Db2
by IBM
CVEs (297)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-52894 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted… | |||
| CVE-2025-33114 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions. | |||
| CVE-2025-33092 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system. | |||
| CVE-2025-36071 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources. | |||
| CVE-2025-36010 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock. | |||
| CVE-2025-2533 | 0.00 | — | 0.00 | Jul 29, 2025 | IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2024-49350 | 0.00 | — | 0.00 | May 29, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2025-2518 | 0.00 | — | 0.00 | May 29, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2025-3050 | 0.00 | — | 0.00 | May 29, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources. | |||
| CVE-2025-1493 | 0.00 | — | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources. | |||
| CVE-2025-0915 | 0.00 | — | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources. | |||
| CVE-2025-1000 | 0.00 | — | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting. | |||
| CVE-2025-1992 | 0.00 | — | 0.00 | May 5, 2025 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage. | |||
| CVE-2024-52903 | 0.00 | — | 0.00 | May 1, 2025 | IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2024-40679 | 0.00 | — | 0.00 | Jan 8, 2025 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | |||
| CVE-2024-35141 | 0.00 | — | 0.00 | Dec 19, 2024 | IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | |||
| CVE-2023-30443 | 0.00 | — | 0.00 | Dec 19, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | |||
| CVE-2024-41762 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | |||
| CVE-2024-37071 | 0.00 | — | 0.00 | Dec 7, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | |||
| CVE-2024-41761 | 0.00 | — | 0.00 | Nov 23, 2024 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. |
- CVE-2024-52894Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted…
- CVE-2025-33114Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to denial of service with a specially crafted query under certain non-default conditions.
- CVE-2025-33092Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a stack-based buffer overflow in db2fm, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
- CVE-2025-36071Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query due to improper release of memory resources.
- CVE-2025-36010Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 could allow an unauthenticated user to cause a denial of service due to executable segments that are waiting for each other to release a necessary lock.
- CVE-2025-2533Jul 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux 12.1.0, 12.1.1, and 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-49350May 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2025-2518May 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2025-3050May 29, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when using Q replication due to the improper allocation of CPU resources.
- CVE-2025-1493May 5, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service due to concurrent execution of shared resources.
- CVE-2025-0915May 5, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial of service due to insufficient release of allocated memory resources.
- CVE-2025-1000May 5, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a z/OS database due to improper handling of automatic client rerouting.
- CVE-2025-1992May 5, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of service due to insufficient release of allocated memory after usage.
- CVE-2024-52903May 1, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-40679Jan 8, 2025risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions.
- CVE-2024-35141Dec 19, 2024risk 0.00cvss —epss 0.00
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges.
- CVE-2023-30443Dec 19, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query.
- CVE-2024-41762Dec 7, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
- CVE-2024-37071Dec 7, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation.
- CVE-2024-41761Nov 23, 2024risk 0.00cvss —epss 0.00
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
Page 5 of 15