The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of DB2 UDB

computer vulnerability bulletin CVE-2017-3738

OpenSSL: information disclosure via rsaz_1024_mul_avx2

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, Fedora, FreeBSD, hMailServer, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, Nodejs Core, OpenSSL, openSUSE Leap, Oracle Communications, Oracle Directory Services Plus, Oracle Fusion Middleware, Oracle GlassFish Server, Oracle Identity Management, Oracle Internet Directory, Solaris, Tuxedo, Oracle Virtual Directory, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-155, cpuapr2018, cpuapr2019, cpujan2018, cpujan2019, cpujul2018, cpuoct2018, CVE-2017-3738, DSA-4065-1, DSA-4157-1, FEDORA-2017-e6be32cb7a, FreeBSD-SA-17:12.openssl, ibm10716907, ibm10717405, ibm10717409, ibm10719113, JSA10851, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0029-1, openSUSE-SU-2018:0315-1, RHSA-2018:0998-01, SA159, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24698.

Description of the vulnerability

An attacker can bypass access restrictions to data via rsaz_1024_mul_avx2() of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2017-3737

OpenSSL: information disclosure via SSL_read/SSL_write After Error

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Impacted products: ProxySG par Blue Coat, SGOS by Blue Coat, Debian, FreeBSD, hMailServer, AIX, DB2 UDB, QRadar SIEM, Tivoli Storage Manager, Juniper J-Series, Junos OS, Junos Space, NSM Central Manager, NSMXpress, SRX-Series, MariaDB ~ precise, MySQL Community, MySQL Enterprise, OpenSSL, openSUSE Leap, Oracle Fusion Middleware, Solaris, Tuxedo, VirtualBox, WebLogic, Percona Server, pfSense, RHEL, SIMATIC, Slackware, ProxySG by Symantec, SGOS by Symantec, Synology DSM, Synology DS***, Synology RS***, Ubuntu, WinSCP, X2GoClient.
Severity: 1/4.
Consequences: data reading.
Provenance: internet client.
Creation date: 07/12/2017.
Identifiers: 2014324, bulletinapr2018, bulletinjan2018, CERTFR-2017-AVI-452, CERTFR-2018-AVI-376, cpuapr2018, cpujan2018, cpujul2018, CVE-2017-3737, DSA-4065-1, FreeBSD-SA-17:12.openssl, ibm10715641, ibm10716907, ibm10717405, ibm10717409, ibm10719113, ibm10738249, JSA10851, JSA10873, openSUSE-SU-2017:3345-1, openSUSE-SU-2018:0223-1, openSUSE-SU-2018:1057-1, RHSA-2018:0998-01, SA159, SSA-179516, SSA:2017-342-01, swg21647054, USN-3512-1, VIGILANCE-VUL-24697.

Description of the vulnerability

An attacker can bypass access restrictions to data via SSL_read/SSL_write After Error of OpenSSL, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-10274 CVE-2017-10281 CVE-2017-10285

Oracle Java: vulnerabilities of October 2017

Synthesis of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Impacted products: Debian, Fedora, AIX, DB2 UDB, IRAD, Rational ClearCase, Security Directory Server, QRadar SIEM, Tivoli Storage Manager, Tivoli System Automation, WebSphere AS Liberty, WebSphere AS Traditional, IBM WebSphere ESB, WebSphere MQ, Junos Space, ePO, Java OpenJDK, openSUSE Leap, Java Oracle, RHEL, SUSE Linux Enterprise Desktop, SLES, Synology DSM, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 20.
Creation date: 18/10/2017.
Identifiers: 2010282, 2010560, 2011264, 2012279, 2013081, 2013150, 2013545, 2014202, 2014981, 2015655, 2015825, 2016207, CERTFR-2017-AVI-366, cpuoct2017, CVE-2017-10274, CVE-2017-10281, CVE-2017-10285, CVE-2017-10293, CVE-2017-10295, CVE-2017-10309, CVE-2017-10341, CVE-2017-10342, CVE-2017-10345, CVE-2017-10346, CVE-2017-10347, CVE-2017-10348, CVE-2017-10349, CVE-2017-10350, CVE-2017-10355, CVE-2017-10356, CVE-2017-10357, CVE-2017-10380, CVE-2017-10386, CVE-2017-10388, DLA-1187-1, DSA-4015-1, DSA-4048-1, FEDORA-2017-7b17451b82, FEDORA-2017-98a361c2b5, FEDORA-2017-b1492e4844, FEDORA-2017-e7938fd7d7, ibm10718843, JSA10873, openSUSE-SU-2017:2998-1, openSUSE-SU-2018:0042-1, RHSA-2017:2998-01, RHSA-2017:2999-01, RHSA-2017:3046-01, RHSA-2017:3047-01, RHSA-2017:3264-01, RHSA-2017:3267-01, RHSA-2017:3268-01, RHSA-2017:3392-01, SB10212, SRC-2017-0028, SUSE-SU-2017:2989-1, SUSE-SU-2017:3235-1, SUSE-SU-2017:3369-1, SUSE-SU-2017:3411-1, SUSE-SU-2017:3440-1, SUSE-SU-2017:3455-1, SUSE-SU-2018:0005-1, SUSE-SU-2018:0061-1, swg22012279, Synology-SA-17:66, USN-3473-1, USN-3497-1, VIGILANCE-VUL-24161.

Description of the vulnerability

Several vulnerabilities were announced in Oracle Java.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert 23981

IBM DB2: five vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, data reading, data creation/edition, data deletion.
Provenance: document.
Creation date: 29/09/2017.
Identifiers: 1647054, VIGILANCE-VUL-23981.

Description of the vulnerability

An attacker can use several vulnerabilities of IBM DB2.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1520

IBM DB2: privilege escalation via CLIENT Authentication Type

Synthesis of the vulnerability

An attacker can bypass restrictions via CLIENT Authentication Type of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user account.
Creation date: 11/09/2017.
Identifiers: 2007186, CVE-2017-1520, VIGILANCE-VUL-23792.

Description of the vulnerability

An attacker can bypass restrictions via CLIENT Authentication Type of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-1452

IBM DB2: privilege escalation via File Overwrite

Synthesis of the vulnerability

An attacker can bypass restrictions via File Overwrite of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 2/4.
Consequences: privileged access/rights.
Provenance: user shell.
Creation date: 08/09/2017.
Identifiers: 2006109, 2013377, CVE-2017-1452, VIGILANCE-VUL-23785.

Description of the vulnerability

An attacker can bypass restrictions via File Overwrite of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-1519

IBM DB2: denial of service via Connect Server

Synthesis of the vulnerability

An attacker can generate a fatal error via Connect Server of IBM DB2, in order to trigger a denial of service.
Impacted products: DB2 UDB.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: intranet client.
Creation date: 08/09/2017.
Identifiers: 2007183, CVE-2017-1519, VIGILANCE-VUL-23784.

Description of the vulnerability

An attacker can generate a fatal error via Connect Server of IBM DB2, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-1438

IBM DB2: privilege escalation via Root Access

Synthesis of the vulnerability

An attacker can bypass restrictions via Root Access of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: privileged shell.
Creation date: 08/09/2017.
Identifiers: 2006885, 2013377, CVE-2017-1438, VIGILANCE-VUL-23783.

Description of the vulnerability

An attacker can bypass restrictions via Root Access of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-1434

IBM DB2: information disclosure via Error Log

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Error Log of IBM DB2, in order to obtain sensitive information.
Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 08/09/2017.
Identifiers: 2005740, 2013377, CVE-2017-1434, VIGILANCE-VUL-23782.

Description of the vulnerability

An attacker can bypass access restrictions to data via Error Log of IBM DB2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2017-1439 CVE-2017-1451

IBM DB2: privilege escalation

Synthesis of the vulnerability

An attacker can bypass restrictions of IBM DB2, in order to escalate his privileges.
Impacted products: DB2 UDB, Tivoli Storage Manager.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user account.
Number of vulnerabilities in this bulletin: 2.
Creation date: 08/09/2017.
Identifiers: 2006061, 2013377, CVE-2017-1439, CVE-2017-1451, VIGILANCE-VUL-23781.

Description of the vulnerability

An attacker can bypass restrictions of IBM DB2, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about DB2 UDB: