310 matches found
Security Bulletin: IBM® Db2® could disclose sensitive information to an authenticated user from the monitoring and event tables (CVE-2025-36372)
Summary IBM® Db2® could disclose sensitive information such as access keys to an authenticated user from the monitoring and event tables. CVE-2025-36372 Vulnerability Details CVEID:CVE-2025-36372 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows...
CVE-2025-36372
CVE-2025-36372 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) versions 11.5.0–11.5.9 and 12.1.0–12.1.4. The issue allows an authenticated user to disclose sensitive information from the monitoring and event tables due to a vulnerability in access to those tables. Publi...
EUVD-2026-40406
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to remote code execution due to improper pre-auth DRDA handshake handling...
PT-2026-53953
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description An authenticated user can obtain sensitive information from the monitoring and event tables in IBM Db2 for Linux, UNIX, and Windows, including Db2 Connec...
PT-2026-53954
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description Remote code execution is possible due to improper handling of the pre-authentication DRDA Distributed Relational Database Architecture handshake. This fl...
CVE-2025-2669
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
CVE-2025-2669
IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data versions 4.8, 5.0, 5.1, 5.2, 5.3 could allow a privileged user to perform operations and obtain sensitive information outside of their authority due to improper token validation...
CVE-2026-6938
IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query...
CVE-2026-1718
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled...
CVE-2026-6052
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...
CVE-2026-1718
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled...
CVE-2026-6053 IBM® Db2® is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables...
EUVD-2026-32490
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables...
CVE-2026-6052 IBM® Db2® is vulnerable to running out of memory when executing certain queries with MDC tables
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables...
CVE-2026-6051
CVE-2026-6051 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. The vulnerability is a denial of service caused by executing a specially crafted query that consumes the statement heap. Impact is a high availability concern for affected Db2 client and server installations. IBM’s bulletin confirms a...
CVE-2026-6051 IBM® Db2® is vulnerable to a denial of service when executing a specially crafted query with a small statement heap
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...
PT-2026-43695
Name of the Vulnerable Software and Affected Versions IBM Db2 versions 11.5.0 through 11.5.9 IBM Db2 versions 12.1.0 through 12.1.4 Description A denial of service can occur when autonomous transactions are enabled. This is triggered by the execution of a specially crafted query. Recommendations ...
IBM Db2 授权问题漏洞
IBM Db2 is a relational database management system developed by IBM Corporation. Versions 12.1.0 to 12.1.4 of IBM Db2 contain an authorization vulnerability. This vulnerability arises from an authorization bypass that occurs when data is uploaded to a remote object storage path...
CVE-2025-13755
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...
CVE-2025-13755
CVE-2025-13755 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4 (Linux/UNIX/Windows, including Db2 Connect Server). The root cause is that the system can store potentially sensitive information in log files, which could be read by a local user, constituting a credential exposure (CWE-532). Impact ...