Firebirdsql

Firebird

38 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-54989

Media report
  • EPSS 0.11%
  • Published 15.08.2025 15:15:32
  • Last modified 22.08.2025 15:00:46

Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference denial-of-service vulnerability in Firebird. This specific flaw exists within the parsing of xdr message from clie...

8.8

CVE-2025-24975

Media report Exploit
  • EPSS 0.06%
  • Published 15.08.2025 15:15:32
  • Last modified 22.08.2025 15:00:28

Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if ExtConnPoolSize is not set equal to 0. If connections stored in ExtConnPool are not verified for presence and suitability o...

7.5

CVE-2024-35166

  • EPSS 0.3%
  • Published 14.05.2024 15:39:40
  • Last modified 15.04.2025 20:56:04

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.

7.5

CVE-2023-41038

  • EPSS 0.06%
  • Published 20.03.2024 15:15:07
  • Last modified 21.11.2024 08:20:25

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statemen...

9

CVE-2017-11509

Exploit
  • EPSS 11.59%
  • Published 28.03.2018 17:29:00
  • Last modified 21.11.2024 03:07:54

An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.

8.8

CVE-2017-6369

  • EPSS 9.2%
  • Published 24.03.2017 10:59:00
  • Last modified 20.04.2025 01:37:25

Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.

6.5

CVE-2016-1569

Exploit
  • EPSS 0.76%
  • Published 13.01.2016 15:59:03
  • Last modified 12.04.2025 10:46:40

FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.

5

CVE-2014-9323

Exploit
  • EPSS 1.73%
  • Published 16.12.2014 18:59:14
  • Last modified 12.04.2025 10:46:40

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.

6.8

CVE-2013-2492

Exploit
  • EPSS 85.26%
  • Published 15.03.2013 22:55:01
  • Last modified 11.04.2025 00:51:21

Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during...

3.5

CVE-2012-5529

  • EPSS 0.97%
  • Published 20.11.2012 00:55:01
  • Last modified 11.04.2025 00:51:21

TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.