Igor

**Name of the Vulnerable Software and Affected Versions** Wireshark versions 2.0.0 through 2.0.4 **Description** The issue is related to the CORBA IDL dissectors in Wireshark, which do not properly interact with Visual C++ compiler options on 64-bit Windows platforms. This allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted packet. **Recommendations** For Wireshark versions 2.0.0 through 2.0.4, update to version 2.0.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 versions 9.7 through FP10 IBM DB2 versions 9.8 through FP5 IBM DB2 version 10.1 before FP5 IBM DB2 versions 10.5 through FP5 **Description** The issue is related to errors in the code of the IBM DB2 database management system. It can be exploited by a remote attacker to cause a denial of service by using a scalar function in an SQL query. This can lead to a daemon crash. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For IBM DB2 version 9.7, update to a version after FP10 to resolve the issue. For IBM DB2 version 9.8, update to a version after FP5 to resolve the issue. For IBM DB2 version 10.1, update to FP5 or later to resolve the issue. For IBM DB2 version 10.5, update to a version after FP5 to resolve the issue. As a temporary workaround, consider restricting the use of scalar functions in SQL statements until a patch is available.

**Name of the Vulnerable Software and Affected Versions** IBM DB2 versions 9.7 through FP10 IBM DB2 versions 9.8 through FP5 IBM DB2 version 10.1 before FP5 IBM DB2 versions 10.5 through FP5 **Description** The issue is related to a lack of protection for service data in the database management system. It allows a remote attacker to read administrative files by manipulating the maintenance procedure. This can be achieved through crafted use of an automated-maintenance policy stored procedure. **Recommendations** For IBM DB2 versions 9.7 through FP10, update to a version after FP10 to resolve the issue. For IBM DB2 versions 9.8 through FP5, update to a version after FP5 to resolve the issue. For IBM DB2 version 10.1 before FP5, update to FP5 or later to resolve the issue. For IBM DB2 versions 10.5 through FP5, update to a version after FP5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Horde IMP versions 4.0.4 and earlier **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings. This occurs because the software does not sanitize strings containing UTF16 null characters. The attack can be executed when viewed using Internet Explorer, which ignores these characters. **Recommendations** For Horde IMP versions 4.0.4 and earlier, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.