4375 matches found
Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)
Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...
Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.1 has updated Foundation and ITM pTypes to Foundation versi...
CVE-2026-11906
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
CVE-2026-10109
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...
CVE-2025-36372
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...
EUVD-2025-210373
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...
CVE-2025-36372 IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...
CVE-2026-10109
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...
CVE-2026-10109 IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...
CVE-2026-10109
CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...
CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
CVE-2026-11906
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...
CVE-2026-11906
CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...
PT-2026-53966
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can cause a denial of service due to improper neutralization of special elements within the data query logic of XMLTable-derived...
Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...
Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities
Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...
Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.
Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...
Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 (CVE-2025-12183)
Summary IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 CVE-2025-12183 Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...
Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)
Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...
Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.
Summary IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote us...