本ページは ibm db2 に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-6938 | IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query. | [email protected] | 6.5 | 0.02% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6053 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6052 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables. | [email protected] | 6.5 | 0.04% | 2026-05-27 | 2026-05-28 |
| CVE-2026-6051 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap. | [email protected] | 5.5 | 0.01% | 2026-05-27 | 2026-05-28 |
| CVE-2026-1718 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled. | [email protected] | 7.1 | 0.04% | 2026-05-27 | 2026-06-02 |
| CVE-2025-13755 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user. | [email protected] | 5.5 | 0.01% | 2026-05-26 | 2026-05-27 |
| CVE-2026-1577 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | [email protected] | 6.5 | 0.02% | 2026-04-30 | 2026-05-10 |
| CVE-2025-36122 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. | [email protected] | 6.5 | 0.05% | 2026-04-30 | 2026-05-01 |
| CVE-2025-14688 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. | [email protected] | 5.3 | 0.05% | 2026-04-30 | 2026-05-01 |
| CVE-2026-1352 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. | [email protected] | 6.5 | 0.05% | 2026-04-23 | 2026-04-27 |
| CVE-2025-36425 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration. | [email protected] | 5.3 | 0.03% | 2026-02-17 | 2026-02-18 |
| CVE-2025-36247 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. | [email protected] | 7.1 | 0.18% | 2026-02-17 | 2026-02-18 |
| CVE-2025-14689 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. | [email protected] | 6.5 | 0.05% | 2026-02-17 | 2026-02-18 |
| CVE-2025-13867 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic | [email protected] | 6.5 | 0.03% | 2026-02-17 | 2026-02-18 |
| CVE-2025-36442 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. | [email protected] | 6.5 | 0.01% | 2026-01-30 | 2026-02-05 |
| CVE-2025-36428 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled. | [email protected] | 5.3 | 0.02% | 2026-01-30 | 2026-02-05 |
| CVE-2025-36427 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. | [email protected] | 6.5 | 0.02% | 2026-01-30 | 2026-02-11 |
| CVE-2025-36424 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. | [email protected] | 6.5 | 0.02% | 2026-01-30 | 2026-02-11 |
| CVE-2025-36423 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. | [email protected] | 6.5 | 0.04% | 2026-01-30 | 2026-02-05 |
| CVE-2025-36407 | IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations. | [email protected] | 6.5 | 0.04% | 2026-01-30 | 2026-02-09 |