CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2014-9323 – Debian Security Advisory 3109-1
https://notcve.org/view.php?id=CVE-2014-9323
16 Dec 2014 — The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. La función xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo, fallo de segmentación y caída) a través de una acción op_response con un estado 'no vacío'... • http://advisories.mageia.org/MGASA-2014-0523.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 10%CPEs: 17EXPL: 4CVE-2009-2620 – Firebird SQL - op_connect_request main listener shutdown
https://notcve.org/view.php?id=CVE-2009-2620
29 Jul 2009 — src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. src/remote/server.cpp en fbserver.exe en Firebird SQL v1.5 anterior a v1.5.6, v2.0 anterior a v2.0.6, v2.1 anterior a v2.1.3, y v2.5 anterior a v2.5 Beta 2, permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/9295 • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2008-1880
https://notcve.org/view.php?id=CVE-2008-1880
12 May 2008 — The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password. La configuración por defecto de Firebird anterior a 2.0.3.12981.0-r6 en Gentoo Linux establece la variable de entorno ISC_PASSWORD antes de arrancar Firebird, lo que permite a atacantes remotos evitar la autentificación SYSDBA y obtener i... • http://bugs.gentoo.org/show_bug.cgi?id=216158 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 59%CPEs: 4EXPL: 1CVE-2008-0387 – Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2008-0387
29 Jan 2008 — Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x v... • https://www.exploit-db.com/exploits/31050 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2008-0467
https://notcve.org/view.php?id=CVE-2008-0467
29 Jan 2008 — Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. Un desbordamiento de búfer en la región stack de la memoria en Firebird versiones anteriores a 2.0.4 y versiones 2.1.x anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un nombre de usuario largo. • http://secunia.com/advisories/28596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •