Ibm Informix Dynamic Server vulnerabilities

CVE-2024-45675 [HIGH] CWE-309 CVE-2024-45675: IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix se IBM Informix Dynamic Server 14.10 could allow a local user on the system to log into the Informix server as administrator without a password.

CVE-2024-49342 [HIGH] CWE-307 CVE-2024-49342: IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could al IBM Informix Dynamic Server 12.10 and 14.10 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

CVE-2024-49343 [MEDIUM] CWE-80 CVE-2024-49343: IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could IBM Informix Dynamic Server 12.10 and 14.10 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.

CVE-2025-1991 [HIGH] CWE-191 CVE-2025-1991: IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.

CVE-2023-28523 [HIGH] CWE-122 CVE-2023-28523: IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, cause IBM Informix Dynamic Server 12.10 and 14.10 onsmsync is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow an attacker to execute arbitrary code. IBM X-Force ID: 250753.

CVE-2023-28527 [MEDIUM] CWE-122 CVE-2023-28527: IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251206.

CVE-2023-28526 [MEDIUM] CWE-122 CVE-2023-28526: IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caus IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. IBM X-Force ID: 251204.

CVE-2021-20515 [MEDIUM] CWE-787 CVE-2021-20515: IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper IBM Informix Dynamic Server 14.10 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local privileged user could overflow a buffer and execute arbitrary code on the system or cause a denial of service condition. IBM X-Force ID: 198366.

CVE-2020-4799 [HIGH] CWE-787 CVE-2020-4799: IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460.

CVE-2018-1796 [HIGH] CVE-2018-1796: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libra IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user to load malicious libraries and gain root privileges. IBM X-Force ID: 149426.

CVE-2019-4253 [HIGH] CVE-2019-4253: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local privileged Informix user to load a malicious shared library and gain root access privileges. IBM X-Force ID: 159941.

CVE-2018-1631 [MEDIUM] CWE-59 CVE-2018-1631: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in oninit mongohash. IBM X-Force ID: 144431.

CVE-2018-1635 [MEDIUM] CWE-787 CVE-2018-1635: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.

CVE-2018-1632 [MEDIUM] CWE-59 CVE-2018-1632: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.

CVE-2018-1636 [MEDIUM] CWE-787 CVE-2018-1636: Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.

CVE-2018-1630 [MEDIUM] CWE-59 CVE-2018-1630: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onmode. IBM X-Force ID: 144430.

CVE-2018-1633 [MEDIUM] CWE-59 CVE-2018-1633: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in onsrvapd. IBM X-Force ID: 144434.

CVE-2018-1634 [MEDIUM] CWE-59 CVE-2018-1634: IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in infos.DBSERVERNAME. IBM X-Force ID: 144437.

CVE-2017-1508 [MEDIUM] CVE-2017-1508: IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. IBM X-Force ID: 129620.

CVE-2017-1310 [MEDIUM] CWE-119 CVE-2017-1310: IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that w IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569.