Filtered by vendor Ibm
Subscriptions
Filtered by product Db2
Subscriptions
Total
342 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7771 | 1 Ibm | 1 Db2 | 2026-07-17 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a trap when compiling a specially crafted statements containing subqueries could lead to a denial of service. | ||||
| CVE-2026-9762 | 1 Ibm | 1 Db2 | 2026-07-17 | 7.8 High |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution when jdbc url is under user control. | ||||
| CVE-2026-11906 | 1 Ibm | 1 Db2 | 2026-07-01 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns. | ||||
| CVE-2025-36372 | 1 Ibm | 1 Db2 | 2026-07-01 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information to an authenticated user from the monitoring and event tables. | ||||
| CVE-2026-10109 | 1 Ibm | 1 Db2 | 2026-06-30 | 9.8 Critical |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. | ||||
| CVE-2026-1718 | 2 Ibm, Linux | 3 Db2, Linux On Ibm Z, Linux Kernel | 2026-06-02 | 7.1 High |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. | ||||
| CVE-2026-6053 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-29 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | ||||
| CVE-2026-6051 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-28 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | ||||
| CVE-2026-6052 | 3 Ibm, Linux, Microsoft | 5 Aix, Db2, Linux On Ibm Z and 2 more | 2026-05-28 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | ||||
| CVE-2026-6938 | 2 Ibm, Linux | 3 Aix, Db2, Linux Kernel | 2026-05-28 | 6.5 Medium |
| IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | ||||
| CVE-2025-13755 | 1 Ibm | 1 Db2 | 2026-05-27 | 5.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user. | ||||
| CVE-2026-1577 | 1 Ibm | 1 Db2 | 2026-05-10 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2025-14688 | 1 Ibm | 1 Db2 | 2026-05-01 | 5.3 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | ||||
| CVE-2025-36122 | 1 Ibm | 1 Db2 | 2026-05-01 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. | ||||
| CVE-2026-1352 | 1 Ibm | 1 Db2 | 2026-04-27 | 6.5 Medium |
| IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2008-2154 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an INSTALL_JAR (aka sqlj.install_jar) procedure, which allows remote authenticated users to create or overwrite arbitrary files via unspecified calls. | ||||
| CVE-2009-1905 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before FP4, when LDAP security (aka IBMLDAPauthserver) and anonymous bind are enabled, allows remote attackers to bypass password authentication and establish a database connection via unspecified vectors. | ||||
| CVE-2007-1087 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow. | ||||
| CVE-2008-3959 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before FixPak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted SQLJRA packet within a CONNECT/ATTACH data stream that simulates a V7 client connect/attach request. | ||||
| CVE-2009-4333 | 1 Ibm | 1 Db2 | 2026-04-23 | N/A |
| The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command. | ||||