Vulnerabilities > IBM
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-10-05 | CVE-2010-3757 | OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback Format string vulnerability in the _Eventlog function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to execute arbitrary code via format string specifiers located after a | (pipe) character in a string. | 10.0 |
| 2010-10-05 | CVE-2010-3756 | Improper Input Validation vulnerability in IBM Tivoli Storage Manager Fastback The _CalcHashValueWithLength function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 does not properly validate an unspecified length value, which allows remote attackers to cause a denial of service (daemon crash) by sending data over TCP. | 5.0 |
| 2010-10-05 | CVE-2010-3755 | Resource Management Errors vulnerability in IBM Tivoli Storage Manager Fastback The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via data in a TCP packet. | 5.0 |
| 2010-10-05 | CVE-2010-3754 | OS Command Injection vulnerability in IBM Tivoli Storage Manager Fastback The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 uses values of packet fields to determine the content and length of data copied to memory, which allows remote attackers to execute arbitrary code via a crafted packet. | 10.0 |
| 2010-10-05 | CVE-2010-3740 | Resource Management Errors vulnerability in IBM DB2 9.5 The Net Search Extender (NSE) implementation in the Text Search component in IBM DB2 UDB 9.5 before FP6a does not properly handle an alphanumeric Fuzzy search, which allows remote authenticated users to cause a denial of service (memory consumption and system hang) via the db2ext.textSearch function. | 4.0 |
| 2010-10-05 | CVE-2010-3739 | Improper Authentication vulnerability in IBM DB2 Universal Database 9.5 The audit facility in the Security component in IBM DB2 UDB 9.5 before FP6a uses instance-level audit settings to capture connection (aka CONNECT and AUTHENTICATION) events in certain circumstances in which database-level audit settings were intended, which might make it easier for remote attackers to connect without discovery. | 6.4 |
| 2010-10-05 | CVE-2010-3738 | Permissions, Privileges, and Access Controls vulnerability in IBM DB2 9.5 The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT events by using a USERID and an AUTHID value corresponding to the instance owner, instead of a USERID and an AUTHID value corresponding to the logged-in user account, which makes it easier for remote authenticated users to execute Audit administration commands without discovery. | 5.0 |
| 2010-10-05 | CVE-2010-3737 | Resource Management Errors vulnerability in IBM DB2 9.5 Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (heap memory consumption) by executing a (1) user-defined function (UDF) or (2) stored procedure while using a different code page than the database server. | 3.5 |
| 2010-10-05 | CVE-2010-3736 | Resource Management Errors vulnerability in IBM DB2 9.5 Memory leak in the Relational Data Services component in IBM DB2 UDB 9.5 before FP6a, when the connection concentrator is enabled, allows remote authenticated users to cause a denial of service (heap memory consumption) by using a different code page than the database server. | 4.0 |
| 2010-10-05 | CVE-2010-3735 | Resource Management Errors vulnerability in IBM DB2 9.5 The "Query Compiler, Rewrite, Optimizer" component in IBM DB2 UDB 9.5 before FP6a allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted query involving certain UNION ALL views, leading to an indefinitely large amount of compilation time. | 2.1 |