Db2

db2

Vendor: Ibm • 326 CVEs

CVEs (326)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-36387 1Ibm 1Db2 Feb 5, 2026 Jan 30, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.
CVE-2025-36384 1Ibm 1Db2 Feb 5, 2026 Jan 30, 2026 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
CVE-2025-36366 1Ibm 1Db2 Feb 5, 2026 Jan 30, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exceptio...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.Show less
CVE-2025-36365 1Ibm 1Db2 Feb 5, 2026 Jan 30, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthor...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.Show less
CVE-2025-36009 1Ibm 1Db2 Feb 11, 2026 Jan 30, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.
CVE-2025-36186 1Ibm 1Db2 Nov 18, 2025 Nov 7, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execu...Show more IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.Show less
CVE-2025-36185 1Ibm 1Db2 Nov 18, 2025 Nov 7, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2025-36136 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly dete...Show more IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions.Show less
CVE-2025-36131 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 4.6 MEDIUM· v3 N/A· v2 IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained...Show more IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.Show less
CVE-2025-36008 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources.
CVE-2025-36006 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due...Show more IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use.Show less
CVE-2025-33012 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expir...Show more IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date.Show less
CVE-2025-2534 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain condi...Show more IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.Show less
CVE-2024-47118 1Ibm 1Db2 Nov 19, 2025 Nov 7, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may c...Show more IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.Show less
CVE-2025-36071 1Ibm 1Db2 Aug 7, 2025 Jul 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially cra...Show more IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.Show less
CVE-2025-33114 1Ibm 1Db2 Aug 6, 2025 Jul 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.
CVE-2025-33092 1Ibm 1Db2 Aug 6, 2025 Jul 29, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
CVE-2024-52894 1Ibm 1Db2 Aug 7, 2025 Jul 29, 2025 N/A· v4 4.9 MEDIUM· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server m...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.Show less
CVE-2024-51473 1Ibm 1Db2 Aug 13, 2025 Jul 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.Show less
CVE-2024-49828 1Ibm 1Db2 Aug 13, 2025 Jul 29, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server m...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.Show less

Previous 123 4 5...17 Next