CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 1CVE-2014-9323 – Debian Security Advisory 3109-1
https://notcve.org/view.php?id=CVE-2014-9323
16 Dec 2014 — The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status. La función xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo, fallo de segmentación y caída) a través de una acción op_response con un estado 'no vacío'... • http://advisories.mageia.org/MGASA-2014-0523.html • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 10%CPEs: 17EXPL: 4CVE-2009-2620 – Firebird SQL - op_connect_request main listener shutdown
https://notcve.org/view.php?id=CVE-2009-2620
29 Jul 2009 — src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference. src/remote/server.cpp en fbserver.exe en Firebird SQL v1.5 anterior a v1.5.6, v2.0 anterior a v2.0.6, v2.1 anterior a v2.1.3, y v2.5 anterior a v2.5 Beta 2, permite a atacantes remotos provocar una denegació... • https://www.exploit-db.com/exploits/9295 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 59%CPEs: 4EXPL: 1CVE-2008-0387 – Firebird 2.0.3 Relational Database - 'protocol.cpp' XDR Protocol Remote Memory Corruption
https://notcve.org/view.php?id=CVE-2008-0387
29 Jan 2008 — Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption. Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x v... • https://www.exploit-db.com/exploits/31050 • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 23%CPEs: 2EXPL: 0CVE-2008-0467
https://notcve.org/view.php?id=CVE-2008-0467
29 Jan 2008 — Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username. Un desbordamiento de búfer en la región stack de la memoria en Firebird versiones anteriores a 2.0.4 y versiones 2.1.x anteriores a 2.1.0 RC1, podría permitir a atacantes remotos ejecutar código arbitrario por medio de un nombre de usuario largo. • http://secunia.com/advisories/28596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-2606
https://notcve.org/view.php?id=CVE-2007-2606
11 May 2007 — Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE. Múltiples desbordamientos de búfer en Firebird 2.1 permite a atacantes remotos disparar una corrupción de m... • http://osvdb.org/37308 •