13 results (0.012 seconds)

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 1

The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. La función xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo, fallo de segmentación y caída) a través de una acción op_response con un estado 'no vacío'. • http://advisories.mageia.org/MGASA-2014-0523.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html http://tracker.firebirdsql.org/browse/CORE-4630 http://www.debian.org/security/2014/dsa-3109 http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011 http://www.mandriva.com/security/advisories?name=MDVSA-2015:172 https://usn.ubuntu.com/3929-1 • CWE-476: NULL Pointer Dereference •

CVSS: 5.0EPSS: 54%CPEs: 17EXPL: 4

src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. src/remote/server.cpp en fbserver.exe en Firebird SQL v1.5 anterior a v1.5.6, v2.0 anterior a v2.0.6, v2.1 anterior a v2.1.3, y v2.5 anterior a v2.5 Beta 2, permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de un mensaje op_connect_request mal formado que provoca un bucle infinito o una deferencia a puntero NULL. • https://www.exploit-db.com/exploits/9295 http://tracker.firebirdsql.org/browse/CORE-2563 http://www.coresecurity.com/content/firebird-sql-dos http://www.exploit-db.com/exploits/9295 http://www.securityfocus.com/bid/35842 https://bugzilla.redhat.com/show_bug.cgi?id=514463 https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. La configuración por defecto de Firebird anterior a 2.0.3.12981.0-r6 en Gentoo Linux establece la variable de entorno ISC_PASSWORD antes de arrancar Firebird, lo que permite a atacantes remotos evitar la autentificación SYSDBA y obtener información sensible de la base de datos mediante una contraseña vacía. • http://bugs.gentoo.org/show_bug.cgi?id=216158 http://secunia.com/advisories/30162 http://security.gentoo.org/glsa/glsa-200805-06.xml http://www.securityfocus.com/bid/29123 https://exchange.xforce.ibmcloud.com/vulnerabilities/42299 • CWE-255: Credentials Management Errors •

CVSS: 10.0EPSS: 18%CPEs: 2EXPL: 0

Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. Un desbordamiento de búfer en la región stack de la memoria en Firebird versiones anteriores a 2.0.4 y versiones 2.1.x anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un nombre de usuario largo. • http://secunia.com/advisories/28596 http://secunia.com/advisories/29203 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200803-02.xml http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 http://sourceforge.net/project/shownotes.php?release_id=570816&group_id=9028 http://tracker.firebirdsql.org/browse/CORE-1603 http://www.debian.org/security/2008/dsa-1529 http://www.securityfocus.com/bid/27467 http://www.securitytracker.com/id?10192 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 92%CPEs: 4EXPL: 1

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x versiones anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código de su elección mediante peticiones manipuladas (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, y (6) op_start_send_and_receive XDR, que disparan corrupción de memoria. • https://www.exploit-db.com/exploits/31050 http://secunia.com/advisories/29203 http://secunia.com/advisories/29501 http://security.gentoo.org/glsa/glsa-200803-02.xml http://securityreason.com/securityalert/3580 http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 http://tracker.firebirdsql.org/browse/CORE-1681 http://www.coresecurity.com/?action=item&id=2095 http://www.debian.org/security/2008/dsa-1529 http://www.securityfocus.com/archive/1/487173/100 • CWE-189: Numeric Errors •