CVE-2017-1520
IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.
Source: CVE-2017-1520
[월:] 2017년 09월
CVE-2017-1162
CVE-2017-1162
IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.
Source: CVE-2017-1162
CVE-2017-14396
CVE-2017-14396
In osTicket 1.10, SQL injection is possible by constructing an array via use of square brackets at the end of a parameter name, as demonstrated by the key parameter to file.php.
Source: CVE-2017-14396
CVE-2017-14400
CVE-2017-14400
In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in magick/cache.c mishandles the pixel cache nexus, which allows remote attackers to cause a denial of service (NULL pointer dereference in the function GetVirtualPixels in MagickCore/cache.c) via a crafted file.
Source: CVE-2017-14400
CVE-2017-14399
CVE-2017-14399
In BlackCat CMS 1.2.2, unrestricted file upload is possible in backendmediaajax_rename.php via the extension parameter, as demonstrated by changing the extension from .jpg to .php.
Source: CVE-2017-14399
CVE-2017-1439
CVE-2017-1439
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128058.
Source: CVE-2017-1439
CVE-2017-1438
CVE-2017-1438
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128057.
Source: CVE-2017-1438
CVE-2017-1434
CVE-2017-1434
IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) under unusual circumstances, could expose highly sensitive information in the error log to a local user.
Source: CVE-2017-1434
CVE-2017-1519
CVE-2017-1519
IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A remote user can cause disruption of service for DB2 Connect Server setup with a particular configuration. IBM X-Force ID: 129829.
Source: CVE-2017-1519
CVE-2017-1452
CVE-2017-1452
IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user to obtain elevated privilege and overwrite DB2 files. IBM X-Force ID: 128180.
Source: CVE-2017-1452