CVE-2026-6052

IBM Db2 is vulnerable to memory exhaustion when executing certain queries involving MDC tables. Affected products and versions: IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. IBM’s advisory notes that mitigation includes applying interim special builds (V11.5.9 and V12.1.4) via Fix Central and avoiding...

PT-2026-43979

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when a specially crafted query is executed using range partitioned tables. Recommendations At the moment, there is no...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain security vulnerabilities. These vulnerabilities arise from the use of range partition tables when special queries are executed, and could lead to denial-of-servic...

IBM Db2 日志信息泄露漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.4 of IBM Db2 contain a vulnerability related to log information leakage. This vulnerability stems from the storage of potentially sensitive information in log files, which may allow...

CVE-2026-1577 IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

IBM Db2 安全漏洞

IBM Db2 is a relational database management system developed by IBM. Versions 11.5.0 to 11.5.9 and 12.1.0 to 12.1.3 of IBM Db2 contain security vulnerabilities. These vulnerabilities stem from improper allocation of system resources, which may allow authenticated users to cause denial-of-service...

PT-2026-34577

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-36247

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memo...

CVE-2025-36247

CVE-2025-36247 affects IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server) versions 11.5.0–11.5.9 and 12.1.0–12.1.3. The vulnerability is an XML External Entity (XXE) injection when processing XML data, enabling potential disclosure of sensitive information or memory resource consumptio...

Linux Distros Unpatched Vulnerability : CVE-2025-36428

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of servi...

CVE-2025-36009

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

EUVD-2025-206553

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables...

EUVD-2025-206550

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query...

EUVD-2025-206557

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

UBUNTU-CVE-2025-36001

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion...

CVE-2025-36009 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server could allow an authenticated user to cause a denial of service due to excessive use of a global variable...

CVE-2025-36184

IBM Db2 for Linux/Unix/Windows (including Db2 Connect Server) versions 11.5.0–11.5.9 are affected by CVE-2025-36184, which allows an instance owner to escalate privileges to root via execution of unnecessary privileges at a higher than minimum level. The issue is scoped to Linux platforms; Window...

CVE-2025-36387 IBM Db2 Denial of Service

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query...

CVE-2025-36407 IBM Db2 Denial of Service

IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations...