Lucene search
K

4375 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/07/06 4:16 p.m.42 views

Security Bulletin: IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling (CVE-2026-10109)

Summary IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling. Vulnerability Details CVEID:CVE-2026-10109 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshak...

9.8CVSS6.6AI score0.0086EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 12:50 a.m.16 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.1 has updated Foundation and ITM pTypes to Foundation versi...

7.8CVSS7.4AI score0.02112EPSS
Exploits1Affected Software3
NVD
NVD
added 2026/06/30 8:17 p.m.8 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-10109

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS0.0086EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2025-36372

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...

6.5CVSS0.00303EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:3 p.m.7 views

EUVD-2025-210373

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...

5.5CVSS5.7AI score0.00303EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 8:3 p.m.41 views

CVE-2025-36372 IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could disclose sensitive information to an authenticated user from the monitoring and event tables...

5.5CVSS0.00303EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 8:2 p.m.6 views

CVE-2026-10109

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 8:2 p.m.47 views

CVE-2026-10109 IBM® Db2® is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...

9.8CVSS0.0086EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 8:2 p.m.150 views

CVE-2026-10109

CVE-2026-10109 affects IBM Db2 Server: remote code execution due to improper pre-auth DRDA handshake handling. Affected versions: Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. Impact is high (RCE) per IBM’s bulletin (CVSS v3.1 base 9.8). Remediation: IBM provides interim fixes via Fix Central for V11.5.9 ...

9.8CVSS6.4AI score0.0086EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 7:42 p.m.45 views

CVE-2026-11906 IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS0.0042EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:42 p.m.6 views

CVE-2026-11906

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/30 7:42 p.m.21 views

CVE-2026-11906

CVE-2026-11906 affects IBM Db2 for Linux, UNIX and Windows (11.5.0–11.5.9; 12.1.0–12.1.4; includes Db2 Connect Server) and is triggered by improper neutralization of special elements in the data query logic of XMLTable-derived columns. An authenticated user can cause a denial of service via this ...

6.5CVSS5.8AI score0.0042EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53966

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can cause a denial of service due to improper neutralization of special elements within the data query logic of XMLTable-derived...

6.5CVSS6AI score0.0042EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 10:6 a.m.17 views

Security Bulletin: Due to the use of IBM Tivoli Monitoring and IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary IBM Tivoli Monitoring code execution and IBM Db2 vulnerabilities have been found in IBM Tivoli Monitoring shipped with IBM Cloud Pak System IBM Tivoli MonitoringITM patternType itm pType, and IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities we...

10CVSS7.9AI score0.38701EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:25 p.m.11 views

Security Bulletin: Due to the use of IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities

Summary Vulnerabilities found in IBM Db2 LUW that affect Foundation and IBM Tivoli Monitoring ITM pattern Types pTypes shipped with IBM Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System v2.3.6.0 has updated Foundation and ITM pTypes to Foundation versi...

7.5CVSS6AI score0.00384EPSS
Exploits0Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 7:16 p.m.16 views

Security Bulletin: Due to IBM Db2, IBM Cloud Pak System is affected by multiple vulnerabilities.

Summary IBM Db2 vulnerabilities have been found in IBM Cloud Pak System DB2 pattern type db2 pType shipped with Cloud Pak System. Vulnerabilities were addressed in IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-45663 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows includes Db2 Connec...

7.5CVSS6AI score0.00696EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 4:57 p.m.8 views

Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 (CVE-2025-12183)

Summary IBM Data Server Driver for JDBC and SQLJ is affected by a vulnerability in org.lz4 1.8.0 CVE-2025-12183 Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read...

8.8CVSS6.8AI score0.00647EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:56 p.m.5 views

Security Bulletin: IBM® Db2® federated server is vulnerable to a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by autheticated user (CVE-2026-11906)

Summary IBM® Db2® federated server is vulnerable to cause a denial of service due to improper neutralization of special elements in the data query logic of XMLTable-derived columns by a authenticated user. Vulnerability Details CVEID:CVE-2026-11906 DESCRIPTION: IBM Db2 for Linux, UNIX and Windows...

6.5CVSS5.9AI score0.0042EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/23 7:50 p.m.4 views

Security Bulletin: IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries.

Summary IBM® Db2® federated server is affected by multiple vulnerabilities in Netty open source libraries. Vulnerability Details CVEID:CVE-2026-33871 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote us...

9.8CVSS7.5AI score0.01125EPSS
Exploits7Affected Software1
Rows per page
Query Builder