Firebird Security Vulnerabilities and Issues — Firebird CVE List

Lucene search

FirebirdsqlFirebird

9 matches found

CVE•added 2024/03/20 3:15 p.m.•83 views

CVE-2023-41038

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the serve...

7.5CVSS7.5AI score0.0006EPSS

CVE•added 2004/07/27 4:0 a.m.•73 views

CVE-2004-0718

The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.

7.5CVSS6AI score0.0191EPSS

CVE•added 2004/08/18 4:0 a.m.•56 views

CVE-2004-0779

The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.

7.5CVSS6.8AI score0.00786EPSS

CVE•added 2003/04/11 4:0 a.m.•51 views

CVE-2003-0197

Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).

7.2CVSS6.8AI score0.00053EPSS

CVE•added 2008/01/29 2:0 a.m.•49 views

CVE-2008-0387

Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send...

7.8CVSS7.9AI score0.5991EPSS

CVE•added 2024/05/14 3:39 p.m.•45 views

CVE-2024-35166

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team Filebird.This issue affects Filebird: from n/a through 5.6.3.

7.5CVSS6.8AI score0.00304EPSS

CVE•added 2007/09/04 10:17 p.m.•41 views

CVE-2007-4664

Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.

7.5CVSS6.5AI score0.0094EPSS

CVE•added 2007/05/11 10:19 a.m.•40 views

CVE-2007-2606

Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, the...

7.8CVSS7.1AI score0.00807EPSS

CVE•added 2007/06/29 6:30 p.m.•39 views

CVE-2006-7214

Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scannin...

7.8CVSS6.9AI score0.0066EPSS