CVE-2026-3676
- EPSS 0.4%
- Veröffentlicht 27.05.2026 12:48:42
- Zuletzt bearbeitet 02.06.2026 19:41:27
IBM Cloud APM, Base Private 8.1.4 and IBM Cloud APM, Advanced Private 8.1.4 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special ele...
CVE-2026-1718
- EPSS 0.36%
- Veröffentlicht 27.05.2026 12:18:40
- Zuletzt bearbeitet 02.06.2026 20:02:58
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.
CVE-2025-13755
- EPSS 0.11%
- Veröffentlicht 26.05.2026 15:46:55
- Zuletzt bearbeitet 27.05.2026 13:49:05
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-1577
- EPSS 0.34%
- Veröffentlicht 30.04.2026 21:49:24
- Zuletzt bearbeitet 10.05.2026 14:16:46
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2025-36122
- EPSS 0.25%
- Veröffentlicht 30.04.2026 21:48:49
- Zuletzt bearbeitet 01.05.2026 17:52:18
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system...
CVE-2025-14688
- EPSS 0.22%
- Veröffentlicht 30.04.2026 21:48:11
- Zuletzt bearbeitet 01.05.2026 17:52:29
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic w...
CVE-2026-1352
- EPSS 0.33%
- Veröffentlicht 22.04.2026 23:37:35
- Zuletzt bearbeitet 27.04.2026 18:22:20
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVE-2025-36247
- EPSS 0.3%
- Veröffentlicht 17.02.2026 17:13:06
- Zuletzt bearbeitet 18.02.2026 19:23:13
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerabil...
CVE-2025-36425
- EPSS 0.17%
- Veröffentlicht 17.02.2026 17:13:03
- Zuletzt bearbeitet 18.02.2026 19:22:45
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.
CVE-2025-13867
- EPSS 0.23%
- Veröffentlicht 17.02.2026 17:13:00
- Zuletzt bearbeitet 18.02.2026 19:30:10
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic