CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-1577 – IBM® Db2® is vulnerable to a denial of service with a specially crafted query involving multiple subqueries
https://notcve.org/view.php?id=CVE-2026-1577
30 Apr 2026 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. • https://www.ibm.com/support/pages/node/7269434 • CWE-20: Improper Input Validation CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-36122 – IBM® Db2® is vulnerable to a denial of service with a specially crafted query when stmtheap is set to automatic
https://notcve.org/view.php?id=CVE-2025-36122
30 Apr 2026 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service using a specially crafted SQL query due to improper allocation of system resources. • https://www.ibm.com/support/pages/node/7267642 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-14688 – IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations
https://notcve.org/view.php?id=CVE-2025-14688
30 Apr 2026 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist. • https://www.ibm.com/support/pages/node/7269424 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-1352 – IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index
https://notcve.org/view.php?id=CVE-2026-1352
22 Apr 2026 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic. • https://www.ibm.com/support/pages/node/7269433 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-36006 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-36006
07 Nov 2025 — IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial due to the improper release of resources after use. • https://www.ibm.com/support/pages/node/7250479 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36008 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-36008
07 Nov 2025 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper allocation of resources. • https://www.ibm.com/support/pages/node/7250482 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-36131 – IBM Db2 information disclosure
https://notcve.org/view.php?id=CVE-2025-36131
07 Nov 2025 — IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system. • https://www.ibm.com/support/pages/node/7250484 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36136 – IBM denial of service
https://notcve.org/view.php?id=CVE-2025-36136
07 Nov 2025 — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow a local user to cause a denial of service due to the database monitor script incorrectly detecting that the instance is still starting under specific conditions. • https://www.ibm.com/support/pages/node/7250485 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-33012 – IBM Db2 improper account lockout
https://notcve.org/view.php?id=CVE-2025-33012
07 Nov 2025 — IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux could allow an authenticated user to regain access after account lockout due to password use after expiration date. • https://www.ibm.com/support/pages/node/7250469 • CWE-324: Use of a Key Past its Expiration Date •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-2534 – IBM Db2 denial of service
https://notcve.org/view.php?id=CVE-2025-2534
07 Nov 2025 — IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. • https://www.ibm.com/support/pages/node/7250472 • CWE-789: Memory Allocation with Excessive Size Value •