Informix Dynamic Server
by IBM
CVEs (55)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-1633 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434. | |||
| CVE-2018-1632 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432. | |||
| CVE-2018-1631 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431. | |||
| CVE-2018-1630 | 0.00 | — | 0.00 | Aug 20, 2019 | IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430. | |||
| CVE-2012-4857 | 0.00 | — | 0.05 | Dec 8, 2012 | Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement. | |||
| CVE-2012-3334 | 0.00 | — | 0.04 | Sep 25, 2012 | Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement. | |||
| CVE-2011-1033 | 0.00 | — | 0.05 | Feb 15, 2011 | Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement. | |||
| CVE-2010-4070 | 0.00 | — | 0.05 | Oct 25, 2010 | Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute… | |||
| CVE-2010-4069 | 0.00 | — | 0.04 | Oct 25, 2010 | Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL… | |||
| CVE-2010-4053 | 0.00 | — | 0.05 | Oct 23, 2010 | Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125… | |||
| CVE-2009-3470 | 0.00 | — | 0.02 | Sep 29, 2009 | IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection. | |||
| CVE-2008-0727 | 0.00 | — | 0.05 | Mar 18, 2008 | Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value. | |||
| CVE-2008-0949 | 0.00 | — | 0.03 | Mar 18, 2008 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet. | |||
| CVE-2008-0768 | 0.00 | — | 0.04 | Feb 13, 2008 | Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests. | |||
| CVE-2008-0369 | 0.00 | — | 0.00 | Jan 19, 2008 | Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs. | |||
| CVE-2008-0368 | 0.00 | — | 0.00 | Jan 19, 2008 | onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument. | |||
| CVE-2007-5956 | 0.00 | — | 0.00 | Nov 14, 2007 | Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable. | |||
| CVE-2007-5957 | 0.00 | — | 0.00 | Nov 14, 2007 | Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests. | |||
| CVE-2006-5663 | 0.00 | — | 0.00 | Nov 3, 2006 | IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | |||
| CVE-2006-5664 | 0.00 | — | 0.00 | Nov 3, 2006 | The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. |
- CVE-2018-1633Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.
- CVE-2018-1632Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
- CVE-2018-1631Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.
- CVE-2018-1630Aug 20, 2019risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.
- CVE-2012-4857Dec 8, 2012risk 0.00cvss —epss 0.05
Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 before 11.70.xC7 allows remote authenticated users to execute arbitrary code via a crafted SQL statement.
- CVE-2012-3334Sep 25, 2012risk 0.00cvss —epss 0.04
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 before 11.50.xC9W2 and 11.70 before 11.70.xC5 allows remote authenticated users to execute arbitrary code via crafted arguments in a SET COLLATION statement.
- CVE-2011-1033Feb 15, 2011risk 0.00cvss —epss 0.05
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.
- CVE-2010-4070Oct 25, 2010risk 0.00cvss —epss 0.05
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute…
- CVE-2010-4069Oct 25, 2010risk 0.00cvss —epss 0.04
Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x through 7.31, 9.x through 9.40, 10.00 before 10.00.xC10, 11.10 before 11.10.xC3, and 11.50 before 11.50.xC3 allows remote authenticated users to execute arbitrary code via long DBINFO keyword arguments in a SQL…
- CVE-2010-4053Oct 23, 2010risk 0.00cvss —epss 0.05
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125…
- CVE-2009-3470Sep 29, 2009risk 0.00cvss —epss 0.02
IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 before 11.10.xC4, and 11.50 before 11.50.xC5 allows remote attackers to cause a denial of service (memory corruption, assertion failure, and daemon crash) by sending a long password over a JDBC connection.
- CVE-2008-0727Mar 18, 2008risk 0.00cvss —epss 0.05
Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server (IDS) 7.x through 11.x allow (1) remote attackers to execute arbitrary code via a long password and (2) remote authenticated users to execute arbitrary code via a long DBPATH value.
- CVE-2008-0949Mar 18, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x through 11.x allows remote attackers to gain privileges via a malformed connection request packet.
- CVE-2008-0768Feb 13, 2008risk 0.00cvss —epss 0.04
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
- CVE-2008-0369Jan 19, 2008risk 0.00cvss —epss 0.00
Multiple unspecified programs in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allow local users to create arbitrary files by specifying the target file in the SQLIDEBUG environment variable, whose ownership is changed to the user invoking the programs.
- CVE-2008-0368Jan 19, 2008risk 0.00cvss —epss 0.00
onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 allows local users to create arbitrary files via the Trace file argument.
- CVE-2007-5956Nov 14, 2007risk 0.00cvss —epss 0.00
Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable.
- CVE-2007-5957Nov 14, 2007risk 0.00cvss —epss 0.00
Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 10.00.TC3TL and 11.10.TB4TL on Windows allows attackers to cause a denial of service (application crash) via unspecified SQ_ONASSIST requests.
- CVE-2006-5663Nov 3, 2006risk 0.00cvss —epss 0.00
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.
- CVE-2006-5664Nov 3, 2006risk 0.00cvss —epss 0.00
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.
Page 2 of 3