Firebirdsql

Firebird

38 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-54989

Medienbericht
  • EPSS 0.11%
  • Veröffentlicht 15.08.2025 15:15:32
  • Zuletzt bearbeitet 22.08.2025 15:00:46

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from clie...

8.8

CVE-2025-24975

Medienbericht Exploit
  • EPSS 0.06%
  • Veröffentlicht 15.08.2025 15:15:32
  • Zuletzt bearbeitet 22.08.2025 15:00:28

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability o...

7.5

CVE-2024-35166

  • EPSS 0.3%
  • Veröffentlicht 14.05.2024 15:39:40
  • Zuletzt bearbeitet 15.04.2025 20:56:04

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.

7.5

CVE-2023-41038

  • EPSS 0.06%
  • Veröffentlicht 20.03.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 08:20:25

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statemen...

9

CVE-2017-11509

Exploit
  • EPSS 11.59%
  • Veröffentlicht 28.03.2018 17:29:00
  • Zuletzt bearbeitet 21.11.2024 03:07:54

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

8.8

CVE-2017-6369

  • EPSS 9.2%
  • Veröffentlicht 24.03.2017 10:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

6.5

CVE-2016-1569

Exploit
  • EPSS 0.76%
  • Veröffentlicht 13.01.2016 15:59:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.

5

CVE-2014-9323

Exploit
  • EPSS 1.73%
  • Veröffentlicht 16.12.2014 18:59:14
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

6.8

CVE-2013-2492

Exploit
  • EPSS 85.26%
  • Veröffentlicht 15.03.2013 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during...

3.5

CVE-2012-5529

  • EPSS 0.97%
  • Veröffentlicht 20.11.2012 00:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.