7C636-610B-4B06-A95A-D8C0759F83CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_i-connect:2.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D8A3B85-A61C-4734-8DA0-F5E8AD64B592",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."
    },
    {
      "lang": "es",
      "value": "El script de instalaci\u00f3n en IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, y Informix I-Connect 2.90 permite a los usuarios locales \"comprometer la seguridad\" mediante un ataque de enlaces simb\u00f3licos sobre ficheros temporales."
    }
  ],
  "id": "CVE-2006-5664",
  "lastModified": "2024-11-21T00:20:07.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-11-03T01:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22609"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017156"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/4280"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/4280"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107524391217364&w=2
cve@mitre.orghttp://secunia.com/advisories/10737Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21153336Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/3757Patch
cve@mitre.orghttp://www.securityfocus.com/bid/9511Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14967
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107524391217364&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10737Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21153336Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3757Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9511Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14967
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename."
    }
  ],
  "id": "CVE-2004-2489",
  "lastModified": "2024-11-20T23:53:28.920",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/3757"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14967"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/3757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14967"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:43
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/159941VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/159941VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local con privilegios de Informix cargue una biblioteca compartida malintencionada y obtenga privilegios de acceso root. ID de IBM X-Force: 159941."
    }
  ],
  "id": "CVE-2019-4253",
  "lastModified": "2024-11-21T04:43:22.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:11.650",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2009-09-29 21:30
Modified
2024-11-21 01:07
Severity ?
Summary
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
References
cve@mitre.orghttp://secunia.com/advisories/36853Vendor Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg1IC61195Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/36538
cve@mitre.orghttp://www.securitytracker.com/id?1022955
cve@mitre.orghttp://www.vupen.com/english/advisories/2009/2786Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/36853Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/36538
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1022955
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2009/2786Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.00.xc1
ibm informix_dynamic_server 10.00.xc2
ibm informix_dynamic_server 10.00.xc3
ibm informix_dynamic_server 10.00.xc4
ibm informix_dynamic_server 10.00.xc5
ibm informix_dynamic_server 10.00.xc6
ibm informix_dynamic_server 10.00.xc8
ibm informix_dynamic_server 10.00.xc9
ibm informix_dynamic_server 10.00.xc10
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.10.xc1
ibm informix_dynamic_server 11.10.xc2
ibm informix_dynamic_server 11.10.xc3
ibm informix_dynamic_server 11.50
ibm informix_dynamic_server 11.50.xc1
ibm informix_dynamic_server 11.50.xc2
ibm informix_dynamic_server 11.50.xc3
ibm informix_dynamic_server 11.50.xc4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "257DA554-937D-4BA1-9131-2F978C6E5E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81C5A16-B696-4A8D-AFD2-1A51B3BE4EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48562C58-0055-4394-9B40-D5730FE6A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45791C63-A04C-4990-A78D-0529C8E9CC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55991F0F-2770-4367-9850-93504D33580C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C4B48-B294-4BAF-99EE-7D2E1B024BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C0E60-9EB5-42EA-835C-B1F5234E8CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DB33A6-1D6E-476A-97E4-8EE60EA43127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "809EB926-BCB1-4EEF-B385-5C487B1F8301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "429D6E5F-E249-4EA5-B2BB-DDF3B2B20676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99EBE74-8437-4DFD-B44A-5BD06B708BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E504E6-5293-4255-9FDB-CB115A5719D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B96A8DF-88C4-499C-823B-3FB5ECDC9752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7697326E-CF54-46E3-9ECF-819F6BF53C1A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server (IDS) v10.00 anterior a v10.00.xC11, v11.10 anterior a v11.10.xC4, y v11.50 anterior a v11.50.xC5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de demonio) enviando una contrase\u00f1a larga sobre una conexi\u00f3n JDBC."
    }
  ],
  "id": "CVE-2009-3470",
  "lastModified": "2024-11-21T01:07:26.480",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-09-29T21:30:00.250",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36853"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/36538"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1022955"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/36853"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/36538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1022955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2009/2786"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
References
cve@mitre.orghttp://secunia.com/advisories/21301Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
cve@mitre.orghttp://www.osvdb.org/27685
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443149/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28122
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27685
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443149/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28122
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc7
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD626D2D-D1ED-4B44-A236-CF20F1708D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en IBMInformix Dynamic Server (IDS) anterior a 9.40.TC7 y 10.00 anterior a 10.00.TC3, cuando se ejecuta en Windows, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un nombre de usuario largo."
    }
  ],
  "evaluatorSolution": "This vulnerability is only present in a Windows environment.\r\nThis vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40.TC7 \r\nIBM, Informix IDS, 10.00.TC3",
  "id": "CVE-2006-3853",
  "lastModified": "2024-11-21T00:14:34.967",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27685"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27685"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
References
cve@mitre.orghttp://secunia.com/advisories/38731Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1023669
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg1IC55329
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg1IC55330
cve@mitre.orghttp://www.securityfocus.com/archive/1/509789/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/38471
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0508Patch, Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-10-022
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38731Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1023669
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg1IC55329
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg1IC55330
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/509789/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38471
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0508Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-022
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.tc1
ibm informix_dynamic_server 10.0.xc1
ibm informix_dynamic_server 10.0.xc2e
ibm informix_dynamic_server 10.0.xc3
ibm informix_dynamic_server 10.0.xc3e
ibm informix_dynamic_server 10.0.xc4
ibm informix_dynamic_server 10.0.xc4e
ibm informix_dynamic_server 10.0.xc5
ibm informix_dynamic_server 10.0.xc5e
ibm informix_dynamic_server 10.0.xc6
ibm informix_dynamic_server 10.0.xc6e
ibm informix_dynamic_server 10.0.xc7
ibm informix_dynamic_server 10.0.xc7e
ibm informix_dynamic_server 10.0.xc8
ibm informix_dynamic_server 10.0.xc8e
ibm informix_dynamic_server 10.0.xc9
ibm informix_dynamic_server 10.0.xc9e
ibm informix_dynamic_server 10.0.xc10
ibm informix_dynamic_server 10.0.xc10e
ibm informix_dynamic_server 11.1
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.10.xc1
ibm informix_dynamic_server 11.10.xc1de
ibm informix_dynamic_server 11.10.xc2
ibm informix_dynamic_server 11.10.xc2e
ibm informix_dynamic_server 11.10.xc3
ibm informix_dynamic_server 11.10.xc3e


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEEBB378-F57A-4420-973F-8B641700740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2380EC-4F4E-434F-9103-02BA0F8E68EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7252409-BAB0-41C5-8D82-09FDB751EB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4e:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D142F8-076C-42E4-A1C3-8DDA45605340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB0B784-F6C0-4333-91C3-F01C23C20C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F475C2E-32D9-40EF-82D5-72B827774F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6FFFAC-9FBD-44B7-9F12-53CF653F9F6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A095762C-9A12-475A-B77A-8B5DA6333AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB862D4-E158-4BDD-A35D-7CF35D42561B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7921875E-57C4-47D8-ADD5-E65980D2B24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A7699-3614-4C07-B0D0-92C05F593A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAE6B0C-7F7E-41B0-AC9D-75BED81F5878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6770AAD-CB91-49DF-9B2D-DCFB5880C833",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9e:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E7DC6E-7A0D-4FFB-8641-1F25AAFE5D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA609752-9DE0-4080-94FC-85337DA15757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10e:*:*:*:*:*:*:*",
              "matchCriteriaId": "29202E83-5F00-4200-9A36-AB06A1370E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE53870D-832F-4300-8556-9062BCC8F9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "487A81FC-FBB9-43C6-B419-4BA033054CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "429D6E5F-E249-4EA5-B2BB-DDF3B2B20676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BA02BE-9028-457F-A231-5C27BE442042",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en la funcionalidad de autenticaci\u00f3n en la biblioteca librpc.dll en el servicio Portmapper de Informix Storage Manager (ISM) (tambi\u00e9n se conoce como portmap.exe), tal como es usado en Informix Dynamic Server (IDS) de IBM versiones 10.x anteriores a 10.00.TC9 y versiones 11.x anteriores a 11.10.TC3, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un tama\u00f1o de par\u00e1metro especialmente dise\u00f1ado."
    }
  ],
  "id": "CVE-2009-2753",
  "lastModified": "2024-11-21T01:05:40.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-05T16:30:00.537",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38731"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1023669"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38471"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0508"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1023669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-01-27 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107539878804074&w=2
cve@mitre.orghttp://secunia.com/advisories/10737/
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21153336Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/3759
cve@mitre.orghttp://www.securityfocus.com/bid/9512Exploit, Patch, Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14970
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107539878804074&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10737/
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21153336Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3759
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9512Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14970
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_extended_parallel_server 8.40_uc1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8EBF74C-A519-4C0E-B885-5C036047D610",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable."
    }
  ],
  "id": "CVE-2004-2131",
  "lastModified": "2024-11-20T23:52:34.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-01-27T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107539878804074\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/10737/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3759"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9512"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14970"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107539878804074\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/10737/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3759"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/9512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14970"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-18 00:44
Modified
2024-11-21 00:43
Severity ?
Summary
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
References
cve@mitre.orghttp://secunia.com/advisories/29272Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=only
cve@mitre.orghttp://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=only
cve@mitre.orghttp://www.informixmag.com/content/view/11143/27/
cve@mitre.orghttp://www.informixmag.com/content/view/11144/27/
cve@mitre.orghttp://www.securityfocus.com/bid/28198
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0860
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41370
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29272Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=only
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=only
af854a3a-2127-422b-91ae-364da2661108http://www.informixmag.com/content/view/11143/27/
af854a3a-2127-422b-91ae-364da2661108http://www.informixmag.com/content/view/11144/27/
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28198
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0860
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41370
Impacted products
Vendor Product Version
ibm informix_dynamic_server 7.3
ibm informix_dynamic_server 7.31.xd8
ibm informix_dynamic_server 7.31.xd9
ibm informix_dynamic_server 9.3
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xd8
ibm informix_dynamic_server 9.40_xc7
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc3
ibm informix_dynamic_server 10.0.xc4
ibm informix_dynamic_server 10.00.xc7w1
ibm informix_dynamic_server 11.10.xc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9390D1EA-DB0A-40BB-BBA5-061DA17A2745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31.xd8:*:*:*:*:*:*:*",
              "matchCriteriaId": "14BA6483-76C0-4BE2-AE99-97B1AD555704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31.xd9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D9652D-4383-40EE-950F-67794F4D52C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A565470-B4A3-40FA-B691-1DB484FEC764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xd8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFD2127-16EA-49F1-9023-F22A68F4EE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40_xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3480BAB7-4D5B-44F2-8E8D-0062DD205D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1061A1A7-579D-4222-A31D-F34F8A11EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 7.x hasta 11.x permite a atacantes remotos ganar privilegios mediante paquetes de petici\u00f3n de conexi\u00f3n mal formados."
    }
  ],
  "evaluatorComment": "IBM links require software support sign in to access information.",
  "id": "CVE-2008-0949",
  "lastModified": "2024-11-21T00:43:17.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-18T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55224\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55225\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.informixmag.com/content/view/11143/27/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.informixmag.com/content/view/11144/27/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28198"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0860"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41370"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55224\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55225\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.informixmag.com/content/view/11143/27/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.informixmag.com/content/view/11144/27/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41370"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
References
cve@mitre.orghttp://secunia.com/advisories/21301
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
cve@mitre.orghttp://www.osvdb.org/27694
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443165/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28158
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27694
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443165/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28158
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 10.0.tc1
ibm informix_dynamic_server 10.0.xc1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEEBB378-F57A-4420-973F-8B641700740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable)."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en IBM Informix Dynamic Server (IDS) 9.40.TC5 hasta 9.40.xC7 y 10.00.TC1 hasta 10.00.xC3 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de la variable de entorno (envariable) SQLIDEBUG."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40 xC7 \r\nIBM, Informix IDS, 10.00 xC3",
  "id": "CVE-2006-3862",
  "lastModified": "2024-11-21T00:14:36.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27694"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-12-09 03:15
Modified
2024-11-21 07:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/251206VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7070188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/251206VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7070188Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 14.10
ibm informix_dynamic_server_on_cloud_pak_for_data *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
              "matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 12.10 y 14.10 cdr es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites incorrecta que podr\u00eda permitir que un usuario local cause un error de segmentaci\u00f3n. ID de IBM X-Force: 251206."
    }
  ],
  "id": "CVE-2023-28527",
  "lastModified": "2024-11-21T07:55:17.077",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-09T03:15:07.357",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-11-14 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624
cve@mitre.orghttp://secunia.com/advisories/27542Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC54252
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg27011082Patch
cve@mitre.orghttp://www.securityfocus.com/bid/26363
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3757
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38297
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27542Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg27011082Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26363
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3757
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38297
Impacted products
Vendor Product Version
ibm informix_dynamic_server *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D20BA745-CBA6-4429-BF60-14ED23F7591E",
              "versionEndIncluding": "10.00",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en IBM Informix Dynamic Server (IDS) versiones anteriores a  10.00.xC7W1, permite a usuarios locales alcanzar privilegios haciendo referencia a archivos de mensajes NLS modificados por medio de secuencias de salto de directorio en la variable de entorno DBLANG."
    }
  ],
  "id": "CVE-2007-5956",
  "lastModified": "2024-11-21T00:39:02.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-14T11:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27542"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/26363"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3757"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/26363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2016-03-28 23:59
Modified
2024-11-21 02:41
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
References
psirt@us.ibm.comhttp://www-01.ibm.com/support/docview.wss?uid=swg21978598Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securitytracker.com/id/1035286
psirt@us.ibm.comhttp://zerodayinitiative.com/advisories/ZDI-16-208/
psirt@us.ibm.comhttp://zerodayinitiative.com/advisories/ZDI-16-209/
psirt@us.ibm.comhttp://zerodayinitiative.com/advisories/ZDI-16-210/
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21978598Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1035286
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-16-208/
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-16-209/
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-16-210/
Impacted products
Vendor Product Version
ibm informix_dynamic_server 11.70.xcn
microsoft windows *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xcn:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32589A1-7788-4BCD-8E6B-C1D7EA75CA04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n del cliente en IBM Informix Dynamic Server 11.70.xCn en Windows no restringe adecuadamente el acceso a los archivos ejecutables (1) nsrd, (2) nsrexecd y (3) portmap, lo que permite a usuarios locales obtener privilegios a trav\u00e9s de un archivo troyano."
    }
  ],
  "id": "CVE-2016-0226",
  "lastModified": "2024-11-21T02:41:18.727",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-03-28T23:59:00.127",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1035286"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1035286"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-10-05 04:04
Modified
2024-11-21 00:18
Severity ?
Summary
IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.htmlExploit
cve@mitre.orghttp://secunia.com/advisories/22223Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1686
cve@mitre.orghttp://www.osvdb.org/29349
cve@mitre.orghttp://www.securityfocus.com/archive/1/447501/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/20300Exploit
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3883
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29297
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29300
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22223Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1686
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/29349
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/447501/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/20300Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3883
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29297
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29300
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.uc_rc1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.uc_rc1:*:trial_linux:*:*:*:*:*",
              "matchCriteriaId": "CEC25312-AE9A-4A44-8C55-EF70D3055763",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 10.UC3RC1 Trial para Linux y posiblemente otras versiones crean /tmp/installserver.txt con permisos no seguros, lo cual permite a usuarios locales a\u00f1adir informaci\u00f3n a ficheros de su elecci\u00f3n mediante un ataque de enlace simb\u00f3lico."
    }
  ],
  "id": "CVE-2006-5163",
  "lastModified": "2024-11-21T00:18:07.597",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-10-05T04:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22223"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1686"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/29349"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/447501/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20300"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3883"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29297"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22223"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/29349"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/447501/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/20300"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29300"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144434VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144434VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de base de datos obtenga privilegios de root a trav\u00e9s de una vulnerabilidad de enlace simb\u00f3lica en onsrvapd. ID de IBM X-Force: 144434."
    }
  ],
  "id": "CVE-2018-1633",
  "lastModified": "2024-11-21T04:00:06.833",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.137",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-11-14 11:46
Modified
2024-11-21 00:39
Severity ?
Summary
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
References
cve@mitre.orghttp://osvdb.org/41621
cve@mitre.orghttp://secunia.com/advisories/27542Patch
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC53588
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg27011082Patch
cve@mitre.orghttp://www.securityfocus.com/bid/26363Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3757
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/38296
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/41621
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27542Patch
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg27011082Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/26363Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3757
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/38296
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.00.tc3tl
ibm informix_dynamic_server 11.10.tb4tl


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.tc3tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD6DB2FB-517B-4450-8559-0EE38A82974D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.tb4tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B657EAB-6F3F-4123-8B03-FEB931A424B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en IBM Informix Dynamic Server (IDS) 10.00.TC3TL y 11.10.TB4TL en Windows permite a atacantes provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) mediante peticiones SQ_ONASSIST no especificadas."
    }
  ],
  "id": "CVE-2007-5957",
  "lastModified": "2024-11-21T00:39:02.423",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 4.9,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-11-14T11:46:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41621"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/27542"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26363"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3757"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38296"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/27542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/26363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3757"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38296"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144430VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144430VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8EE60439-E858-47D6-A58D-21A9C0861D40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de base de datos obtenga privilegios de root a trav\u00e9s de una vulnerabilidad de enlace simb\u00f3lica en modo. ID de IBM X-Force: 144430."
    }
  ],
  "id": "CVE-2018-1630",
  "lastModified": "2024-11-21T04:00:06.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:09.900",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144439VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144439VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439."
    },
    {
      "lang": "es",
      "value": "El desbordamiento de b\u00fafer basado en pilas en oninit en IBM Informix Dynamic Server Enterprise Edition 12.1 permite a un usuario autenticado ejecutar c\u00f3digo predefinido con privilegios ra\u00edz, como escalar a un shell ra\u00edz. ID de IBM X-Force: 144439."
    }
  ],
  "id": "CVE-2018-1635",
  "lastModified": "2024-11-21T04:00:07.087",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.290",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-08 14:15
Modified
2024-11-21 05:33
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/189460VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6343587Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/189460VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6343587Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 14.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
    },
    {
      "lang": "es",
      "value": "IBM Informix spatial versi\u00f3n 14.10, podr\u00eda permitir a un usuario local ejecutar comandos como usuario privilegiado debido a una vulnerabilidad de escritura fuera de l\u00edmites.\u0026#xa0;IBM X-Force ID: 189460"
    }
  ],
  "id": "CVE-2020-4799",
  "lastModified": "2024-11-21T05:33:16.287",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-08T14:15:12.733",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6343587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6343587"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
References
cve@mitre.orghttp://secunia.com/advisories/21301Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
cve@mitre.orghttp://www.osvdb.org/27692
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443192/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28148
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27692
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443192/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28148
Impacted products
Vendor Product Version
ibm informix_dynamic_server 7.31
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A93A4B-8AB8-4BC7-9253-8DDA9D091C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 10.00 anterior a 10.00.xC3 no utiliza permisos de creaci\u00f3n de bases de datos, lo cual permite a usuarios autenticados remotamente crear bases de datos de su elecci\u00f3n."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40 xC7 \r\nIBM, Informix IDS, 10.00 xC3",
  "id": "CVE-2006-3861",
  "lastModified": "2024-11-21T00:14:36.160",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27692"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:20
Severity ?
Summary
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.
References
cve@mitre.orghttp://secunia.com/advisories/41914Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/68707
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2735Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-10-217/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41914Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/68707
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2735Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-217/
Impacted products
Vendor Product Version
ibm informix_dynamic_server 7.31
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 9.40.xc7
ibm informix_dynamic_server 10.00
ibm informix_dynamic_server 10.00.tc3tl
ibm informix_dynamic_server 10.00.xc1
ibm informix_dynamic_server 10.00.xc2
ibm informix_dynamic_server 10.00.xc3
ibm informix_dynamic_server 10.00.xc4
ibm informix_dynamic_server 10.00.xc5
ibm informix_dynamic_server 10.00.xc6
ibm informix_dynamic_server 10.00.xc7w1
ibm informix_dynamic_server 10.00.xc8
ibm informix_dynamic_server 10.00.xc9
ibm informix_dynamic_server 10.00.xc10
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.10.tb4tl
ibm informix_dynamic_server 11.10.xc1
ibm informix_dynamic_server 11.10.xc1de
ibm informix_dynamic_server 11.10.xc2
ibm informix_dynamic_server 11.10.xc2e
ibm informix_dynamic_server 11.50
ibm informix_dynamic_server 11.50.xc1
ibm informix_dynamic_server 11.50.xc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A93A4B-8AB8-4BC7-9253-8DDA9D091C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD626D2D-D1ED-4B44-A236-CF20F1708D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.tc3tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD6DB2FB-517B-4450-8559-0EE38A82974D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "257DA554-937D-4BA1-9131-2F978C6E5E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81C5A16-B696-4A8D-AFD2-1A51B3BE4EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48562C58-0055-4394-9B40-D5730FE6A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45791C63-A04C-4990-A78D-0529C8E9CC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55991F0F-2770-4367-9850-93504D33580C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C4B48-B294-4BAF-99EE-7D2E1B024BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1061A1A7-579D-4222-A31D-F34F8A11EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C0E60-9EB5-42EA-835C-B1F5234E8CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DB33A6-1D6E-476A-97E4-8EE60EA43127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "809EB926-BCB1-4EEF-B385-5C487B1F8301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.tb4tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B657EAB-6F3F-4123-8B03-FEB931A424B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "487A81FC-FBB9-43C6-B419-4BA033054CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99EBE74-8437-4DFD-B44A-5BD06B708BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E504E6-5293-4255-9FDB-CB115A5719D0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en IBM Informix Dynamic Server (IDS) v7.x hasta la v7.31, 9.x hasta la v9.40, v10.00 anterior a v10.00.xC10, v11.10 anterior a v11.10.xC3, y v11.50 anterior a v11.50.xC3, permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un argumento clave DBINFO largo en una petici\u00f3n SQL, tambi\u00e9n conocido como idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022 y idsdb00165023.\r\n"
    }
  ],
  "id": "CVE-2010-4069",
  "lastModified": "2024-11-21T01:20:10.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-25T20:01:06.283",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41914"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/68707"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2735"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41914"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/68707"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2735"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-01-19 00:00
Modified
2024-11-21 00:41
Severity ?
Summary
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
cve@mitre.orghttp://secunia.com/advisories/28534Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg27011556
cve@mitre.orghttp://www.securityfocus.com/bid/27328
cve@mitre.orghttp://www.securitytracker.com/id?1019237
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0169Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39751
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40009
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28534Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg27011556
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27328
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019237
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0169Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40009
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.00


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples programas no especificados en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permiten a usuarios locales crear archivos arbitrarios especificando el archivo de destino en la variable de entorno SQLIDEBUG, cuya propiedad es cambiada por el usuario que invoca los programas."
    }
  ],
  "id": "CVE-2008-0369",
  "lastModified": "2024-11-21T00:41:53.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-19T00:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
References
cve@mitre.orghttp://secunia.com/advisories/21301Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
cve@mitre.orghttp://www.osvdb.org/27690
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443210/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28131
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27690
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443210/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28131
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server (IDS) anterior a 9.40.xC7 y 10.00 anterior a 10.00.xC3 permite a usuarios locales provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores no especificados."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40 xC7 \r\nIBM, Informix IDS, 10.00 xC3",
  "id": "CVE-2006-3856",
  "lastModified": "2024-11-21T00:14:35.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27690"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
References
cve@mitre.orghttp://secunia.com/advisories/10737/Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21153336
cve@mitre.orghttp://www.osvdb.org/3758
cve@mitre.orghttp://www.osvdb.org/3760
cve@mitre.orghttp://www.securityfocus.com/archive/1/351770Exploit, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/9511Patch
cve@mitre.orghttp://www.securityfocus.com/bid/9512Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14969
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14971
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10737/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21153336
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3758
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3760
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/351770Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9511Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9512Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14969
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14971
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_extended_parallel_server 8.40_uc1
ibm informix_extended_parallel_server 8.40_uc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8EBF74C-A519-4C0E-B885-5C036047D610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52EB99-7D27-4782-BBDA-35B1D1E3AF55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit."
    }
  ],
  "id": "CVE-2004-2319",
  "lastModified": "2024-11-20T23:53:03.020",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3758"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3760"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/351770"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9512"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3758"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/archive/1/351770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-03-18 00:44
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
References
cve@mitre.orghttp://secunia.com/advisories/29272Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/3749
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC55207
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC55209
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC55210
cve@mitre.orghttp://www.securityfocus.com/archive/1/489547/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/489548/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/28198
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0860
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-08-011/
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-08-012/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41202
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/41203
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/29272Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3749
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489547/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/489548/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/28198
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0860
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-011/
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-08-012/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41202
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/41203
Impacted products
Vendor Product Version
ibm informix_dynamic_server 7.3
ibm informix_dynamic_server 7.31.xd8
ibm informix_dynamic_server 7.31.xd9
ibm informix_dynamic_server 9.3
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xd8
ibm informix_dynamic_server 9.40_xc7
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc3
ibm informix_dynamic_server 10.0.xc4
ibm informix_dynamic_server 10.00.xc7w1
ibm informix_dynamic_server 11.10.xc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9390D1EA-DB0A-40BB-BBA5-061DA17A2745",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31.xd8:*:*:*:*:*:*:*",
              "matchCriteriaId": "14BA6483-76C0-4BE2-AE99-97B1AD555704",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31.xd9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3D9652D-4383-40EE-950F-67794F4D52C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A565470-B4A3-40FA-B691-1DB484FEC764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xd8:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFD2127-16EA-49F1-9023-F22A68F4EE3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40_xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3480BAB7-4D5B-44F2-8E8D-0062DD205D48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1061A1A7-579D-4222-A31D-F34F8A11EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples Desbordamientos de b\u00fafer en oninit.exe de IBM Informix Dynamic Server (IDS) de la versi\u00f3n 7.x a la 11.x, permite (1)a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una contrase\u00f1a larga (2) y usuarios autenticados remotamente, pueden ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una variable DBPATH larga."
    }
  ],
  "evaluatorComment": "All IBM links require software support sign in to view.",
  "id": "CVE-2008-0727",
  "lastModified": "2024-11-21T00:42:46.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-18T00:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29272"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3749"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489547/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489548/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/28198"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/0860"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41202"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41203"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3749"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489547/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489548/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/28198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/0860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41202"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41203"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-10-25 20:01
Modified
2024-11-21 01:20
Severity ?
Summary
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.
References
cve@mitre.orghttp://secunia.com/advisories/41915Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/68706
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2733Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-10-215/
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41915Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/68706
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2733Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-215/
Impacted products
Vendor Product Version
ibm informix_dynamic_server 7.31
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 9.40.xc7
ibm informix_dynamic_server 10.00
ibm informix_dynamic_server 10.00.tc3tl
ibm informix_dynamic_server 10.00.xc1
ibm informix_dynamic_server 10.00.xc2
ibm informix_dynamic_server 10.00.xc3
ibm informix_dynamic_server 10.00.xc4
ibm informix_dynamic_server 10.00.xc5
ibm informix_dynamic_server 10.00.xc6
ibm informix_dynamic_server 10.00.xc7w1
ibm informix_dynamic_server 10.00.xc8
ibm informix_dynamic_server 10.00.xc9
ibm informix_dynamic_server 10.00.xc10
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.10.tb4tl
ibm informix_dynamic_server 11.10.xc1
ibm informix_dynamic_server 11.10.xc1de
ibm informix_dynamic_server 11.50


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:7.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A93A4B-8AB8-4BC7-9253-8DDA9D091C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD626D2D-D1ED-4B44-A236-CF20F1708D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67D2B80-49E9-4DDA-87A3-D145B9F49D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.tc3tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD6DB2FB-517B-4450-8559-0EE38A82974D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "257DA554-937D-4BA1-9131-2F978C6E5E62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A81C5A16-B696-4A8D-AFD2-1A51B3BE4EDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48562C58-0055-4394-9B40-D5730FE6A8AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "45791C63-A04C-4990-A78D-0529C8E9CC3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "55991F0F-2770-4367-9850-93504D33580C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9C4B48-B294-4BAF-99EE-7D2E1B024BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1061A1A7-579D-4222-A31D-F34F8A11EA63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "461C0E60-9EB5-42EA-835C-B1F5234E8CF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "69DB33A6-1D6E-476A-97E4-8EE60EA43127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.00.xc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "809EB926-BCB1-4EEF-B385-5C487B1F8301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.tb4tl:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B657EAB-6F3F-4123-8B03-FEB931A424B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en librpc.dll en portmap.exe (tambi\u00e9n conocido como servicio ISM Portmapper) en ISM anteriores a v2.20.TC1.117 en IBM Informix Dynamic Server (IDS) v7.x anteriores a v7.31.xD11, v9.x anteriores a v9.40.xC10, v10.00 anteriores a v10.00.xC8, y v11.10 anteirores a v11.10.xC2, permite a los atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria din\u00e1mica) a trav\u00e9s de un tama\u00f1o\u00f1 de par\u00e1metro manipulado, tambi\u00e9n conocido como idsdb00146931, idsdb00146930, idsdb00146929, y idsdb00138308."
    }
  ],
  "id": "CVE-2010-4070",
  "lastModified": "2024-11-21T01:20:10.243",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-25T20:01:06.330",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/68706"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2733"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/68706"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2733"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-10-23 20:39
Modified
2024-11-21 01:20
Severity ?
Summary
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243.
References
cve@mitre.orghttp://secunia.com/advisories/41913Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/68705
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/2734Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-10-216/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/62619
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41913Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/68705
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2734Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-216/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/62619
Impacted products
Vendor Product Version
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.50


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en una funci\u00f3n no especificada en oninit.exe en IBM Informix Dynamic Server (IDS) v11.10 anteriores a v11.10.xC2W2 y v11.50 anteriores a v11.50.xC1 permite a usuarios remotos autenticadaos a ejecutar c\u00f3digo arbitrario a trav\u00e9s de una directiva EXLAIN manipulada, tambi\u00e9n conocido como idsb00154125 e idsdb00154243."
    }
  ],
  "id": "CVE-2010-4053",
  "lastModified": "2024-11-21T01:20:09.270",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-10-23T20:39:04.927",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41913"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/68705"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2734"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/41913"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/68705"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-12-09 03:15
Modified
2024-11-21 07:55
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/250753VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7070188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/250753VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7070188Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 14.10
ibm informix_dynamic_server_on_cloud_pak_for_data *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
              "matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.  IBM X-Force ID:  250753.\n\n"
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 12.10 y 14.10 onsmsync es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites inadecuada que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario. ID de IBM X-Force: 250753."
    }
  ],
  "id": "CVE-2023-28523",
  "lastModified": "2024-11-21T07:55:16.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-09T03:15:06.920",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-09-25 20:55
Modified
2024-11-21 01:40
Severity ?
Summary
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
References
psirt@us.ibm.comhttp://osvdb.org/85736
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg21611800Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/55668
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/78277
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/85736
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg21611800Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/55668
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/78277
Impacted products
Vendor Product Version
ibm informix_dynamic_server 11.50
ibm informix_dynamic_server 11.50.xc1
ibm informix_dynamic_server 11.50.xc2
ibm informix_dynamic_server 11.50.xc3
ibm informix_dynamic_server 11.50.xc3w1
ibm informix_dynamic_server 11.50.xc4
ibm informix_dynamic_server 11.50.xc4w1
ibm informix_dynamic_server 11.50.xc5
ibm informix_dynamic_server 11.50.xc5w2
ibm informix_dynamic_server 11.50.xc5w3
ibm informix_dynamic_server 11.50.xc5w4
ibm informix_dynamic_server 11.50.xc6
ibm informix_dynamic_server 11.50.xc6w1
ibm informix_dynamic_server 11.50.xc6w2
ibm informix_dynamic_server 11.50.xc6w3
ibm informix_dynamic_server 11.50.xc6w4
ibm informix_dynamic_server 11.50.xc7
ibm informix_dynamic_server 11.50.xc7w1
ibm informix_dynamic_server 11.50.xc7w2
ibm informix_dynamic_server 11.50.xc7w3
ibm informix_dynamic_server 11.50.xc7w4
ibm informix_dynamic_server 11.50.xc8
ibm informix_dynamic_server 11.50.xc8w1
ibm informix_dynamic_server 11.50.xc8w2
ibm informix_dynamic_server 11.50.xc8w3
ibm informix_dynamic_server 11.50.xc8w4
ibm informix_dynamic_server 11.50.xc9
ibm informix_dynamic_server 11.50.xc9w1
ibm informix_dynamic_server 11.70.xc1
ibm informix_dynamic_server 11.70.xc2
ibm informix_dynamic_server 11.70.xc3
ibm informix_dynamic_server 11.70.xc4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99EBE74-8437-4DFD-B44A-5BD06B708BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E504E6-5293-4255-9FDB-CB115A5719D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B96A8DF-88C4-499C-823B-3FB5ECDC9752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc3w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6459CE-4BEA-4ADA-AAF2-ED140BF880E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7697326E-CF54-46E3-9ECF-819F6BF53C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc4w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDD013BC-162A-4156-8A3E-B3285C065B1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "989805D1-3D1E-4674-B40B-D80AFA080AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F92B2D1-DBC7-42A5-A1FD-2EFF6B1049F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EE5649-3BEC-49BD-B722-65AC5DA81553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D95C302-8026-472F-AAF5-5F33F98187EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7DEBB71-247D-4332-A26E-B80C682990AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7840F16-5220-445A-9A88-1A5528C6C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB43922B-DF44-4559-9B7F-B607B61BFECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7432192E-1670-4E44-9371-4BF55F942E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "69CFB6FC-8283-42B0-A15E-F4C25292D4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B892A753-0372-4FF2-93A5-2C2DA8520301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B461E48-5091-450F-96DC-6B6307FC5789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B63458-D14F-481F-A7E6-8E747932B981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69017857-0599-4111-9677-0523C7D66916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC930EE-C30A-42C0-A509-9A998BAA1C4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4706C6C8-6AD1-4DD7-BCB6-09BEE92D5F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3FA0617-2DC7-44E2-B003-829B1546F4DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "302A7AD5-1A25-4E6D-B0E2-79610C2A97A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2573AA0-A344-4626-AFDC-25044A79B39A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76009801-0BF8-49D2-B079-3516B8FBA873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED56177C-C2B6-47C6-B34B-C419735E5B54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc9w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CED6499-87D6-4A54-93D8-AEEAAA4747C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A53B724-C5E1-4973-B626-D23BEF572812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34FBE0D-7537-422F-9177-17866286B28A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8A580A-6E1F-4EE0-9F8A-DC35601C02A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDE94421-0837-46B5-9013-72673B2CD8D2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en IBM Informix Dynamic Server (IDS) v11.50 antes de v11.50.xC9W2 y v11.70 antes de v11.70.xC5 permite a usuarios remotos autenticados ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos modificados en una petici\u00f3n \u0027SET COLLATION\u0027.\r\n"
    }
  ],
  "id": "CVE-2012-3334",
  "lastModified": "2024-11-21T01:40:39.720",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-09-25T20:55:01.300",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://osvdb.org/85736"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securityfocus.com/bid/55668"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/85736"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/55668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2012-12-08 15:55
Modified
2024-11-21 01:43
Severity ?
Summary
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
References
psirt@us.ibm.comhttp://www.securitytracker.com/id?1027849
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79737
psirt@us.ibm.comhttps://www.ibm.com/support/docview.wss?uid=swg21618994Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1027849
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/79737
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/docview.wss?uid=swg21618994Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 11.50
ibm informix_dynamic_server 11.50.xc1
ibm informix_dynamic_server 11.50.xc2
ibm informix_dynamic_server 11.50.xc3
ibm informix_dynamic_server 11.50.xc3w1
ibm informix_dynamic_server 11.50.xc4
ibm informix_dynamic_server 11.50.xc4w1
ibm informix_dynamic_server 11.50.xc5
ibm informix_dynamic_server 11.50.xc5w2
ibm informix_dynamic_server 11.50.xc5w3
ibm informix_dynamic_server 11.50.xc5w4
ibm informix_dynamic_server 11.50.xc6
ibm informix_dynamic_server 11.50.xc6w1
ibm informix_dynamic_server 11.50.xc6w2
ibm informix_dynamic_server 11.50.xc6w3
ibm informix_dynamic_server 11.50.xc6w4
ibm informix_dynamic_server 11.50.xc7
ibm informix_dynamic_server 11.50.xc7w1
ibm informix_dynamic_server 11.50.xc7w2
ibm informix_dynamic_server 11.50.xc7w3
ibm informix_dynamic_server 11.50.xc7w4
ibm informix_dynamic_server 11.50.xc8
ibm informix_dynamic_server 11.50.xc8w1
ibm informix_dynamic_server 11.50.xc8w2
ibm informix_dynamic_server 11.50.xc8w3
ibm informix_dynamic_server 11.50.xc8w4
ibm informix_dynamic_server 11.50.xc9
ibm informix_dynamic_server 11.70.xc1
ibm informix_dynamic_server 11.70.xc2
ibm informix_dynamic_server 11.70.xc3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99EBE74-8437-4DFD-B44A-5BD06B708BA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1E504E6-5293-4255-9FDB-CB115A5719D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B96A8DF-88C4-499C-823B-3FB5ECDC9752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc3w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6459CE-4BEA-4ADA-AAF2-ED140BF880E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7697326E-CF54-46E3-9ECF-819F6BF53C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc4w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDD013BC-162A-4156-8A3E-B3285C065B1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "989805D1-3D1E-4674-B40B-D80AFA080AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F92B2D1-DBC7-42A5-A1FD-2EFF6B1049F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EE5649-3BEC-49BD-B722-65AC5DA81553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc5w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D95C302-8026-472F-AAF5-5F33F98187EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7DEBB71-247D-4332-A26E-B80C682990AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7840F16-5220-445A-9A88-1A5528C6C9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB43922B-DF44-4559-9B7F-B607B61BFECF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7432192E-1670-4E44-9371-4BF55F942E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc6w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "69CFB6FC-8283-42B0-A15E-F4C25292D4B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "B892A753-0372-4FF2-93A5-2C2DA8520301",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B461E48-5091-450F-96DC-6B6307FC5789",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12B63458-D14F-481F-A7E6-8E747932B981",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "69017857-0599-4111-9677-0523C7D66916",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc7w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC930EE-C30A-42C0-A509-9A998BAA1C4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4706C6C8-6AD1-4DD7-BCB6-09BEE92D5F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3FA0617-2DC7-44E2-B003-829B1546F4DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w2:*:*:*:*:*:*:*",
              "matchCriteriaId": "302A7AD5-1A25-4E6D-B0E2-79610C2A97A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2573AA0-A344-4626-AFDC-25044A79B39A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc8w4:*:*:*:*:*:*:*",
              "matchCriteriaId": "76009801-0BF8-49D2-B079-3516B8FBA873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED56177C-C2B6-47C6-B34B-C419735E5B54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A53B724-C5E1-4973-B626-D23BEF572812",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34FBE0D-7537-422F-9177-17866286B28A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.70.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD8A580A-6E1F-4EE0-9F8A-DC35601C02A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer en IBM Informix v11.50 hasta v11.50.xC9W2 y v11.70 anterior a v11.70.xC7, permite a atacantes remotos autenticados ejecutar c\u00f3digo arbitrario mediante una sentencia SQL especialmente dise\u00f1ada."
    }
  ],
  "id": "CVE-2012-4857",
  "lastModified": "2024-11-21T01:43:37.300",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-12-08T15:55:01.163",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id?1027849"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027849"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2023-12-09 03:15
Modified
2024-11-21 07:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/251204VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/7070188Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/251204VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/7070188Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 14.10
ibm informix_dynamic_server_on_cloud_pak_for_data *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:-:*:*:-:*:*:*",
              "matchCriteriaId": "0DF4C5FA-F078-4F65-AE4A-3F6DECE5B61A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server_on_cloud_pak_for_data:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43736FA-724E-4A8B-95FC-24DC4A94476D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.  IBM X-Force ID:  251204.\n\n"
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 12.10 y 14.10 archecker es vulnerable a un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, causado por una verificaci\u00f3n de los l\u00edmites incorrecta que podr\u00eda permitir que un usuario local cause un error de segmentaci\u00f3n. ID de IBM X-Force: 251204."
    }
  ],
  "id": "CVE-2023-28526",
  "lastModified": "2024-11-21T07:55:16.943",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-09T03:15:07.150",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/7070188"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        }
      ],
      "source": "psirt@us.ibm.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144441VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144441VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441."
    },
    {
      "lang": "es",
      "value": "El desbordamiento de b\u00fafer basado en pilas en oninit en IBM Informix Dynamic Server Enterprise Edition 12.1 permite a un usuario autenticado ejecutar c\u00f3digo predefinido con privilegios ra\u00edz, como escalar a un shell ra\u00edz. ID de IBM X-Force: 144441."
    }
  ],
  "id": "CVE-2018-1636",
  "lastModified": "2024-11-21T04:00:07.220",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.353",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-01-19 00:00
Modified
2024-11-21 00:41
Severity ?
Summary
onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.
References
cve@mitre.orghttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651
cve@mitre.orghttp://secunia.com/advisories/28534Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg1IC54307
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg27011556
cve@mitre.orghttp://www.securityfocus.com/bid/27328
cve@mitre.orghttp://www.securitytracker.com/id?1019237
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0169Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/39751
af854a3a-2127-422b-91ae-364da2661108http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28534Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg27011556
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27328
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019237
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0169Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/39751
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument."
    },
    {
      "lang": "es",
      "value": "onedcu en IBM Informix Dynamic Server (IDS) versiones 10.x anteriores a 10.00.xC8, permite a usuarios locales crear archivos arbitrarios por medio del argumento de archivo Trace."
    }
  ],
  "id": "CVE-2008-0368",
  "lastModified": "2024-11-21T00:41:52.777",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-01-19T00:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/28534"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27328"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1019237"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2010-03-05 16:30
Modified
2024-11-21 01:05
Severity ?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
References
cve@mitre.orghttp://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834
cve@mitre.orghttp://secunia.com/advisories/38731Vendor Advisory
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg1IC55329
cve@mitre.orghttp://www.ibm.com/support/docview.wss?uid=swg1IC55330
cve@mitre.orghttp://www.securityfocus.com/archive/1/509793/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/38472
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0508Patch, Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2010/0509Patch, Vendor Advisory
cve@mitre.orghttp://www.zerodayinitiative.com/advisories/ZDI-10-023
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/56586
af854a3a-2127-422b-91ae-364da2661108http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38731Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg1IC55329
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg1IC55330
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/509793/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38472
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0508Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0509Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.zerodayinitiative.com/advisories/ZDI-10-023
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/56586
Impacted products
Vendor Product Version
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.tc1
ibm informix_dynamic_server 10.0.xc1
ibm informix_dynamic_server 10.0.xc2e
ibm informix_dynamic_server 10.0.xc3
ibm informix_dynamic_server 10.0.xc3e
ibm informix_dynamic_server 10.0.xc4
ibm informix_dynamic_server 10.0.xc4e
ibm informix_dynamic_server 10.0.xc5
ibm informix_dynamic_server 10.0.xc5e
ibm informix_dynamic_server 10.0.xc6
ibm informix_dynamic_server 10.0.xc6e
ibm informix_dynamic_server 10.0.xc7
ibm informix_dynamic_server 10.0.xc7e
ibm informix_dynamic_server 10.0.xc8
ibm informix_dynamic_server 10.0.xc8e
ibm informix_dynamic_server 10.0.xc9
ibm informix_dynamic_server 10.0.xc9e
ibm informix_dynamic_server 10.0.xc10
ibm informix_dynamic_server 10.0.xc10e
ibm informix_dynamic_server 11.1
ibm informix_dynamic_server 11.10
ibm informix_dynamic_server 11.10.xc1
ibm informix_dynamic_server 11.10.xc1de
ibm informix_dynamic_server 11.10.xc2
ibm informix_dynamic_server 11.10.xc2e
ibm informix_dynamic_server 11.10.xc3
ibm informix_dynamic_server 11.10.xc3e
emc legato_networker *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.tc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEEBB378-F57A-4420-973F-8B641700740A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2380EC-4F4E-434F-9103-02BA0F8E68EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7252409-BAB0-41C5-8D82-09FDB751EB3B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4:*:*:*:*:*:*:*",
              "matchCriteriaId": "795E3755-48D3-4A70-9AFB-1B3B9F3B8F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc4e:*:*:*:*:*:*:*",
              "matchCriteriaId": "97D142F8-076C-42E4-A1C3-8DDA45605340",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB0B784-F6C0-4333-91C3-F01C23C20C72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc5e:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F475C2E-32D9-40EF-82D5-72B827774F17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A6FFFAC-9FBD-44B7-9F12-53CF653F9F6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc6e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A095762C-9A12-475A-B77A-8B5DA6333AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB862D4-E158-4BDD-A35D-7CF35D42561B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc7e:*:*:*:*:*:*:*",
              "matchCriteriaId": "7921875E-57C4-47D8-ADD5-E65980D2B24C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5A7699-3614-4C07-B0D0-92C05F593A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc8e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BAE6B0C-7F7E-41B0-AC9D-75BED81F5878",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6770AAD-CB91-49DF-9B2D-DCFB5880C833",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc9e:*:*:*:*:*:*:*",
              "matchCriteriaId": "95E7DC6E-7A0D-4FFB-8641-1F25AAFE5D5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA609752-9DE0-4080-94FC-85337DA15757",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc10e:*:*:*:*:*:*:*",
              "matchCriteriaId": "29202E83-5F00-4200-9A36-AB06A1370E67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE53870D-832F-4300-8556-9062BCC8F9B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3398187-9A9C-4584-A186-01DB36C88219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC21790C-D057-4B11-8D0C-202B71B1E7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc1de:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7F320F-72E0-440C-A300-6D85AEE86DA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DE4E7-8531-43E8-AE75-178BFC4324F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc2e:*:*:*:*:*:*:*",
              "matchCriteriaId": "487A81FC-FBB9-43C6-B419-4BA033054CEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "429D6E5F-E249-4EA5-B2BB-DDF3B2B20676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.10.xc3e:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8BA02BE-9028-457F-A231-5C27BE442042",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:emc:legato_networker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78A324AC-8E82-42B9-910E-9131B2AD26B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
    },
    {
      "lang": "es",
      "value": "Error de entero sin signo en la funcionalidad de autenticaci\u00f3n en librpc.dll en Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), tal y como se utiliza en IBM Informix Dynamic Server (IDS) v10.x anteriores a la v10.00.TC9 y v11.x anteriores a v11.10.TC3 y EMC Legato NetWorker, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un par\u00e1metro manipulado en tama\u00f1o que inicia un desbordamiento de b\u00fafer basado en la pila."
    }
  ],
  "id": "CVE-2009-2754",
  "lastModified": "2024-11-21T01:05:40.263",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-03-05T16:30:00.583",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38731"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/38472"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0508"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0509"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/38472"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0508"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0509"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144431VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144431VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "8EE60439-E858-47D6-A58D-21A9C0861D40",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de base de datos obtenga privilegios ra\u00edz a trav\u00e9s de una vulnerabilidad de v\u00ednculo simb\u00f3lico en oninit mongohash. ID de IBM X-Force: 144431."
    }
  ],
  "id": "CVE-2018-1631",
  "lastModified": "2024-11-21T04:00:06.593",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:09.993",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144437VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144437VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de la base de datos obtenga privilegios de root a trav\u00e9s de una vulnerabilidad de v\u00ednculo simb\u00f3lica en infos. NOMBREDEDB.NOMBRE DE DBSERVER. ID de IBM X-Force: 144437."
    }
  ],
  "id": "CVE-2018-1634",
  "lastModified": "2024-11-21T04:00:06.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.213",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2011-02-15 01:00
Modified
2024-11-21 01:25
Severity ?
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
References
cve@mitre.orghttp://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm
cve@mitre.orghttp://secunia.com/advisories/43212Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/8078
cve@mitre.orghttp://www.securityfocus.com/archive/1/516250/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/46230
cve@mitre.orghttp://www.vupen.com/english/advisories/2011/0309Vendor Advisory
cve@mitre.orghttp://zerodayinitiative.com/advisories/ZDI-11-050/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/65209
af854a3a-2127-422b-91ae-364da2661108http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/43212Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/8078
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/516250/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/46230
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2011/0309Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://zerodayinitiative.com/advisories/ZDI-11-050/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/65209
Impacted products
Vendor Product Version
ibm informix_dynamic_server 11.50


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:11.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE122FD4-9164-4638-8E98-7670908E392B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de b\u00fafer basado en pila en en oninit en IBM Informix Dynamic Server (IDS) v11.50 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de argumentos manipulados en la opci\u00f3n de sesi\u00f3n de entorno USELASTCOMMITTED en un estado SQL SET ENVIRONMENT."
    }
  ],
  "id": "CVE-2011-1033",
  "lastModified": "2024-11-21T01:25:22.507",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-02-15T01:00:02.493",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43212"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/8078"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/46230"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0309"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/43212"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/8078"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/46230"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2011/0309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-29 13:29
Modified
2024-11-21 03:21
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22004930Patch, Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/99309Third Party Advisory, VDB Entry
psirt@us.ibm.comhttp://www.securitytracker.com/id/1038803
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/125569VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22004930Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/99309Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1038803
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/125569VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A95A4E-A509-4FDB-BF4E-88B000C93DAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 12.1 podr\u00eda permitir que un usuario autenticado provoque un desbordamiento de b\u00fafer que podr\u00eda escribir archivos grandes de fallo de aserci\u00f3n en el servidor. Si se hace un n\u00famero de veces suficiente, esto podr\u00eda utilizar grandes partes del sistema de archivos y provocar el cierre inesperado del servidor. IBM X-Force ID: 125569."
    }
  ],
  "id": "CVE-2017-1310",
  "lastModified": "2024-11-21T03:21:41.430",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-29T13:29:00.190",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004930"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99309"
    },
    {
      "source": "psirt@us.ibm.com",
      "url": "http://www.securitytracker.com/id/1038803"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22004930"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1038803"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
References
cve@mitre.orghttp://secunia.com/advisories/21301Patch, Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
cve@mitre.orghttp://www.osvdb.org/27691
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443195/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264Patch
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28132
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Patch
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27691
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443195/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28132
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 9.40.xc5
ibm informix_dynamic_server 9.40.xc7
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc1
ibm informix_dynamic_server 10.0.xc3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "21FF7CE7-A061-425B-A29B-1EC6DEDA2C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.xc7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD626D2D-D1ED-4B44-A236-CF20F1708D98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5634CF97-CBD3-4CA3-8144-2F875FDD3FA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server (IDS) anterior a 9.40.xC8 y 10.00 anterior a 10.00.xC4 almacena contrase\u00f1as en texto plano en memoria compartida, lo cual permite a usuarios locales obtener contrase\u00f1as leyendo la memoria (defectos de producto 171893, 171894, 173772)."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40 xC8\r\nIBM, Informix IDS, 10.00 xC4",
  "id": "CVE-2006-3858",
  "lastModified": "2024-11-21T00:14:35.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/27691"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/27691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2008-02-13 22:00
Modified
2024-11-21 00:42
Severity ?
Summary
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
References
cve@mitre.orghttp://secunia.com/advisories/28689Third Party Advisory
cve@mitre.orghttp://www-01.ibm.com/support/docview.wss?uid=swg21294211Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=onlyVendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=onlyVendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/27485Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.securitytracker.com/id?1019281Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2008/0317Permissions Required
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/40018Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/28689Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-01.ibm.com/support/docview.wss?uid=swg21294211Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=onlyVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=onlyVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/27485Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1019281Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2008/0317Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/40018Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
ibm informix_dynamic_server *
ibm informix_dynamic_server *
ibm informix_storage_manager -
microsoft windows -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BCF01B-A64E-4161-8E6E-F0BD0FBB3D42",
              "versionEndIncluding": "10.00.xc8",
              "versionStartIncluding": "10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8625CD11-E4A8-484C-9F35-FBCFC0D290A8",
              "versionEndIncluding": "11.10.xc2",
              "versionStartIncluding": "11.10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_storage_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5838FCA-32C4-4DB3-9B83-5BF40916CBBE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer basados en pila y en mont\u00edculo en los componentes Windows RPC para IBM Informix Storage Manager (ISM), como se utilizan en Informix Dynamic Server (IDS) 10.00.xC8 y anteriores y 11.10.xC2 y anteriores. Permiten a atacantes ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de peticiones XDR manipuladas."
    }
  ],
  "id": "CVE-2008-0768",
  "lastModified": "2024-11-21T00:42:52.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-02-13T22:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28689"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55040\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55041\u0026apar=only"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27485"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1019281"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0317"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/28689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55040\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55041\u0026apar=only"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/27485"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1019281"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2008/0317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:53
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=107524391217364&w=2
cve@mitre.orghttp://secunia.com/advisories/10737Vendor Advisory
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21153336Vendor Advisory
cve@mitre.orghttp://www.osvdb.org/3756
cve@mitre.orghttp://www.securityfocus.com/bid/9511
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14949
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=107524391217364&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10737Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21153336Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3756
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9511
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14949
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_extended_parallel_server 8.40_uc1
ibm informix_extended_parallel_server 8.40_uc2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8EBF74C-A519-4C0E-B885-5C036047D610",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_extended_parallel_server:8.40_uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52EB99-7D27-4782-BBDA-35B1D1E3AF55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable."
    }
  ],
  "id": "CVE-2004-2490",
  "lastModified": "2024-11-20T23:53:29.063",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3756"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14949"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/9511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14949"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-04-30 16:15
Modified
2024-11-21 05:46
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
References
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/198366VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://www.ibm.com/support/pages/node/6448568Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/198366VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ibm.com/support/pages/node/6448568Patch, Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 14.10
hp hp-ux -
ibm aix -
linux linux_kernel -
microsoft windows -
oracle solaris -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:14.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "B33D65F4-09CB-4C6C-8D0D-D9EA513F4E07",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hp:hp-ux:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F480AA32-841A-4E68-9343-B2E7548B0A0C",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:ibm:aix:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E492C463-D76E-49B7-A4D4-3B499E422D89",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:-:*:*:*:*:*:-:*",
              "matchCriteriaId": "F5027746-8216-452D-83C5-2F8E9546F2A5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server versi\u00f3n 14.10, es vulnerable a un desbordamiento del b\u00fafer en la regi\u00f3n stack de la memoria, causado por una comprobaci\u00f3n de l\u00edmites inapropiada.\u0026#xa0;Un usuario privilegiado local podr\u00eda desbordar un b\u00fafer y ejecutar c\u00f3digo arbitrario en el sistema o causar una condici\u00f3n de denegaci\u00f3n de servicio.\u0026#xa0; IBM X-Force ID: 198366."
    }
  ],
  "id": "CVE-2021-20515",
  "lastModified": "2024-11-21T05:46:42.370",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-30T16:15:07.587",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6448568"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ibm.com/support/pages/node/6448568"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/149426VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/149426VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir a un usuario local cargar bibliotecas malintencionadas y obtener privilegios ra\u00edz. ID de IBM X-Force: 149426."
    }
  ],
  "id": "CVE-2018-1796",
  "lastModified": "2024-11-21T04:00:23.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.417",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-08-08 22:04
Modified
2024-11-21 00:14
Severity ?
Summary
The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."
References
cve@mitre.orghttp://secunia.com/advisories/21301
cve@mitre.orghttp://www-1.ibm.com/support/docview.wss?uid=swg21242921Not Applicable
cve@mitre.orghttp://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfBroken Link
cve@mitre.orghttp://www.osvdb.org/27689Broken Link
cve@mitre.orghttp://www.securityfocus.com/archive/1/443133/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/443184/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19264Patch, Third Party Advisory, VDB Entry
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3077Permissions Required
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28129
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21301
af854a3a-2127-422b-91ae-364da2661108http://www-1.ibm.com/support/docview.wss?uid=swg21242921Not Applicable
af854a3a-2127-422b-91ae-364da2661108http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfBroken Link
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/27689Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443133/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/443184/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19264Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3077Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28129
Impacted products
Vendor Product Version
ibm informix_dynamic_server 9.4
ibm informix_dynamic_server 9.40.tc5
ibm informix_dynamic_server 9.40.uc1
ibm informix_dynamic_server 9.40.uc2
ibm informix_dynamic_server 9.40.uc3
ibm informix_dynamic_server 9.40.uc5
ibm informix_dynamic_server 10.0
ibm informix_dynamic_server 10.0.xc3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "58A9F81C-C618-435D-9912-0E61EAB02560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.tc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE9B0C17-2D85-4729-85EF-2F5C750BF51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D9A17-43A7-4F9E-98E0-2C465AC8BD2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E61711D-4C3E-4A6D-89A8-85B7CDD7FAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2CD7B84-2861-4542-8A08-C668065C8DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:9.40.uc5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E64D85E2-AA7E-4704-A2FA-BD69744423CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1716E256-B186-442F-8C4C-9305E0953081",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:10.0.xc3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7931542-8DB8-4BC3-A319-9352EBC62158",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka \"C code UDR.\""
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n ifx_load_internal en IBM Informix Dynamic Server (IDS) permite a usuarios remotos autenticados ejecutar c\u00f3digo C arbitrario a trav\u00e9s de la funci\u00f3n DllMain o _init en una librer\u00eda, tambi\u00e9n conocido como \"C code UDR\"."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nIBM, Informix IDS, 9.40 xC7 \r\nIBM, Informix IDS, 10.00 xC4",
  "id": "CVE-2006-3855",
  "lastModified": "2024-11-21T00:14:35.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-08-08T22:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/27689"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.osvdb.org/27689"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/19264"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3077"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-09-13 18:29
Modified
2024-11-21 03:21
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=swg22006872Vendor Advisory
psirt@us.ibm.comhttp://www.securityfocus.com/bid/100820Third Party Advisory, VDB Entry
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/129620VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=swg22006872Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/100820Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/129620VDB Entry, Vendor Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
linux linux_kernel -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "08A95A4E-A509-4FDB-BF4E-88B000C93DAC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server 12.1 podr\u00eda permitir que un usuario local inicie sesi\u00f3n con un usuario administrador de la base de datos para obtener privilegios root. IBM X-Force ID: 129620."
    }
  ],
  "id": "CVE-2017-1508",
  "lastModified": "2024-11-21T03:21:59.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-09-13T18:29:00.167",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006872"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100820"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=swg22006872"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/100820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 19:15
Modified
2024-11-21 04:00
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
References
psirt@us.ibm.comhttp://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
psirt@us.ibm.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/144432VDB Entry, Vendor Advisory
psirt@us.ibm.comhttps://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ibm.com/support/docview.wss?uid=ibm10964987Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/144432VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190903-0002/Third Party Advisory
Impacted products
Vendor Product Version
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10
ibm informix_dynamic_server 12.10


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc1:*:*:enterprise:*:*:*",
              "matchCriteriaId": "79BA4641-8E47-4A70-B93B-4170C1011F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc10:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46CA7C74-B228-46C1-8275-16F488DBDC00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc11:*:*:enterprise:*:*:*",
              "matchCriteriaId": "87F094E8-45A0-4346-9F7B-2E206947ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc12:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A34F9759-9979-452F-BBA4-F53ED357DB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc2:*:*:enterprise:*:*:*",
              "matchCriteriaId": "A3C45B9A-05EF-40D3-B945-63FEFAE24F4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc3:*:*:enterprise:*:*:*",
              "matchCriteriaId": "11D1CAF1-21AB-4DB8-895B-9215E7A563BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc4:*:*:enterprise:*:*:*",
              "matchCriteriaId": "1739EB23-B217-4A52-A7DC-10EE724CF0C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc5:*:*:enterprise:*:*:*",
              "matchCriteriaId": "DD6EBF2B-89EC-44C8-B61B-86395A088560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc6:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C37FA1C0-EFC3-4B53-A893-AB486B7DE599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc7:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B97C6E39-EB72-4BBC-BBEE-5B372BA57FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc8:*:*:enterprise:*:*:*",
              "matchCriteriaId": "F07FF49A-305D-4E9E-B52E-6F166B857126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ibm:informix_dynamic_server:12.10:fc9:*:*:enterprise:*:*:*",
              "matchCriteriaId": "2E77FCAD-A9A3-4695-A45F-D4B79067DDFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432."
    },
    {
      "lang": "es",
      "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 podr\u00eda permitir que un usuario local que haya iniciado sesi\u00f3n con el usuario administrador de base de datos obtenga privilegios ra\u00edz a trav\u00e9s de una vulnerabilidad de v\u00ednculo simb\u00f3lico en .infxdirs. ID de IBM X-Force: 144432."
    }
  ],
  "id": "CVE-2018-1632",
  "lastModified": "2024-11-21T04:00:06.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 6.0,
        "source": "psirt@us.ibm.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.7,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T19:15:10.073",
  "references": [
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
    },
    {
      "source": "psirt@us.ibm.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
    }
  ],
  "sourceIdentifier": "psirt@us.ibm.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-1508
Vulnerability from cvelistv5
Published
2017-09-13 18:00
Modified
2024-09-17 02:42
Severity ?
Summary
IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.
References
http://www.ibm.com/support/docview.wss?uid=swg22006872x_refsource_CONFIRM
http://www.securityfocus.com/bid/100820vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/129620x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.957Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22006872"
          },
          {
            "name": "100820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100820"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Servers",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2017-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-15T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22006872"
        },
        {
          "name": "100820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100820"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-09-12T00:00:00",
          "ID": "CVE-2017-1508",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Servers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22006872",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22006872"
            },
            {
              "name": "100820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/100820"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/129620"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1508",
    "datePublished": "2017-09-13T18:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-17T02:42:45.697Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1630
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 17:33
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144430vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.146Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181630-priv-escalation (144430)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/A:H/I:H/PR:H/C:H/AC:L/S:C/UI:N/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181630-priv-escalation (144430)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1630",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181630-priv-escalation (144430)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144430"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1630",
    "datePublished": "2019-08-20T18:50:22.628679Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:33:44.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2753
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-08-07 05:59
Severity ?
Summary
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
References
http://secunia.com/advisories/38731third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2010/0508vdb-entry, x_refsource_VUPEN
http://www.ibm.com/support/docview.wss?uid=swg1IC55329vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg1IC55330vendor-advisory, x_refsource_AIXAPAR
http://www.zerodayinitiative.com/advisories/ZDI-10-022x_refsource_MISC
http://securitytracker.com/id?1023669vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/archive/1/509789/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/38471vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.206Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38731",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38731"
          },
          {
            "name": "ADV-2010-0508",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0508"
          },
          {
            "name": "IC55329",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
          },
          {
            "name": "IC55330",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
          },
          {
            "name": "1023669",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1023669"
          },
          {
            "name": "20100301 ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
          },
          {
            "name": "38471",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38471"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38731",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38731"
        },
        {
          "name": "ADV-2010-0508",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0508"
        },
        {
          "name": "IC55329",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
        },
        {
          "name": "IC55330",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
        },
        {
          "name": "1023669",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1023669"
        },
        {
          "name": "20100301 ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
        },
        {
          "name": "38471",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38471"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2753",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38731",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38731"
            },
            {
              "name": "ADV-2010-0508",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0508"
            },
            {
              "name": "IC55329",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
            },
            {
              "name": "IC55330",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-022",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-022"
            },
            {
              "name": "1023669",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1023669"
            },
            {
              "name": "20100301 ZDI-10-022: IBM Informix librpc.dll Multiple Remote Code Execution Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509789/100/0/threaded"
            },
            {
              "name": "38471",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38471"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2753",
    "datePublished": "2010-03-05T16:00:00",
    "dateReserved": "2009-08-12T00:00:00",
    "dateUpdated": "2024-08-07T05:59:57.206Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5957
Vulnerability from cvelistv5
Published
2007-11-14 11:00
Modified
2024-08-07 15:47
Severity ?
Summary
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/38296vdb-entry, x_refsource_XF
http://secunia.com/advisories/27542third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/26363vdb-entry, x_refsource_BID
http://osvdb.org/41621vdb-entry, x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588vendor-advisory, x_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2007/3757vdb-entry, x_refsource_VUPEN
http://www-1.ibm.com/support/docview.wss?uid=swg27011082x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ibm-ids-sqonassist-dos(38296)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38296"
          },
          {
            "name": "27542",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27542"
          },
          {
            "name": "26363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26363"
          },
          {
            "name": "41621",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41621"
          },
          {
            "name": "IC53588",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588"
          },
          {
            "name": "ADV-2007-3757",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3757"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ibm-ids-sqonassist-dos(38296)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38296"
        },
        {
          "name": "27542",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27542"
        },
        {
          "name": "26363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26363"
        },
        {
          "name": "41621",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41621"
        },
        {
          "name": "IC53588",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588"
        },
        {
          "name": "ADV-2007-3757",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3757"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5957",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ibm-ids-sqonassist-dos(38296)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38296"
            },
            {
              "name": "27542",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27542"
            },
            {
              "name": "26363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26363"
            },
            {
              "name": "41621",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41621"
            },
            {
              "name": "IC53588",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC53588"
            },
            {
              "name": "ADV-2007-3757",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3757"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5957",
    "datePublished": "2007-11-14T11:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2131
Vulnerability from cvelistv5
Published
2005-05-27 04:00
Modified
2024-08-08 01:15
Severity ?
Summary
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
References
http://www.osvdb.org/3759vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/9512vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/14970vdb-entry, x_refsource_XF
http://secunia.com/advisories/10737/third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=107539878804074&w=2mailing-list, x_refsource_BUGTRAQ
http://www-1.ibm.com/support/docview.wss?uid=swg21153336x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:15:01.594Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3759",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3759"
          },
          {
            "name": "9512",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9512"
          },
          {
            "name": "informix-ontape-binary-bo(14970)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14970"
          },
          {
            "name": "10737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10737/"
          },
          {
            "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-ontape",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107539878804074\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3759",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3759"
        },
        {
          "name": "9512",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9512"
        },
        {
          "name": "informix-ontape-binary-bo(14970)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14970"
        },
        {
          "name": "10737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10737/"
        },
        {
          "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-ontape",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107539878804074\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2131",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3759",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3759"
            },
            {
              "name": "9512",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9512"
            },
            {
              "name": "informix-ontape-binary-bo(14970)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14970"
            },
            {
              "name": "10737",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10737/"
            },
            {
              "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-ontape",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107539878804074\u0026w=2"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2131",
    "datePublished": "2005-05-27T04:00:00",
    "dateReserved": "2005-05-27T00:00:00",
    "dateUpdated": "2024-08-08T01:15:01.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0226
Vulnerability from cvelistv5
Published
2016-03-28 23:00
Modified
2024-08-05 22:15
Severity ?
Summary
The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file.
References
http://zerodayinitiative.com/advisories/ZDI-16-210/x_refsource_MISC
http://zerodayinitiative.com/advisories/ZDI-16-209/x_refsource_MISC
http://www-01.ibm.com/support/docview.wss?uid=swg21978598x_refsource_CONFIRM
http://www.securitytracker.com/id/1035286vdb-entry, x_refsource_SECTRACK
http://zerodayinitiative.com/advisories/ZDI-16-208/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:15:23.120Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598"
          },
          {
            "name": "1035286",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1035286"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-03-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-30T18:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598"
        },
        {
          "name": "1035286",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1035286"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2016-0226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The client implementation in IBM Informix Dynamic Server 11.70.xCn on Windows does not properly restrict access to the (1) nsrd, (2) nsrexecd, and (3) portmap executable files, which allows local users to gain privileges via a Trojan horse file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-16-210/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-16-210/"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-16-209/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-16-209/"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21978598"
            },
            {
              "name": "1035286",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1035286"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-16-208/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-16-208/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2016-0226",
    "datePublished": "2016-03-28T23:00:00",
    "dateReserved": "2015-12-08T00:00:00",
    "dateUpdated": "2024-08-05T22:15:23.120Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5664
Vulnerability from cvelistv5
Published
2006-11-03 01:00
Modified
2024-08-07 19:55
Severity ?
Summary
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.
References
http://www.vupen.com/english/advisories/2006/4280vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22609third-party-advisory, x_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=swg21247438x_refsource_CONFIRM
http://securitytracker.com/id?1017156vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:54.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-4280",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4280"
          },
          {
            "name": "22609",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22609"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
          },
          {
            "name": "1017156",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-4280",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4280"
        },
        {
          "name": "22609",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22609"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
        },
        {
          "name": "1017156",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5664",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to \"compromise security\" via a symlink attack on temporary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-4280",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4280"
            },
            {
              "name": "22609",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22609"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
            },
            {
              "name": "1017156",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5664",
    "datePublished": "2006-11-03T01:00:00",
    "dateReserved": "2006-11-02T00:00:00",
    "dateUpdated": "2024-08-07T19:55:54.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4070
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-16 20:52
Severity ?
Summary
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.
References
http://www.zerodayinitiative.com/advisories/ZDI-10-215/x_refsource_MISC
http://www.osvdb.org/68706vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2010/2733vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/41915third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:36.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/"
          },
          {
            "name": "68706",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/68706"
          },
          {
            "name": "ADV-2010-2733",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2733"
          },
          {
            "name": "41915",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-10-25T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/"
        },
        {
          "name": "68706",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/68706"
        },
        {
          "name": "ADV-2010-2733",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2733"
        },
        {
          "name": "41915",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4070",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-215/"
            },
            {
              "name": "68706",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/68706"
            },
            {
              "name": "ADV-2010-2733",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2733"
            },
            {
              "name": "41915",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4070",
    "datePublished": "2010-10-25T19:00:00Z",
    "dateReserved": "2010-10-25T00:00:00Z",
    "dateUpdated": "2024-09-16T20:52:24.603Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2319
Vulnerability from cvelistv5
Published
2005-08-16 04:00
Modified
2024-08-08 01:22
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit.
References
http://www.osvdb.org/3760vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/9511vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/14969vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/9512vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/14971vdb-entry, x_refsource_XF
http://secunia.com/advisories/10737/third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/3758vdb-entry, x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?uid=swg21153336x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/351770mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:22:13.627Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "3760",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3760"
          },
          {
            "name": "9511",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9511"
          },
          {
            "name": "informix-onshowaudit-information-disclosure(14969)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
          },
          {
            "name": "9512",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9512"
          },
          {
            "name": "informix-onedcu-symlink-attack(14971)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
          },
          {
            "name": "10737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10737/"
          },
          {
            "name": "3758",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3758"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
          },
          {
            "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/351770"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "3760",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3760"
        },
        {
          "name": "9511",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9511"
        },
        {
          "name": "informix-onshowaudit-information-disclosure(14969)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
        },
        {
          "name": "9512",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9512"
        },
        {
          "name": "informix-onedcu-symlink-attack(14971)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
        },
        {
          "name": "10737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10737/"
        },
        {
          "name": "3758",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3758"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
        },
        {
          "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/351770"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2319",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "3760",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3760"
            },
            {
              "name": "9511",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9511"
            },
            {
              "name": "informix-onshowaudit-information-disclosure(14969)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14969"
            },
            {
              "name": "9512",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9512"
            },
            {
              "name": "informix-onedcu-symlink-attack(14971)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14971"
            },
            {
              "name": "10737",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10737/"
            },
            {
              "name": "3758",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3758"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
            },
            {
              "name": "20040129 ----------========== OPEN3S-2003-08-08-eng-informix-onedcu ==========----------",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/351770"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2319",
    "datePublished": "2005-08-16T04:00:00",
    "dateReserved": "2005-08-16T00:00:00",
    "dateUpdated": "2024-08-08T01:22:13.627Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0368
Vulnerability from cvelistv5
Published
2008-01-18 23:00
Modified
2024-08-07 07:39
Severity ?
Summary
onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.
References
http://www.securityfocus.com/bid/27328vdb-entry, x_refsource_BID
http://secunia.com/advisories/28534third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0169vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/39751vdb-entry, x_refsource_XF
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651third-party-advisory, x_refsource_IDEFENSE
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1019237vdb-entry, x_refsource_SECTRACK
http://www-1.ibm.com/support/docview.wss?uid=swg27011556x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.185Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27328",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27328"
          },
          {
            "name": "28534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28534"
          },
          {
            "name": "ADV-2008-0169",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0169"
          },
          {
            "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
          },
          {
            "name": "20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651"
          },
          {
            "name": "IC54307",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307"
          },
          {
            "name": "1019237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27328",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27328"
        },
        {
          "name": "28534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28534"
        },
        {
          "name": "ADV-2008-0169",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0169"
        },
        {
          "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
        },
        {
          "name": "20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651"
        },
        {
          "name": "IC54307",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307"
        },
        {
          "name": "1019237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0368",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27328",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27328"
            },
            {
              "name": "28534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28534"
            },
            {
              "name": "ADV-2008-0169",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0169"
            },
            {
              "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
            },
            {
              "name": "20080131 IBM Informix Dynamic Server onedcu File Creation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=651"
            },
            {
              "name": "IC54307",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54307"
            },
            {
              "name": "1019237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019237"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0368",
    "datePublished": "2008-01-18T23:00:00",
    "dateReserved": "2008-01-18T00:00:00",
    "dateUpdated": "2024-08-07T07:39:35.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20515
Vulnerability from cvelistv5
Published
2021-04-30 15:45
Modified
2024-09-16 18:18
Severity ?
6.7 (Medium) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.
References
https://www.ibm.com/support/pages/node/6448568x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/198366vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:45:44.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6448568"
          },
          {
            "name": "ibm-informix-cve202120515-bo (198366)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "14.1"
            }
          ]
        }
      ],
      "datePublic": "2021-04-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 5.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/S:U/PR:H/A:H/AV:L/UI:N/I:H/AC:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-30T15:45:15",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6448568"
        },
        {
          "name": "ibm-informix-cve202120515-bo (198366)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2021-04-29T00:00:00",
          "ID": "CVE-2021-20515",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6448568",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6448568 (Informix Dynamic Server)",
              "url": "https://www.ibm.com/support/pages/node/6448568"
            },
            {
              "name": "ibm-informix-cve202120515-bo (198366)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/198366"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2021-20515",
    "datePublished": "2021-04-30T15:45:15.878163Z",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-09-16T18:18:52.587Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1636
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 17:48
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144441vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.016Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181636-bo (144441)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/UI:N/S:C/PR:H/C:H/I:H/A:H/AV:L/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181636-bo (144441)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1636",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181636-bo (144441)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144441"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1636",
    "datePublished": "2019-08-20T18:50:22.967801Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T17:48:43.517Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-1310
Vulnerability from cvelistv5
Published
2017-06-29 13:00
Modified
2024-09-16 17:18
Severity ?
Summary
IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.
References
http://www.securitytracker.com/id/1038803vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/125569x_refsource_MISC
http://www.securityfocus.com/bid/99309vdb-entry, x_refsource_BID
http://www.ibm.com/support/docview.wss?uid=swg22004930x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:32:29.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1038803",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1038803"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569"
          },
          {
            "name": "99309",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99309"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg22004930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Servers",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Denial of Service",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-06T09:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "1038803",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1038803"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569"
        },
        {
          "name": "99309",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99309"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg22004930"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2017-06-27T00:00:00",
          "ID": "CVE-2017-1310",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Servers",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Denial of Service"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1038803",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1038803"
            },
            {
              "name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569",
              "refsource": "MISC",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/125569"
            },
            {
              "name": "99309",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99309"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg22004930",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg22004930"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2017-1310",
    "datePublished": "2017-06-29T13:00:00Z",
    "dateReserved": "2016-11-30T00:00:00",
    "dateUpdated": "2024-09-16T17:18:23.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1635
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 23:26
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144439vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.198Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181635-bo (144439)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/C:H/PR:H/I:H/UI:N/S:C/AC:L/A:H/AV:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181635-bo (144439)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1635",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181635-bo (144439)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144439"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1635",
    "datePublished": "2019-08-20T18:50:22.913021Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T23:26:50.037Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1796
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-17 02:52
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/149426vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:14:38.583Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181796-priv-escalation (149426)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:H/C:H/PR:L/UI:N/S:U/AC:L/AV:L/A:H/E:U/RC:C/RL:O",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-08-20T18:50:23",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181796-priv-escalation (149426)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1796",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181796-priv-escalation (149426)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/149426"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1796",
    "datePublished": "2019-08-20T18:50:23.022028Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T02:52:24.389Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1631
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-17 03:07
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144431vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.089Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181631-priv-escalation (144431)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/I:H/PR:H/C:H/AC:L/UI:N/S:C/AV:L/A:H/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181631-priv-escalation (144431)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1631",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181631-priv-escalation (144431)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144431"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1631",
    "datePublished": "2019-08-20T18:50:22.686395Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-17T03:07:51.394Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-2754
Vulnerability from cvelistv5
Published
2010-03-05 16:00
Modified
2024-08-07 05:59
Severity ?
Summary
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
References
http://secunia.com/advisories/38731third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/archive/1/509793/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2010/0508vdb-entry, x_refsource_VUPEN
http://www.ibm.com/support/docview.wss?uid=swg1IC55329vendor-advisory, x_refsource_AIXAPAR
http://www.ibm.com/support/docview.wss?uid=swg1IC55330vendor-advisory, x_refsource_AIXAPAR
http://www.zerodayinitiative.com/advisories/ZDI-10-023x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/56586vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2010/0509vdb-entry, x_refsource_VUPEN
http://knowledgebase.emc.com/emcice/login.do?sType=ax1990&sName=1204&id=emc183834x_refsource_CONFIRM
http://www.securityfocus.com/bid/38472vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:59:57.150Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38731",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38731"
          },
          {
            "name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
          },
          {
            "name": "ADV-2010-0508",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0508"
          },
          {
            "name": "IC55329",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
          },
          {
            "name": "IC55330",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
          },
          {
            "name": "ibm-ids-portmap-bo(56586)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
          },
          {
            "name": "ADV-2010-0509",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0509"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
          },
          {
            "name": "38472",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38472"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-10T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38731",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38731"
        },
        {
          "name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
        },
        {
          "name": "ADV-2010-0508",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0508"
        },
        {
          "name": "IC55329",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
        },
        {
          "name": "IC55330",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
        },
        {
          "name": "ibm-ids-portmap-bo(56586)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
        },
        {
          "name": "ADV-2010-0509",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0509"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
        },
        {
          "name": "38472",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38472"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-2754",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "38731",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38731"
            },
            {
              "name": "20100301 ZDI-10-023: Multiple Vendor librpc.dll Signedness Error Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/509793/100/0/threaded"
            },
            {
              "name": "ADV-2010-0508",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0508"
            },
            {
              "name": "IC55329",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55329"
            },
            {
              "name": "IC55330",
              "refsource": "AIXAPAR",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg1IC55330"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-023",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-023"
            },
            {
              "name": "ibm-ids-portmap-bo(56586)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56586"
            },
            {
              "name": "ADV-2010-0509",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0509"
            },
            {
              "name": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834",
              "refsource": "CONFIRM",
              "url": "http://knowledgebase.emc.com/emcice/login.do?sType=ax1990\u0026sName=1204\u0026id=emc183834"
            },
            {
              "name": "38472",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38472"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-2754",
    "datePublished": "2010-03-05T16:00:00",
    "dateReserved": "2009-08-12T00:00:00",
    "dateUpdated": "2024-08-07T05:59:57.150Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5663
Vulnerability from cvelistv5
Published
2006-11-03 01:00
Modified
2024-08-07 19:55
Severity ?
Summary
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.
References
http://www.vupen.com/english/advisories/2006/4280vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22609third-party-advisory, x_refsource_SECUNIA
http://www-1.ibm.com/support/docview.wss?uid=swg21247438x_refsource_CONFIRM
http://securitytracker.com/id?1017156vdb-entry, x_refsource_SECTRACK
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:55:53.907Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-4280",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4280"
          },
          {
            "name": "22609",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22609"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
          },
          {
            "name": "1017156",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017156"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-02-26T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2006-4280",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4280"
        },
        {
          "name": "22609",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22609"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
        },
        {
          "name": "1017156",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017156"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5663",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2006-4280",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/4280"
            },
            {
              "name": "22609",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22609"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21247438"
            },
            {
              "name": "1017156",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017156"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5663",
    "datePublished": "2006-11-03T01:00:00",
    "dateReserved": "2006-11-02T00:00:00",
    "dateUpdated": "2024-08-07T19:55:53.907Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3858
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772).
References
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443195/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/28132vdb-entry, x_refsource_XF
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
http://www.osvdb.org/27691vdb-entry, x_refsource_OSVDB
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "name": "20060814 Multiple Password Exposures Flaws",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
          },
          {
            "name": "informix-plaintext-password(28132)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "27691",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27691"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "name": "20060814 Multiple Password Exposures Flaws",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
        },
        {
          "name": "informix-plaintext-password(28132)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "27691",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27691"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before 10.00.xC4 stores passwords in plaintext in shared memory, which allows local users to obtain passwords by reading the memory (product defects 171893, 171894, 173772)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "20060814 Multiple Password Exposures Flaws",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443195/100/0/threaded"
            },
            {
              "name": "informix-plaintext-password(28132)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28132"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "27691",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27691"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3858",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4053
Vulnerability from cvelistv5
Published
2010-10-22 22:00
Modified
2024-08-07 03:34
Severity ?
Summary
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243.
References
http://www.zerodayinitiative.com/advisories/ZDI-10-216/x_refsource_MISC
http://www.vupen.com/english/advisories/2010/2734vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/68705vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/41913third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/62619vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:37.353Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
          },
          {
            "name": "ADV-2010-2734",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2734"
          },
          {
            "name": "68705",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/68705"
          },
          {
            "name": "41913",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41913"
          },
          {
            "name": "ibm-ids-oninit-bo(62619)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
        },
        {
          "name": "ADV-2010-2734",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2734"
        },
        {
          "name": "68705",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/68705"
        },
        {
          "name": "41913",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41913"
        },
        {
          "name": "ibm-ids-oninit-bo(62619)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-216/"
            },
            {
              "name": "ADV-2010-2734",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2734"
            },
            {
              "name": "68705",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/68705"
            },
            {
              "name": "41913",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41913"
            },
            {
              "name": "ibm-ids-oninit-bo(62619)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/62619"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4053",
    "datePublished": "2010-10-22T22:00:00",
    "dateReserved": "2010-10-22T00:00:00",
    "dateUpdated": "2024-08-07T03:34:37.353Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1634
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 19:30
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144437vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.166Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181634-priv-escalation (144437)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/A:H/S:C/UI:N/AC:L/I:H/C:H/PR:H/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181634-priv-escalation (144437)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1634",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181634-priv-escalation (144437)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144437"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1634",
    "datePublished": "2019-08-20T18:50:22.855344Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:30:44.772Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0949
Vulnerability from cvelistv5
Published
2008-03-18 00:00
Modified
2024-08-07 08:01
Severity ?
Summary
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
References
http://www.vupen.com/english/advisories/2008/0860vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/41370vdb-entry, x_refsource_XF
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55224&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/bid/28198vdb-entry, x_refsource_BID
http://www.informixmag.com/content/view/11144/27/x_refsource_MISC
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55225&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www.informixmag.com/content/view/11143/27/x_refsource_MISC
http://secunia.com/advisories/29272third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:01:40.113Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-0860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0860"
          },
          {
            "name": "ibm-ids-unspecified-privilege-escalation(41370)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41370"
          },
          {
            "name": "IC55224",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55224\u0026apar=only"
          },
          {
            "name": "28198",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28198"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.informixmag.com/content/view/11144/27/"
          },
          {
            "name": "IC55225",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55225\u0026apar=only"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.informixmag.com/content/view/11143/27/"
          },
          {
            "name": "29272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-0860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0860"
        },
        {
          "name": "ibm-ids-unspecified-privilege-escalation(41370)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41370"
        },
        {
          "name": "IC55224",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55224\u0026apar=only"
        },
        {
          "name": "28198",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28198"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.informixmag.com/content/view/11144/27/"
        },
        {
          "name": "IC55225",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55225\u0026apar=only"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.informixmag.com/content/view/11143/27/"
        },
        {
          "name": "29272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0949",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-0860",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0860"
            },
            {
              "name": "ibm-ids-unspecified-privilege-escalation(41370)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41370"
            },
            {
              "name": "IC55224",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55224\u0026apar=only"
            },
            {
              "name": "28198",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28198"
            },
            {
              "name": "http://www.informixmag.com/content/view/11144/27/",
              "refsource": "MISC",
              "url": "http://www.informixmag.com/content/view/11144/27/"
            },
            {
              "name": "IC55225",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55225\u0026apar=only"
            },
            {
              "name": "http://www.informixmag.com/content/view/11143/27/",
              "refsource": "MISC",
              "url": "http://www.informixmag.com/content/view/11143/27/"
            },
            {
              "name": "29272",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0949",
    "datePublished": "2008-03-18T00:00:00",
    "dateReserved": "2008-02-25T00:00:00",
    "dateUpdated": "2024-08-07T08:01:40.113Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-5163
Vulnerability from cvelistv5
Published
2006-10-03 23:00
Modified
2024-08-07 19:41
Severity ?
Summary
IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack.
References
http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.htmlmailing-list, x_refsource_FULLDISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/29300vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/20300vdb-entry, x_refsource_BID
http://www.osvdb.org/29349vdb-entry, x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/29297vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/447501/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://securityreason.com/securityalert/1686third-party-advisory, x_refsource_SREASON
http://www.vupen.com/english/advisories/2006/3883vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22223third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:41:04.241Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html"
          },
          {
            "name": "informix-install-script-weak-permissions(29300)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29300"
          },
          {
            "name": "20300",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20300"
          },
          {
            "name": "29349",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/29349"
          },
          {
            "name": "informix-installserver-symlink(29297)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29297"
          },
          {
            "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/447501/100/0/threaded"
          },
          {
            "name": "1686",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1686"
          },
          {
            "name": "ADV-2006-3883",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3883"
          },
          {
            "name": "22223",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-10-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html"
        },
        {
          "name": "informix-install-script-weak-permissions(29300)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29300"
        },
        {
          "name": "20300",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20300"
        },
        {
          "name": "29349",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/29349"
        },
        {
          "name": "informix-installserver-symlink(29297)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29297"
        },
        {
          "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/447501/100/0/threaded"
        },
        {
          "name": "1686",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1686"
        },
        {
          "name": "ADV-2006-3883",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3883"
        },
        {
          "name": "22223",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5163",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.html"
            },
            {
              "name": "informix-install-script-weak-permissions(29300)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29300"
            },
            {
              "name": "20300",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/20300"
            },
            {
              "name": "29349",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/29349"
            },
            {
              "name": "informix-installserver-symlink(29297)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29297"
            },
            {
              "name": "20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/447501/100/0/threaded"
            },
            {
              "name": "1686",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1686"
            },
            {
              "name": "ADV-2006-3883",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3883"
            },
            {
              "name": "22223",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5163",
    "datePublished": "2006-10-03T23:00:00",
    "dateReserved": "2006-10-03T00:00:00",
    "dateUpdated": "2024-08-07T19:41:04.241Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2009-3470
Vulnerability from cvelistv5
Published
2009-09-29 21:00
Modified
2024-08-07 06:31
Severity ?
Summary
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
References
http://www.securityfocus.com/bid/36538vdb-entry, x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195vendor-advisory, x_refsource_AIXAPAR
http://www.securitytracker.com/id?1022955vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/36853third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2009/2786vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:31:09.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36538",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36538"
          },
          {
            "name": "IC61195",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195"
          },
          {
            "name": "1022955",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022955"
          },
          {
            "name": "36853",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36853"
          },
          {
            "name": "ADV-2009-2786",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2786"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-10-03T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36538",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36538"
        },
        {
          "name": "IC61195",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195"
        },
        {
          "name": "1022955",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022955"
        },
        {
          "name": "36853",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36853"
        },
        {
          "name": "ADV-2009-2786",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2786"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3470",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36538",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36538"
            },
            {
              "name": "IC61195",
              "refsource": "AIXAPAR",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC61195"
            },
            {
              "name": "1022955",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1022955"
            },
            {
              "name": "36853",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36853"
            },
            {
              "name": "ADV-2009-2786",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2786"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3470",
    "datePublished": "2009-09-29T21:00:00",
    "dateReserved": "2009-09-29T00:00:00",
    "dateUpdated": "2024-08-07T06:31:09.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1632
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 18:02
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144432vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.066Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181632-priv-escalation (144432)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/UI:N/S:C/AC:L/C:H/PR:H/I:H/A:H/AV:L/RL:O/RC:C/E:U",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181632-priv-escalation (144432)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1632",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181632-priv-escalation (144432)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144432"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1632",
    "datePublished": "2019-08-20T18:50:22.739820Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T18:02:49.807Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-3334
Vulnerability from cvelistv5
Published
2012-09-25 20:00
Modified
2024-08-06 20:05
Severity ?
Summary
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/78277vdb-entry, x_refsource_XF
http://www.ibm.com/support/docview.wss?uid=swg21611800x_refsource_CONFIRM
http://osvdb.org/85736vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/bid/55668vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:05:10.861Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ids-setcollation-bo(78277)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800"
          },
          {
            "name": "85736",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/85736"
          },
          {
            "name": "55668",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/55668"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-09-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "name": "ids-setcollation-bo(78277)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800"
        },
        {
          "name": "85736",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/85736"
        },
        {
          "name": "55668",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/55668"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-3334",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ids-setcollation-bo(78277)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78277"
            },
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=swg21611800",
              "refsource": "CONFIRM",
              "url": "http://www.ibm.com/support/docview.wss?uid=swg21611800"
            },
            {
              "name": "85736",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/85736"
            },
            {
              "name": "55668",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/55668"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-3334",
    "datePublished": "2012-09-25T20:00:00",
    "dateReserved": "2012-06-07T00:00:00",
    "dateUpdated": "2024-08-06T20:05:10.861Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0727
Vulnerability from cvelistv5
Published
2008-03-18 00:00
Modified
2024-08-07 07:54
Severity ?
Summary
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
References
http://www.vupen.com/english/advisories/2008/0860vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/41203vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/28198vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/489548/100/0/threadedmailing-list, x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/41202vdb-entry, x_refsource_XF
http://www.zerodayinitiative.com/advisories/ZDI-08-012/x_refsource_MISC
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208vendor-advisory, x_refsource_AIXAPAR
http://www.zerodayinitiative.com/advisories/ZDI-08-011/x_refsource_MISC
http://www.securityfocus.com/archive/1/489547/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210vendor-advisory, x_refsource_AIXAPAR
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207vendor-advisory, x_refsource_AIXAPAR
http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/29272third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/3749third-party-advisory, x_refsource_SREASON
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:23.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-0860",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0860"
          },
          {
            "name": "ibm-informix-oninit-bo(41203)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41203"
          },
          {
            "name": "28198",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28198"
          },
          {
            "name": "20080313 ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489548/100/0/threaded"
          },
          {
            "name": "ibm-informix-oninit-dbpath-bo(41202)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41202"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/"
          },
          {
            "name": "IC55208",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/"
          },
          {
            "name": "20080313 ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489547/100/0/threaded"
          },
          {
            "name": "IC55210",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210"
          },
          {
            "name": "IC55207",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207"
          },
          {
            "name": "IC55209",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209"
          },
          {
            "name": "29272",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29272"
          },
          {
            "name": "3749",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3749"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-03-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-0860",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0860"
        },
        {
          "name": "ibm-informix-oninit-bo(41203)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41203"
        },
        {
          "name": "28198",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28198"
        },
        {
          "name": "20080313 ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489548/100/0/threaded"
        },
        {
          "name": "ibm-informix-oninit-dbpath-bo(41202)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41202"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/"
        },
        {
          "name": "IC55208",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/"
        },
        {
          "name": "20080313 ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489547/100/0/threaded"
        },
        {
          "name": "IC55210",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210"
        },
        {
          "name": "IC55207",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207"
        },
        {
          "name": "IC55209",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209"
        },
        {
          "name": "29272",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29272"
        },
        {
          "name": "3749",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3749"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0727",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-0860",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0860"
            },
            {
              "name": "ibm-informix-oninit-bo(41203)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41203"
            },
            {
              "name": "28198",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28198"
            },
            {
              "name": "20080313 ZDI-08-012: IBM Informix Dynamic Server Authentication Password Stack Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489548/100/0/threaded"
            },
            {
              "name": "ibm-informix-oninit-dbpath-bo(41202)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41202"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-012/"
            },
            {
              "name": "IC55208",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55208"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-011/"
            },
            {
              "name": "20080313 ZDI-08-011: IBM Informix Dynamic Server DBPATH Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489547/100/0/threaded"
            },
            {
              "name": "IC55210",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55210"
            },
            {
              "name": "IC55207",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55207"
            },
            {
              "name": "IC55209",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC55209"
            },
            {
              "name": "29272",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29272"
            },
            {
              "name": "3749",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3749"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0727",
    "datePublished": "2008-03-18T00:00:00",
    "dateReserved": "2008-02-11T00:00:00",
    "dateUpdated": "2024-08-07T07:54:23.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-5956
Vulnerability from cvelistv5
Published
2007-11-14 11:00
Modified
2024-08-07 15:47
Severity ?
Summary
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
References
http://secunia.com/advisories/27542third-party-advisory, x_refsource_SECUNIA
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624third-party-advisory, x_refsource_IDEFENSE
http://www.securityfocus.com/bid/26363vdb-entry, x_refsource_BID
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252vendor-advisory, x_refsource_AIXAPAR
http://www.vupen.com/english/advisories/2007/3757vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/38297vdb-entry, x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=swg27011082x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:47:00.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27542",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27542"
          },
          {
            "name": "20071109 IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
          },
          {
            "name": "26363",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/26363"
          },
          {
            "name": "IC54252",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
          },
          {
            "name": "ADV-2007-3757",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3757"
          },
          {
            "name": "ibm-ids-dblang-directory-traversal(38297)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-11-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27542",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27542"
        },
        {
          "name": "20071109 IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
        },
        {
          "name": "26363",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/26363"
        },
        {
          "name": "IC54252",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
        },
        {
          "name": "ADV-2007-3757",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3757"
        },
        {
          "name": "ibm-ids-dblang-directory-traversal(38297)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5956",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27542",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27542"
            },
            {
              "name": "20071109 IBM Informix Dynamic Server DBLANG Directory Traversal Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=624"
            },
            {
              "name": "26363",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/26363"
            },
            {
              "name": "IC54252",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54252"
            },
            {
              "name": "ADV-2007-3757",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3757"
            },
            {
              "name": "ibm-ids-dblang-directory-traversal(38297)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38297"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5956",
    "datePublished": "2007-11-14T11:00:00",
    "dateReserved": "2007-11-13T00:00:00",
    "dateUpdated": "2024-08-07T15:47:00.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3853
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username.
References
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/443149/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
http://www.osvdb.org/27685vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/28122vdb-entry, x_refsource_XF
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.060Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "20060814 Informix Long Username Buffer Overflow Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "27685",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27685"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "informix-username-bo(28122)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "20060814 Informix Long Username Buffer Overflow Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "27685",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27685"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "informix-username-bo(28122)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3853",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 and 10.00 before 10.00.TC3, when running on Windows, allows remote attackers to execute arbitrary code via a long username."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "20060814 Informix Long Username Buffer Overflow Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443149/100/0/threaded"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "27685",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27685"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "informix-username-bo(28122)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28122"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3853",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.060Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2011-1033
Vulnerability from cvelistv5
Published
2011-02-14 23:00
Modified
2024-08-06 22:14
Severity ?
Summary
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
References
http://www.vupen.com/english/advisories/2011/0309vdb-entry, x_refsource_VUPEN
http://zerodayinitiative.com/advisories/ZDI-11-050/x_refsource_MISC
http://www.securityfocus.com/bid/46230vdb-entry, x_refsource_BID
http://securityreason.com/securityalert/8078third-party-advisory, x_refsource_SREASON
http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibmx_refsource_MISC
http://secunia.com/advisories/43212third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/65209vdb-entry, x_refsource_XF
http://www.securityfocus.com/archive/1/516250/100/0/threadedmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:14:27.247Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2011-0309",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2011/0309"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
          },
          {
            "name": "46230",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/46230"
          },
          {
            "name": "8078",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/8078"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
          },
          {
            "name": "43212",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/43212"
          },
          {
            "name": "ibm-informix-dynamic-oninit-bo(65209)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
          },
          {
            "name": "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2011-0309",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2011/0309"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
        },
        {
          "name": "46230",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/46230"
        },
        {
          "name": "8078",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/8078"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
        },
        {
          "name": "43212",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/43212"
        },
        {
          "name": "ibm-informix-dynamic-oninit-bo(65209)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
        },
        {
          "name": "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2011-1033",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2011-0309",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2011/0309"
            },
            {
              "name": "http://zerodayinitiative.com/advisories/ZDI-11-050/",
              "refsource": "MISC",
              "url": "http://zerodayinitiative.com/advisories/ZDI-11-050/"
            },
            {
              "name": "46230",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/46230"
            },
            {
              "name": "8078",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/8078"
            },
            {
              "name": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm",
              "refsource": "MISC",
              "url": "http://dvlabs.tippingpoint.com/blog/2011/02/07/zdi-disclosure-ibm"
            },
            {
              "name": "43212",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/43212"
            },
            {
              "name": "ibm-informix-dynamic-oninit-bo(65209)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65209"
            },
            {
              "name": "20110207 ZDI-11-050: IBM Informix Dynamic Server SET ENVIRONMENT Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/516250/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2011-1033",
    "datePublished": "2011-02-14T23:00:00",
    "dateReserved": "2011-02-14T00:00:00",
    "dateUpdated": "2024-08-06T22:14:27.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2490
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.
References
http://www.securityfocus.com/bid/9511vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=107524391217364&w=2mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/10737third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/3756vdb-entry, x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?uid=swg21153336x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/14949vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.395Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9511",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9511"
          },
          {
            "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
          },
          {
            "name": "10737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10737"
          },
          {
            "name": "3756",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
          },
          {
            "name": "informix-ids-glpath-bo(14949)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14949"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9511",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9511"
        },
        {
          "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
        },
        {
          "name": "10737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10737"
        },
        {
          "name": "3756",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
        },
        {
          "name": "informix-ids-glpath-bo(14949)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14949"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9511",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9511"
            },
            {
              "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
            },
            {
              "name": "10737",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10737"
            },
            {
              "name": "3756",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3756"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336",
              "refsource": "MISC",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
            },
            {
              "name": "informix-ids-glpath-bo(14949)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14949"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2490",
    "datePublished": "2005-10-25T04:00:00",
    "dateReserved": "2005-10-25T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3856
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors.
References
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/27690vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/443210/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/28131vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.326Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "name": "27690",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27690"
          },
          {
            "name": "20060814 Multiple Buffer Overflow Vulnerabilities in Informix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          },
          {
            "name": "informix-unspecified-dos(28131)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "name": "27690",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27690"
        },
        {
          "name": "20060814 Multiple Buffer Overflow Vulnerabilities in Informix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        },
        {
          "name": "informix-unspecified-dos(28131)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3856",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows local users to cause a denial of service (crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "27690",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27690"
            },
            {
              "name": "20060814 Multiple Buffer Overflow Vulnerabilities in Informix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443210/100/0/threaded"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            },
            {
              "name": "informix-unspecified-dos(28131)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28131"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3856",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.326Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3855
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka "C code UDR."
References
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443184/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/28129vdb-entry, x_refsource_XF
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/27689vdb-entry, x_refsource_OSVDB
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "name": "20060814 Arbitrary Library Loading in Informix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "informix-ccodeudr-privilege-escalation(28129)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          },
          {
            "name": "27689",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27689"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka \"C code UDR.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "name": "20060814 Arbitrary Library Loading in Informix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "informix-ccodeudr-privilege-escalation(28129)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        },
        {
          "name": "27689",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27689"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3855",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ifx_load_internal function in IBM Informix Dynamic Server (IDS) allows remote authenticated users to execute arbitrary C code via the DllMain or _init function in a library, aka \"C code UDR.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "20060814 Arbitrary Library Loading in Informix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443184/100/0/threaded"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "informix-ccodeudr-privilege-escalation(28129)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28129"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            },
            {
              "name": "27689",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27689"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3855",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.321Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2012-4857
Vulnerability from cvelistv5
Published
2012-12-08 15:00
Modified
2024-08-06 20:50
Severity ?
Summary
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
References
https://www.ibm.com/support/docview.wss?uid=swg21618994x_refsource_CONFIRM
http://www.securitytracker.com/id?1027849vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/79737vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T20:50:17.428Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
          },
          {
            "name": "1027849",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1027849"
          },
          {
            "name": "informix-sql-bo(79737)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-12-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
        },
        {
          "name": "1027849",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1027849"
        },
        {
          "name": "informix-sql-bo(79737)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "ID": "CVE-2012-4857",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/docview.wss?uid=swg21618994",
              "refsource": "CONFIRM",
              "url": "https://www.ibm.com/support/docview.wss?uid=swg21618994"
            },
            {
              "name": "1027849",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1027849"
            },
            {
              "name": "informix-sql-bo(79737)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79737"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2012-4857",
    "datePublished": "2012-12-08T15:00:00",
    "dateReserved": "2012-09-06T00:00:00",
    "dateUpdated": "2024-08-06T20:50:17.428Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0768
Vulnerability from cvelistv5
Published
2008-02-13 21:00
Modified
2024-08-07 07:54
Severity ?
Summary
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
References
http://www.vupen.com/english/advisories/2008/0317vdb-entry, x_refsource_VUPEN
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55041&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www-1.ibm.com/support/search.wss?rs=0&q=IC55040&apar=onlyvendor-advisory, x_refsource_AIXAPAR
http://www.securityfocus.com/bid/27485vdb-entry, x_refsource_BID
http://www.securitytracker.com/id?1019281vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/28689third-party-advisory, x_refsource_SECUNIA
http://www-01.ibm.com/support/docview.wss?uid=swg21294211x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/40018vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:54:23.329Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2008-0317",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0317"
          },
          {
            "name": "IC55041",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55041\u0026apar=only"
          },
          {
            "name": "IC55040",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55040\u0026apar=only"
          },
          {
            "name": "27485",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27485"
          },
          {
            "name": "1019281",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019281"
          },
          {
            "name": "28689",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28689"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"
          },
          {
            "name": "ibm-ids-xdr-bo(40018)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "ADV-2008-0317",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0317"
        },
        {
          "name": "IC55041",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55041\u0026apar=only"
        },
        {
          "name": "IC55040",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55040\u0026apar=only"
        },
        {
          "name": "27485",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27485"
        },
        {
          "name": "1019281",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019281"
        },
        {
          "name": "28689",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28689"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"
        },
        {
          "name": "ibm-ids-xdr-bo(40018)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0768",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "ADV-2008-0317",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0317"
            },
            {
              "name": "IC55041",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55041\u0026apar=only"
            },
            {
              "name": "IC55040",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IC55040\u0026apar=only"
            },
            {
              "name": "27485",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27485"
            },
            {
              "name": "1019281",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019281"
            },
            {
              "name": "28689",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28689"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21294211"
            },
            {
              "name": "ibm-ids-xdr-bo(40018)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40018"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0768",
    "datePublished": "2008-02-13T21:00:00",
    "dateReserved": "2008-02-13T00:00:00",
    "dateUpdated": "2024-08-07T07:54:23.329Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1633
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 19:10
Severity ?
8.2 (High) - CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/144434vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T04:07:44.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20181633-priv-escalation (144434)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "CHANGED",
            "temporalScore": 7.1,
            "temporalSeverity": "HIGH",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/A:H/AV:L/PR:H/C:H/I:H/AC:L/S:C/UI:N/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:09",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20181633-priv-escalation (144434)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2018-1633",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "H",
              "S": "C",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20181633-priv-escalation (144434)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/144434"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2018-1633",
    "datePublished": "2019-08-20T18:50:22.800933Z",
    "dateReserved": "2017-12-13T00:00:00",
    "dateUpdated": "2024-09-16T19:10:03.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3862
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable).
References
https://exchange.xforce.ibmcloud.com/vulnerabilities/28158vdb-entry, x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.osvdb.org/27694vdb-entry, x_refsource_OSVDB
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/443165/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.234Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "informix-sqlidebug-bo(28158)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "27694",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27694"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "name": "20060814 SQLIDEBUG envariable overflow on Informix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "informix-sqlidebug-bo(28158)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "27694",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27694"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "name": "20060814 SQLIDEBUG envariable overflow on Informix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3862",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "informix-sqlidebug-bo(28158)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28158"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "27694",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27694"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "20060814 SQLIDEBUG envariable overflow on Informix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443165/100/0/threaded"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3862",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.234Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2008-0369
Vulnerability from cvelistv5
Published
2008-01-18 23:00
Modified
2024-08-07 07:39
Severity ?
Summary
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
References
http://www.securityfocus.com/bid/27328vdb-entry, x_refsource_BID
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650third-party-advisory, x_refsource_IDEFENSE
http://secunia.com/advisories/28534third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2008/0169vdb-entry, x_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilities/39751vdb-entry, x_refsource_XF
http://www.securitytracker.com/id?1019237vdb-entry, x_refsource_SECTRACK
http://www-1.ibm.com/support/docview.wss?uid=swg27011556x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/40009vdb-entry, x_refsource_XF
http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309vendor-advisory, x_refsource_AIXAPAR
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T07:39:35.232Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27328",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27328"
          },
          {
            "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
            "tags": [
              "third-party-advisory",
              "x_refsource_IDEFENSE",
              "x_transferred"
            ],
            "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
          },
          {
            "name": "28534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/28534"
          },
          {
            "name": "ADV-2008-0169",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/0169"
          },
          {
            "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
          },
          {
            "name": "1019237",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1019237"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
          },
          {
            "name": "ibm-ids-sqlidebug-unspecified(40009)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
          },
          {
            "name": "IC54309",
            "tags": [
              "vendor-advisory",
              "x_refsource_AIXAPAR",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-01-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27328",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27328"
        },
        {
          "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
          "tags": [
            "third-party-advisory",
            "x_refsource_IDEFENSE"
          ],
          "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
        },
        {
          "name": "28534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/28534"
        },
        {
          "name": "ADV-2008-0169",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/0169"
        },
        {
          "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
        },
        {
          "name": "1019237",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1019237"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
        },
        {
          "name": "ibm-ids-sqlidebug-unspecified(40009)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
        },
        {
          "name": "IC54309",
          "tags": [
            "vendor-advisory",
            "x_refsource_AIXAPAR"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-0369",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27328",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27328"
            },
            {
              "name": "20080131 IBM Informix Dynamic Server SQLIDEBUG File Creation Vulnerability",
              "refsource": "IDEFENSE",
              "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=650"
            },
            {
              "name": "28534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/28534"
            },
            {
              "name": "ADV-2008-0169",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/0169"
            },
            {
              "name": "ibm-ids-onedcu-sqlidebug-unspecified(39751)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39751"
            },
            {
              "name": "1019237",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1019237"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg27011556"
            },
            {
              "name": "ibm-ids-sqlidebug-unspecified(40009)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40009"
            },
            {
              "name": "IC54309",
              "refsource": "AIXAPAR",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC54309"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-0369",
    "datePublished": "2008-01-18T23:00:00",
    "dateReserved": "2008-01-18T00:00:00",
    "dateUpdated": "2024-08-07T07:39:35.232Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-2489
Vulnerability from cvelistv5
Published
2005-10-25 04:00
Modified
2024-08-08 01:29
Severity ?
Summary
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
References
http://www.securityfocus.com/bid/9511vdb-entry, x_refsource_BID
http://marc.info/?l=bugtraq&m=107524391217364&w=2mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/10737third-party-advisory, x_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilities/14967vdb-entry, x_refsource_XF
http://www.osvdb.org/3757vdb-entry, x_refsource_OSVDB
http://www-1.ibm.com/support/docview.wss?uid=swg21153336x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:29:13.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "9511",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9511"
          },
          {
            "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
          },
          {
            "name": "10737",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/10737"
          },
          {
            "name": "informix-informixdir-format-string(14967)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14967"
          },
          {
            "name": "3757",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3757"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "9511",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9511"
        },
        {
          "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
        },
        {
          "name": "10737",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/10737"
        },
        {
          "name": "informix-informixdir-format-string(14967)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14967"
        },
        {
          "name": "3757",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3757"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-2489",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "9511",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9511"
            },
            {
              "name": "20030314 SRT2004-01-18-0747 - IBM Informix IDS 9.4 contains multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107524391217364\u0026w=2"
            },
            {
              "name": "10737",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/10737"
            },
            {
              "name": "informix-informixdir-format-string(14967)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14967"
            },
            {
              "name": "3757",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3757"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336",
              "refsource": "MISC",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21153336"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-2489",
    "datePublished": "2005-10-25T04:00:00",
    "dateReserved": "2005-10-25T00:00:00",
    "dateUpdated": "2024-08-08T01:29:13.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28527
Vulnerability from cvelistv5
Published
2023-12-09 02:15
Modified
2024-09-16 18:39
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.
References
https://www.ibm.com/support/pages/node/7070188vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/251206vdb-entry
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.552Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7070188"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-28527",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-29T19:02:55.369389Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-16T18:39:06.527Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.10, 14.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-09T02:15:39.553Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7070188"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251206"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Informix Dynamic Server buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-28527",
    "datePublished": "2023-12-09T02:15:39.553Z",
    "dateReserved": "2023-03-16T21:05:56.576Z",
    "dateUpdated": "2024-09-16T18:39:06.527Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3861
Vulnerability from cvelistv5
Published
2006-08-08 22:00
Modified
2024-08-07 18:48
Severity ?
Summary
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases.
References
http://www.securityfocus.com/archive/1/443192/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www-1.ibm.com/support/docview.wss?uid=swg21242921x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/443133/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/27692vdb-entry, x_refsource_OSVDB
http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdfx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/28148vdb-entry, x_refsource_XF
http://secunia.com/advisories/21301third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/19264vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2006/3077vdb-entry, x_refsource_VUPEN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:48:39.191Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20060814 Unauthorized Database Creation Privilege on Informix",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
          },
          {
            "name": "20060814 Informix - Discovery, Attack and Defense",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
          },
          {
            "name": "27692",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/27692"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
          },
          {
            "name": "informix-database-insecure-permission(28148)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
          },
          {
            "name": "21301",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21301"
          },
          {
            "name": "19264",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19264"
          },
          {
            "name": "ADV-2006-3077",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3077"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20060814 Unauthorized Database Creation Privilege on Informix",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
        },
        {
          "name": "20060814 Informix - Discovery, Attack and Defense",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
        },
        {
          "name": "27692",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/27692"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
        },
        {
          "name": "informix-database-insecure-permission(28148)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
        },
        {
          "name": "21301",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21301"
        },
        {
          "name": "19264",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19264"
        },
        {
          "name": "ADV-2006-3077",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3077"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3861",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 does not use database creation permissions, which allows remote authenticated users to create arbitrary databases."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20060814 Unauthorized Database Creation Privilege on Informix",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443192/100/0/threaded"
            },
            {
              "name": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921",
              "refsource": "CONFIRM",
              "url": "http://www-1.ibm.com/support/docview.wss?uid=swg21242921"
            },
            {
              "name": "20060814 Informix - Discovery, Attack and Defense",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/443133/100/0/threaded"
            },
            {
              "name": "27692",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/27692"
            },
            {
              "name": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf",
              "refsource": "MISC",
              "url": "http://www.databasesecurity.com/informix/DatabaseHackersHandbook-AttackingInformix.pdf"
            },
            {
              "name": "informix-database-insecure-permission(28148)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28148"
            },
            {
              "name": "21301",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21301"
            },
            {
              "name": "19264",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19264"
            },
            {
              "name": "ADV-2006-3077",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3077"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3861",
    "datePublished": "2006-08-08T22:00:00",
    "dateReserved": "2006-07-26T00:00:00",
    "dateUpdated": "2024-08-07T18:48:39.191Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28526
Vulnerability from cvelistv5
Published
2023-12-09 02:22
Modified
2024-08-02 13:43
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.
References
https://www.ibm.com/support/pages/node/7070188vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/251204vdb-entry
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:22.515Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7070188"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.10, 14.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.  IBM X-Force ID:  251204.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault.  IBM X-Force ID:  251204.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-09T02:22:19.624Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7070188"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/251204"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Informix Dynamic Server buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-28526",
    "datePublished": "2023-12-09T02:22:19.624Z",
    "dateReserved": "2023-03-16T21:05:56.575Z",
    "dateUpdated": "2024-08-02T13:43:22.515Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-4799
Vulnerability from cvelistv5
Published
2020-10-08 13:20
Modified
2024-09-16 23:30
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.
References
https://www.ibm.com/support/pages/node/6343587x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/189460vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:14:58.423Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/6343587"
          },
          {
            "name": "ibm-informix-cve20204799-priv-escalation (189460)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "14.10"
            }
          ]
        }
      ],
      "datePublic": "2020-10-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AC:L/A:H/UI:N/C:H/I:H/PR:L/AV:L/S:U/RL:O/E:U/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-08T13:20:16",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.ibm.com/support/pages/node/6343587"
        },
        {
          "name": "ibm-informix-cve20204799-priv-escalation (189460)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2020-10-07T00:00:00",
          "ID": "CVE-2020-4799",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.ibm.com/support/pages/node/6343587",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 6343587",
              "url": "https://www.ibm.com/support/pages/node/6343587"
            },
            {
              "name": "ibm-informix-cve20204799-priv-escalation (189460)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/189460"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2020-4799",
    "datePublished": "2020-10-08T13:20:17.028481Z",
    "dateReserved": "2019-12-30T00:00:00",
    "dateUpdated": "2024-09-16T23:30:22.798Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-4253
Vulnerability from cvelistv5
Published
2019-08-20 18:50
Modified
2024-09-16 18:29
Severity ?
7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.
References
http://www.ibm.com/support/docview.wss?uid=ibm10964987x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/159941vdb-entry, x_refsource_XF
https://security.netapp.com/advisory/ntap-20190903-0002/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:33:37.934Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
          },
          {
            "name": "ibm-informix-cve20194253-priv-escalation (159941)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Informix Dynamic Server Enterprise Edition",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.1"
            }
          ]
        }
      ],
      "datePublic": "2019-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitCodeMaturity": "UNPROVEN",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "remediationLevel": "OFFICIAL_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 6.8,
            "temporalSeverity": "MEDIUM",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/A:H/I:H/C:H/PR:L/S:U/UI:N/AC:L/E:U/RL:O/RC:C",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Gain Privileges",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-03T17:06:08",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
        },
        {
          "name": "ibm-informix-cve20194253-priv-escalation (159941)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@us.ibm.com",
          "DATE_PUBLIC": "2019-08-07T00:00:00",
          "ID": "CVE-2019-4253",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Informix Dynamic Server Enterprise Edition",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "12.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "IBM"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941."
            }
          ]
        },
        "impact": {
          "cvssv3": {
            "BM": {
              "A": "H",
              "AC": "L",
              "AV": "L",
              "C": "H",
              "I": "H",
              "PR": "L",
              "S": "U",
              "UI": "N"
            },
            "TM": {
              "E": "U",
              "RC": "C",
              "RL": "O"
            }
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Gain Privileges"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.ibm.com/support/docview.wss?uid=ibm10964987",
              "refsource": "CONFIRM",
              "title": "IBM Security Bulletin 964987 (Informix Dynamic Server Enterprise Edition)",
              "url": "http://www.ibm.com/support/docview.wss?uid=ibm10964987"
            },
            {
              "name": "ibm-informix-cve20194253-priv-escalation (159941)",
              "refsource": "XF",
              "title": "X-Force Vulnerability Report",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/159941"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190903-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190903-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2019-4253",
    "datePublished": "2019-08-20T18:50:23.064944Z",
    "dateReserved": "2019-01-03T00:00:00",
    "dateUpdated": "2024-09-16T18:29:01.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2023-28523
Vulnerability from cvelistv5
Published
2023-12-09 02:24
Modified
2024-08-02 13:43
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.
References
https://www.ibm.com/support/pages/node/7070188vendor-advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/250753vdb-entry
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T13:43:23.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.ibm.com/support/pages/node/7070188"
          },
          {
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Informix Dynamic Server",
          "vendor": "IBM",
          "versions": [
            {
              "status": "affected",
              "version": "12.10, 14.10"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.  IBM X-Force ID:  250753.\u003c/span\u003e\n\n"
            }
          ],
          "value": "\nIBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code.  IBM X-Force ID:  250753.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-09T02:24:19.177Z",
        "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
        "shortName": "ibm"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.ibm.com/support/pages/node/7070188"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250753"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "IBM Informix Dynamic Server buffer overflow",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
    "assignerShortName": "ibm",
    "cveId": "CVE-2023-28523",
    "datePublished": "2023-12-09T02:24:19.177Z",
    "dateReserved": "2023-03-16T21:05:56.575Z",
    "dateUpdated": "2024-08-02T13:43:23.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2010-4069
Vulnerability from cvelistv5
Published
2010-10-25 19:00
Modified
2024-09-16 22:29
Severity ?
Summary
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023.
References
http://www.zerodayinitiative.com/advisories/ZDI-10-217/x_refsource_MISC
http://www.vupen.com/english/advisories/2010/2735vdb-entry, x_refsource_VUPEN
http://www.osvdb.org/68707vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/41914third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:34:36.701Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/"
          },
          {
            "name": "ADV-2010-2735",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2735"
          },
          {
            "name": "68707",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/68707"
          },
          {
            "name": "41914",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41914"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2010-10-25T19:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/"
        },
        {
          "name": "ADV-2010-2735",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2735"
        },
        {
          "name": "68707",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/68707"
        },
        {
          "name": "41914",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41914"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4069",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL statement, aka idsdb00165017, idsdb00165019, idsdb00165021, idsdb00165022, and idsdb00165023."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-10-217/"
            },
            {
              "name": "ADV-2010-2735",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2735"
            },
            {
              "name": "68707",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/68707"
            },
            {
              "name": "41914",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41914"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4069",
    "datePublished": "2010-10-25T19:00:00Z",
    "dateReserved": "2010-10-25T00:00:00Z",
    "dateUpdated": "2024-09-16T22:29:41.275Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}