229 matches found
CVE-2025-36442
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns...
CVE-2025-36442 IBM Db2 Denial of Service
IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns...
PT-2026-5444
Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 Description The software may experience a denial of service if an authenticated user submits a specifically designed query, potentially causing the...
PT-2026-5450
Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 Description The software may allow an instance owner to execute malicious code, potentially escalating their privileges to root due to the execution...
PT-2026-5451
Name of the Vulnerable Software and Affected Versions IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 11.5.0 through 11.5.9 IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 12.1.0 through 12.1.3 Description The software may allow a local user to...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query (CVE-2025-36353)
Summary IBM® Db2® is vulnerable to denial of service due to improper neutralization of special elements in data query logic. Vulnerability Details CVEID:CVE-2025-36353 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of servic...
Security Bulletin: Multiple vulnerabilities in IBM® Db2® affect IBM® Db2® Big SQL on IBM Cloud Pak for Data
Summary Multiple vulnerabilities in IBM Db2 12.1 affect IBM® Db2® Big SQL 7 and 8 on IBM Cloud Pak for Data 5.2 and earlier. Vulnerability Details CVEID:CVE-2025-33012 DESCRIPTION: IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux...
Security Bulletin: Vulnerability in filelock affects IBM Netezza Appliance
Summary The filelock package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-68146 Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a...
Security Bulletin: IBM® Db2® is vulnerable to a denial of service with a specially crafted query. (CVE-2025-33114)
Summary IBM® Db2® is vulnerable to denial of service with a specially crafted query under certain non-default conditions. Vulnerability Details CVEID:CVE-2025-33114 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server is vulnerable to denial of service with a specially...
CVE-2025-36006
IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial due to the improper release of resources after use...
CVE-2025-36186
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...
CVE-2025-36136
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions...
CVE-2025-2534
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...
EUVD-2025-38314
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...
EUVD-2025-38309
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper allocation of resources...
EUVD-2025-38305
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...
CVE-2025-36185
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...
CVE-2025-36186
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...
CVE-2025-36136
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes DB2 Connect Server could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions...
CVE-2025-36131
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...