IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.
CVSS Score
8.4
EPSS Score
0.0
Published
2026-01-30
IBM® Db2® is vulnerable to a denial of service with a specially crafted query that uses ALTER TABLE operations.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-01-30
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-01-30
IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-11-07