CVE-2026-1352

This entry describes CVE-2026-1352 affecting IBM Db2 for Linux/UNIX/Windows (including Db2 Connect Server). Affected versions are Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (client and server). The issue allows an authenticated user to cause a Denial of Service due to improper neutralization of special ...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries (CVE-2026-1577)

Summary IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries. Vulnerability Details CVEID:CVE-2026-1577 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of servic...

Security Bulletin: IBM® Db2® is vulnerable to sensitive information disclosure under specific HADR configuration (CVE-2025-36425)

Summary IBM® Db2® could allow an authenticated user to obtain sensitive information under specific HADR configuration. Vulnerability Details CVEID:CVE-2025-36425 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to obtain sensitive...

CVE-2025-36428

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled...

CVE-2009-4327

The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1 does not properly validate the size of a memory pool during a creation attempt, which allows attackers to cause a denial of service memory consumption via unspecified vectors...

CVE-2009-4329

Unspecified vulnerability in the Engine Utilities component in IBM DB2 9.5 before FP5 allows remote authenticated users to cause a denial of service segmentation fault by modifying the db2ra data stream sent in a request from the Load Utility...

CVE-2009-4330

Unspecified vulnerability in db2licm in the Engine Utilities component in IBM DB2 9.5 before FP5 has unknown impact and local attack vectors...

CVE-2009-4438

The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 does not enforce privilege requirements for access to a 1 sequence or 2 global-variable object, which allows remote authenticated users to make use of data via unspecified vectors...

Security Bulletin: IBM® Db2® is affected by a vulnerability in the mongo library (CVE-2025-0755)

Summary IBM® Db2® is affected by a vulnerability in MongoDB C driver library and may be susceptible to buffer overflow when performing operations that could result in a final BSON document which exceeds the maximum allowable size INT32MAX, resulting in a segmentation fault and possible applicatio...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service using a specially crafted SQL statement (CVE-2025-33143).

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service using a specially crafted SQL statement that performs uncontrolled recursion. Vulnerability Details CVEID:CVE-2025-33143 DESCRIPTION: IBM Db2 for Linux, UNIX and...

Security Bulletin: IBM® Db2® is vulnerable to denial of service when running federated queries with the certain condition (CVE-2025-36071)

Summary IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted federated query due to improper release of memory resources. Vulnerability Details CVEID:CVE-2025-36071 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2...

Security Bulletin: IBM® Db2® is vulnerable to a stack-based buffer overflow (CVE-2025-33092)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. Vulnerability Details CVEID:CVE-2025-33092...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions (CVE-2025-2533)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2025-2533 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query. (CVE-2025-33114)

Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain non-default conditions. Vulnerability Details CVEID:CVE-2025-33114 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to denial of service with a specially...

Security Bulletin: IBM® Db2® is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query (CVE-2024-47118)

Summary IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Vulnerability Details CVEID:CVE-2024-47118 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2...

CVE-2024-47118

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

EUVD-2013-3964

Malware in sbrugna...

EUVD-2010-3195

Malware in sbrugna...

EUVD-2009-4406

Malware in sbrugna...

EUVD-2005-4860

Malware in sbrugna...