VYPR

Db2

by IBM

CVEs (297)

  • CVE-2005-4869Dec 31, 2005
    risk 0.03cvss epss 0.01

    The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

  • CVE-2004-0795Oct 20, 2004
    risk 0.03cvss epss 0.02

    DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.

  • CVE-2003-1051Sep 28, 2004
    risk 0.03cvss epss 0.01

    Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.

  • CVE-2003-1052Sep 28, 2004
    risk 0.03cvss epss 0.01

    IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.

  • CVE-2003-0898Nov 17, 2003
    risk 0.03cvss epss 0.01

    IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

  • CVE-2007-2582May 10, 2007
    risk 0.02cvss epss 0.27

    Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) service in IBM DB2 9.x and earlier allow remote attackers to (1) execute arbitrary code via a crafted packet to the DB2JDS service on tcp/6789; and cause a denial of service via (2) an invalid LANG parameter or (2)…

  • CVE-2010-3731Oct 5, 2010
    risk 0.01cvss epss 0.10

    Stack-based buffer overflow in the validateUser implementation in the com.ibm.db2.das.core.DasSysCmd function in db2dasrrm in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP3 allows remote attackers to execute…

  • CVE-2025-36247Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive…

  • CVE-2025-36425Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

  • CVE-2025-13867Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

  • CVE-2025-14689Feb 17, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

  • CVE-2025-2668Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.

  • CVE-2025-36001Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.

  • CVE-2025-36009Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.

  • CVE-2025-36070Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.

  • CVE-2025-36098Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.

  • CVE-2025-36123Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

  • CVE-2025-36184Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

  • CVE-2025-36353Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

  • CVE-2025-36365Jan 30, 2026
    risk 0.00cvss epss 0.00

    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability…

Page 3 of 15