Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

firebird firebird vulnerabilities and exploits

(subscribe to this query)
NA
CVE-2023-41038
Firebird is a relational database. Versions 4.0.0 up to and including 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHA...
NA
CVE-2022-29549
An issue exists in Qualys Cloud Agent 4.8.0-49. It executes programs at various full pathnames without first making ownership and permission checks (e.g., to help ensure that a program was installed by root) and without integrity checks (e.g., a checksum comparison against known ...
Qualys Cloud Agent For Linux
4.3
CVSSv2
CVE-2021-21704
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using Firebird PDO driver extension, a malicious database server could cause crashes in various database functions, such as getAttribute(), execute(), fetch() and others by returning invalid respon...
Php PhpNetapp Clustered Data Ontap -
5
CVSSv2
CVE-2021-21705
In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly p...
Php PhpNetapp Clustered Data Ontap -Oracle Sd-wan Aware 8.2
5.5
CVSSv2
CVE-2020-10552
An issue exists in Psyprax prior to 3.2.2. The Firebird database is accessible with the default user sysdba and password masterke after installation. This allows any user to access it and read and modify the contents, including passwords. Local database files can be accessed dire...
Psyprax Psyprax
9
CVSSv2
CVE-2017-11509
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
Firebirdsql Firebird 2.5.7Firebirdsql Firebird 3.0.2Debian Debian Linux 7.0Debian Debian Linux 8.0Debian Debian Linux 9.0
6.5
CVSSv2
CVE-2017-6369
Insufficient checks in the UDF subsystem in Firebird 2.5.x prior to 2.5.7 and 3.0.x prior to 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
Firebirdsql Firebird 2.5.3Firebirdsql Firebird 2.5.5Firebirdsql Firebird 2.5.6Firebirdsql Firebird 2.5.4Firebirdsql Firebird 2.5.1Firebirdsql Firebird 2.5.2Firebirdsql Firebird 3.0.1Firebirdsql Firebird 3.0
4
CVSSv2
CVE-2016-1569
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
Firebirdsql Firebird 2.5.5
10
CVSSv2
CVE-2015-2788
Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird prior to 1.19 allow remote malicious users to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns.
Debian Debian Linux 7.0Debian Dbd-firebird
5
CVSSv2
CVE-2014-9323
The xdr_status_vector function in Firebird prior to 2.1.7 and 2.5.x prior to 2.5.3 SU1 allows remote malicious users to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
Firebirdsql FirebirdOpensuse Evergreen 11.4Debian Debian Linux 7.0Debian Debian Linux 8.0Canonical Ubuntu Linux 14.04
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651CVE-2024-34255elevation of privilegeCVE-2024-25529CVE-2024-4671NULL pointer dereferenceCVE-2024-25527template injectionCVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook