Vulnerabilites related to firebirdsql - firebird
Vulnerability from fkie_nvd
Published
2008-01-29 02:00
Modified
2024-11-21 00:42
Severity ?
Summary
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131041A7-1DA4-4A63-8FDF-66E3E69AE23A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "79C05516-CD1D-433E-A3B8-4690F04A85A3",
"versionEndIncluding": "2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Firebird versiones anteriores a 2.0.4 y versiones 2.1.x anteriores a 2.1.0 RC1, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un nombre de usuario largo."
}
],
"id": "CVE-2008-0467",
"lastModified": "2024-11-21T00:42:10.357",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28596"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29203"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27467"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019277"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019277"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-07-29 17:30
Modified
2024-11-21 01:05
Severity ?
Summary
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | 1.5 | |
| firebirdsql | firebird | 1.5.1 | |
| firebirdsql | firebird | 1.5.2 | |
| firebirdsql | firebird | 1.5.2.4731 | |
| firebirdsql | firebird | 1.5.3.4870 | |
| firebirdsql | firebird | 1.5.4.4910 | |
| firebirdsql | firebird | 1.5.5 | |
| firebirdsql | firebird | 2.0.0 | |
| firebirdsql | firebird | 2.0.0.12748 | |
| firebirdsql | firebird | 2.0.1 | |
| firebirdsql | firebird | 2.0.2 | |
| firebirdsql | firebird | 2.1 | |
| firebirdsql | firebird | 2.1.2 | |
| firebirdsql | firebird | 2.1.3 | |
| firebirdsql | firebird | 2.5 | |
| firebirdsql | firebird | 2.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "131041A7-1DA4-4A63-8FDF-66E3E69AE23A",
"versionEndIncluding": "2.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21106480-8D50-44FD-B314-FE41C59FCD73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5A37B2-3866-4621-9963-DEEC077BEA68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.2.4731:*:*:*:*:*:*:*",
"matchCriteriaId": "16EB2258-65E6-4D5D-B01E-85B032E276E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.3.4870:*:*:*:*:*:*:*",
"matchCriteriaId": "962CDAEC-1C52-4F9C-9935-A92BB9B77961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.4.4910:*:*:*:*:*:*:*",
"matchCriteriaId": "8F084B3B-C27C-4027-BD24-965532649EE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "573E0B9C-19CC-4E21-8087-9B6F801EC859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "752CBE1B-55FA-46AC-B604-C956081F5EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.0.12748:*:*:*:*:*:*:*",
"matchCriteriaId": "6F36BF2D-D099-4A28-95C3-7AE23455D545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "450FD47B-1DBC-4104-AD60-FB52BBE1F791",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEC51F-A318-4F0A-B496-06800C41023C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9590F0-2E23-4485-93FE-528B346E26CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6061FDFD-03C7-4279-9A54-08656F253294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3BBA89DD-96C1-4BFD-8213-CD72BE0247E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2C3DBCAE-5FAF-472B-BE01-879DFD329AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5:beta_2:*:*:*:*:*:*",
"matchCriteriaId": "91A53A7A-F801-4FAC-B086-71C05F555269",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference."
},
{
"lang": "es",
"value": "src/remote/server.cpp en fbserver.exe en Firebird SQL v1.5 anterior a v1.5.6, v2.0 anterior a v2.0.6, v2.1 anterior a v2.1.3, y v2.5 anterior a v2.5 Beta 2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) a trav\u00e9s de un mensaje op_connect_request mal formado que provoca un bucle infinito o una deferencia a puntero NULL."
}
],
"id": "CVE-2009-2620",
"lastModified": "2024-11-21T01:05:18.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-07-29T17:30:01.280",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-29 18:30
Modified
2024-11-21 00:24
Severity ?
Summary
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en Firebird 1.5, uno de los cuales afecta a WNET, tienen impacto y vectores de ataque desconocidos. NOTA: este problema podr\u00eda solaparse con CVE-2006-1240."
}
],
"id": "CVE-2006-7212",
"lastModified": "2024-11-21T00:24:39.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-29T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-04-11 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| borland_software | interbase | 6.0 | |
| borland_software | interbase | 6.4 | |
| borland_software | interbase | 6.5 | |
| firebirdsql | firebird | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE98699-E21E-4D1C-BD43-F7F62D9AE7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F1460E-CA94-4D7D-9799-F763221DBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9547CEC2-B180-4BFF-A5FF-DE8D2ABB8986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41AB209A-D17F-4848-8353-66DEFC21DA55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK)."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer gds_lock_mgr de Interbase Database 6.x permite a usuarios locales la obtenci\u00f3n de privilegios mediante una variable de entorno ISC_LOCK_ENV larga. (INTERBASE_LOCK)."
}
],
"id": "CVE-2003-0197",
"lastModified": "2024-11-20T23:44:11.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-04-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104940730819887\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104940730819887\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-29 18:30
Modified
2024-11-21 00:24
Severity ?
Summary
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores."
},
{
"lang": "es",
"value": "fb_lock_mgr en Firebird 1.5 utiliza permisos d\u00e9biles (0666) para el array sem\u00e1foro, lo cual permite a usuarios locales provocar una denegaci\u00f3n de servicio (procesamiento de peticiones bloqueado) bloqueando los sem\u00e1foros."
}
],
"id": "CVE-2006-7211",
"lastModified": "2024-11-21T00:24:38.903",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 4.9,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-29T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-03 18:30
Modified
2024-11-21 00:33
Severity ?
Summary
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "752CBE1B-55FA-46AC-B604-C956081F5EF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data."
},
{
"lang": "es",
"value": "Desbordamiento de entero en Firebird 2.0.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU) mediante determinadas operaciones de base de datos con juegos de caracteres multi-byte que disparan un intento de usar el valor 65536 para un entero de 16 bits, el cual es tratado como 0 y provoca un bucle infinito en datos de longitud cero."
}
],
"id": "CVE-2007-3527",
"lastModified": "2024-11-21T00:33:27.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-07-03T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/43782"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1063"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/43782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28473"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor en Firebird anterior a 2.0.2 permite a atacantes remotos provocar denegaci\u00f3n de servicio (caida de demonio) a trav\u00e9s de una sesi\u00f3n XNET que realiza m\u00faltiples respuestas simult\u00e1neas para registrar eventos, tambi\u00e9n conocido como CORE-1403."
}
],
"id": "CVE-2007-4665",
"lastModified": "2024-11-21T00:36:09.077",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-15 17:06
Modified
2024-11-21 00:08
Severity ?
Summary
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5 | |
| firebirdsql | firebird | 1.5.1 | |
| firebirdsql | firebird | 1.5.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21106480-8D50-44FD-B314-FE41C59FCD73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3C5A37B2-3866-4621-9963-DEEC077BEA68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument."
}
],
"id": "CVE-2006-1240",
"lastModified": "2024-11-21T00:08:23.117",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-15T17:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-29 18:30
Modified
2024-11-21 00:24
Severity ?
Summary
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database."
},
{
"lang": "es",
"value": "Firebird 1.5 permite a usuarios autenticados remotamente sin permisos de SYSDBA y propietario sobrescribir una base de datos creando una base de datos."
}
],
"id": "CVE-2006-7213",
"lastModified": "2024-11-21T00:24:39.180",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-29T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-02-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.cert.org/advisories/CA-2001-01.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/2192 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/5911 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2001-01.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2192 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/5911 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| borland_software | interbase | 4.0 | |
| borland_software | interbase | 5.0 | |
| borland_software | interbase | 6.0 | |
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:borland_software:interbase:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E61E2866-38F1-45C0-8B5D-A07CA430BDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2666FC-B03C-47A5-BA04-A08DC28C7C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE98699-E21E-4D1C-BD43-F7F62D9AE7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "223711C1-58BB-4755-8848-170CB3FF81E8",
"versionEndIncluding": "0.9.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures."
}
],
"id": "CVE-2001-0008",
"lastModified": "2024-11-20T23:34:22.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-02-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-01.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2192"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5911"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-01.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5911"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via \"large network packets with garbage\", aka CORE-1397."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor Firebird versiones anteriores 2.0.2, cuando un entorno Superserver/TCP/IP est\u00e1 configurado, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de CPU y memoria) mediante \"paquetes de red grandes con basura\", tambi\u00e9n conocido como CORE-1397."
}
],
"id": "CVE-2007-4666",
"lastModified": "2024-11-21T00:36:09.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-15 22:55
Modified
2024-11-21 01:51
Severity ?
Summary
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.1.3 | |
| firebirdsql | firebird | 2.1.4 | |
| firebirdsql | firebird | 2.1.5 | |
| firebirdsql | firebird | 2.5.1 | |
| firebirdsql | firebird | 2.5.2 | |
| firebirdsql | firebird | 2.5.3 | |
| microsoft | windows | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4826EB91-07FB-4D0A-B4B6-1355903C0F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC2C727-E1AD-4818-9530-3448162EFD1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "90F5B6FC-7D83-4353-A88B-70281BB9C47C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861024DD-2FF9-47BF-A553-ED8247BE774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD46C7F4-6551-48E7-9CF1-B1FB5F11F01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD10CD46-ABDE-495A-91DE-AC028FD8927F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en Firebird v2.1.3 hasta v2.1.5 anterior a 18514, y v2.5.1 hasta v2.5.3 anterior a 26623, en Windows permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de paquetes manipulados por el puerto TCP 3050, en relaci\u00f3n con una comprobaci\u00f3n de tama\u00f1o perdido durante la extracci\u00f3n de un n\u00famero de grupo de informaci\u00f3n CNCT."
}
],
"id": "CVE-2013-2492",
"lastModified": "2024-11-21T01:51:52.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-15T22:55:01.003",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2647"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58393"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201512-11"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-12-16 18:59
Modified
2024-11-21 02:20
Severity ?
Summary
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * | |
| opensuse | evergreen | 11.4 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| canonical | ubuntu_linux | 14.04 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5048F5EB-2D7C-4512-9F0D-EBF5E61E5DDF",
"versionEndExcluding": "2.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E20AC79-CD9B-4ABE-A7BC-7030A16A4619",
"versionEndIncluding": "2.5.3",
"versionStartIncluding": "2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status."
},
{
"lang": "es",
"value": "La funci\u00f3n xdr_status_vector en Firebird anterior a 2.1.7 y 2.5.x anterior a 2.5.3 SU1 permite a atacantes remotos causar una denegaci\u00f3n de servicio (referencia a puntero nulo, fallo de segmentaci\u00f3n y ca\u00edda) a trav\u00e9s de una acci\u00f3n op_response con un estado \u0027no vac\u00edo\u0027."
}
],
"id": "CVE-2014-9323",
"lastModified": "2024-11-21T02:20:37.347",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-12-16T18:59:14.357",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3929-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-476"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-05-11 10:19
Modified
2024-11-21 00:31
Severity ?
Summary
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1A9590F0-2E23-4485-93FE-528B346E26CF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en Firebird 2.1 permite a atacantes remotos disparar una corrupci\u00f3n de memoria y posiblemente tener otro impacto no especificado mediante determinadas entradas procesadas por (1) config\\ConfigFile.cpp o (2) msgs\\check_msgs.epp. NOTA: si ConfigFile.cpp lee un fichero de configuraci\u00f3n con permisos restrictivos, entonces el vector ConfigFile.cpp puede no cruzar l\u00edmites de privilegios y quiz\u00e1s no deber\u00eda ser incluido en CVE."
}
],
"id": "CVE-2007-2606",
"lastModified": "2024-11-21T00:31:12.517",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-05-11T10:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37308"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37309"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2708"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28478"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2708"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-18 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "93C142C5-3A85-432B-80D6-2E7B1B4694F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site."
},
{
"lang": "es",
"value": "Los navegadores Mozilla 1.6, Firebird 0.7 y Firefox 0.8 no verifican adecuadamente que las contrase\u00f1as almacenadas en cach\u00e9 de sitios cifrados con SSL sean s\u00f3lo enviadas mediante sesiones cifradas con el sitio, lo que permite a atacantes remotos hacer que contrase\u00f1as en cach\u00e9 sean enviadas en texto plano al sitio suplantado."
}
],
"id": "CVE-2004-0779",
"lastModified": "2024-11-20T23:49:23.103",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-18T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"source": "cve@mitre.org",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-11-20 00:55
Modified
2024-11-21 01:44
Severity ?
Summary
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.5.0 | |
| firebirdsql | firebird | 2.5.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB394C6-4560-44A6-91C2-E4368E42EE8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861024DD-2FF9-47BF-A553-ED8247BE774D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query."
},
{
"lang": "es",
"value": "TraceManager en Firebird v2.5.0 y v2.5.1, cuando el rastreo est\u00e1 habilitado, permite a usuarios remotos autenticados provocar una denegaci\u00f3n de servicio (desreferencia puntero NULL y ca\u00edda) mediante la preparaci\u00f3n de una consulta vac\u00eda SQL din\u00e1mica."
}
],
"id": "CVE-2012-5529",
"lastModified": "2024-11-21T01:44:49.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-11-20T00:55:01.383",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/56521"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027769"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-29 18:30
Modified
2024-11-21 00:24
Severity ?
Summary
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC6EE68-DABD-4314-B6D2-9EE51286F66B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades no especificadas en Firebird 1.5 permiten a atacantes remotos (1) provocar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) enviando muchas versiones de protocolo remoto; y (2) provocar una denegaci\u00f3n de servicio (ca\u00edda de la conexi\u00f3n) mediante determinado tr\u00e1fico de red, como se ha demostrado con un escaneo de vulnerabilidades con Nessus."
}
],
"id": "CVE-2006-7214",
"lastModified": "2024-11-21T00:24:39.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-29T18:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28474"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-01 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| borland_software | interbase | 4.0 | |
| borland_software | interbase | 5.0 | |
| borland_software | interbase | 6.0 | |
| borland_software | interbase | 6.4 | |
| borland_software | interbase | 6.5 | |
| borland_software | interbase | 7.0 | |
| borland_software | interbase | 7.1 | |
| borland_software | interbase_superserver | 6.0 | |
| firebirdsql | firebird | 1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:borland_software:interbase:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E61E2866-38F1-45C0-8B5D-A07CA430BDDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D2666FC-B03C-47A5-BA04-A08DC28C7C73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5FE98699-E21E-4D1C-BD43-F7F62D9AE7BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "42F1460E-CA94-4D7D-9799-F763221DBF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9547CEC2-B180-4BFF-A5FF-DE8D2ABB8986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D724271B-3747-4C65-BC90-D0F7B89F996B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B705544-E282-4791-B4F9-0865D57E2747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:interbase_superserver:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB0894E-F477-45F1-902B-D87C4E2291BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "78A133F6-268F-4765-98E9-A910FC9F4926",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."
}
],
"id": "CVE-2004-2043",
"lastModified": "2024-11-20T23:52:21.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-01T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108611386202493\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11756"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19350"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1010381"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1014"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6408"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6624"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10446"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108611386202493\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1010381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.osvdb.org/6408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10446"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-03-24 10:59
Modified
2024-11-21 03:29
Severity ?
Summary
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://tracker.firebirdsql.org/browse/CORE-5474 | Issue Tracking, Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3824 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/97070 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://usn.ubuntu.com/3929-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://tracker.firebirdsql.org/browse/CORE-5474 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3824 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/97070 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3929-1/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.5.1 | |
| firebirdsql | firebird | 2.5.2 | |
| firebirdsql | firebird | 2.5.3 | |
| firebirdsql | firebird | 2.5.4 | |
| firebirdsql | firebird | 2.5.5 | |
| firebirdsql | firebird | 2.5.6 | |
| firebirdsql | firebird | 3.0 | |
| firebirdsql | firebird | 3.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861024DD-2FF9-47BF-A553-ED8247BE774D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD46C7F4-6551-48E7-9CF1-B1FB5F11F01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD10CD46-ABDE-495A-91DE-AC028FD8927F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47D07C7C-8710-4C43-BDA6-8D013721631A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36682323-0E2A-4FC7-B02C-93B2AB13C7A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C2703881-36B3-4DC6-BC74-A8BF0B1527BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD482CCC-9677-4E9B-B4BA-4F0B787F53A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C8F267-8BDE-4974-B97C-91AB1C301A16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
},
{
"lang": "es",
"value": "Verificaciones insuficientes en el subsistema UDF en Firebird 2.5.x en versiones anteriores a 2.5.7 y 3.0.x en versiones anteriores a 3.0.2 permiten a usuarios remotos autenticados ejecutar c\u00f3digo utilizando un punto de entrada \u0027system\u0027 desde fbudf.so."
}
],
"id": "CVE-2017-6369",
"lastModified": "2024-11-21T03:29:38.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-03-24T10:59:00.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3929-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-06-16 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "41AB209A-D17F-4848-8353-66DEFC21DA55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en Firebird 1.0.2 permite que usuarios locales ejecuten comandos arbitrarios mediante una variable INTERBASE larga cuando se llama a (1) gds_inet_server, (2) gds_lock_mgr, o (3) gds_drop."
}
],
"id": "CVE-2003-0281",
"lastModified": "2024-11-20T23:44:22.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-06-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105259012802997\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/bugtraq/2002/Jun/0212.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8758"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200405-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/7546"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105259012802997\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/bugtraq/2002/Jun/0212.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200405-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/7546"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-12 23:30
Modified
2024-11-21 00:32
Severity ?
Summary
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bakbone | netvault | 6.x | |
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bakbone:netvault:6.x:*:*:*:*:*:*:*",
"matchCriteriaId": "70938DF0-1B76-428F-830F-703D3273042D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2912F22-9F16-4882-9199-8286D881CD87",
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to \"an InterBase version of gds32.dll.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en fbserver.exe de Firebird SQL 2 before 2.0.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un valor p_cnct_count grande en una estructura p_cnct structure en una petici\u00f3n de conexi\u00f3n (0x01) al puerto 3050/tcp, relacionado con \"una versi\u00f3n InterBase de gds32.dll\"."
}
],
"evaluatorImpact": "Failed exploit attempts will likely cause a denial of service on the server.",
"id": "CVE-2007-3181",
"lastModified": "2024-11-21T00:32:36.013",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-12T23:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/37231"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25601"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25872"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200707-01.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/24436"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2149"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/37231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200707-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/24436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34833"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en la funcionalidad (1) adjuntar base de datos y (2) crear base de datos en Firebird versiones anteriores 2.0.2, cuando un nombre de fichero excede MAX_PATH_LEN, tiene impacto desconocido y vectores de ataque, tambi\u00e9n conocido como CORE-1405."
}
],
"id": "CVE-2007-4664",
"lastModified": "2024-11-21T00:36:08.937",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-06 17:17
Modified
2024-11-21 00:37
Severity ?
Summary
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5.3.4870 | |
| firebirdsql | firebird | 1.5.3.4870 | |
| firebirdsql | firebird | 1.5.4.4910 | |
| firebirdsql | firebird | 1.5.4.4910 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.3.4870:*:linux:*:*:*:*:*",
"matchCriteriaId": "39A6767A-8BFF-4EB8-95FF-DD629955AFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.3.4870:*:windows:*:*:*:*:*",
"matchCriteriaId": "72FA1E97-E370-4297-B438-7465FF7323F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.4.4910:*:linux:*:*:*:*:*",
"matchCriteriaId": "9DCBCE4E-49B7-4F6D-8CA0-CD46827D58DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.4.4910:*:windows:*:*:*:*:*",
"matchCriteriaId": "40BCE9A8-3616-41C2-A42D-845A8DC65B9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en Firebird LI 1.5.3.4870 y 1.5.4.4910, y WI 1.5.3.4870 y 1.5.4.4910, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una petici\u00f3n larga de fijaci\u00f3n del servicio sobre TCP puerto 3050 en la funci\u00f3n SVC_attach o (2) vectores no especificados afectando a la funci\u00f3n INET_connect."
}
],
"id": "CVE-2007-5245",
"lastModified": "2024-11-21T00:37:28.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-06T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"source": "cve@mitre.org",
"url": "http://risesecurity.org/exploit/18/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27066"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28635"
},
{
"source": "cve@mitre.org",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://risesecurity.org/exploit/18/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-06 17:17
Modified
2024-11-21 00:37
Severity ?
Summary
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.0.0.12748 | |
| firebirdsql | firebird | 2.0.0.12748 | |
| firebirdsql | firebird | 2.0.1.12855 | |
| firebirdsql | firebird | 2.0.1.12855 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.0.12748:*:linux:*:*:*:*:*",
"matchCriteriaId": "9C9814F6-51D6-484F-9ACA-4F644B874144",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.0.12748:*:windows:*:*:*:*:*",
"matchCriteriaId": "BE5B3863-A18C-4CAD-AE77-040A5B57F1B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.1.12855:*:linux:*:*:*:*:*",
"matchCriteriaId": "99BBF62D-9944-469E-A60B-A35A27DB3899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.1.12855:*:windows:*:*:*:*:*",
"matchCriteriaId": "E2BEC4E6-B3A0-4BC7-9382-04E574EB19C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en FFirebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de (1) una petici\u00f3n larga de fijaci\u00f3n del servicio sobre TCP puerto 3050 en la funci\u00f3n isc_attach_database o (2) petici\u00f3n de creaci\u00f3n larga sobre el puerto 3050 TCP en la funci\u00f3n isc_create_database."
}
],
"id": "CVE-2007-5246",
"lastModified": "2024-11-21T00:37:28.297",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-06T17:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"source": "cve@mitre.org",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "cve@mitre.org",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"source": "cve@mitre.org",
"url": "http://risesecurity.org/exploit/16/"
},
{
"source": "cve@mitre.org",
"url": "http://risesecurity.org/exploit/17/"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27057"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27982"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://risesecurity.org/exploit/16/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://risesecurity.org/exploit/17/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-03-15 17:06
Modified
2024-11-21 00:08
Severity ?
Summary
Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 1.5.2.4731 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:1.5.2.4731:*:*:*:*:*:*:*",
"matchCriteriaId": "16EB2258-65E6-4D5D-B01E-85B032E276E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities."
}
],
"evaluatorSolution": "The problems are fixed in the current 1.5.3 version of the Firebird binary distribution.",
"id": "CVE-2006-1241",
"lastModified": "2024-11-21T00:08:23.270",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-03-15T17:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-27 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netscape:navigator:7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4C1BC491-9C5A-46D5-B6C3-5A8E5A1A0AF3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
},
{
"lang": "es",
"value": "Los navegadores web (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 no previenen adecuadamente que un marco de un dominio inyecte contenido en un marco que pertenece a otro dominio, lo que facilita la suplantaci\u00f3n de sitios web y otros ataques. Vulnerabilidad tambi\u00e9n conocida como \"de inyecci\u00f3n de marco\"."
}
],
"id": "CVE-2004-0718",
"lastModified": "2024-11-20T23:49:14.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "cve@mitre.org",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11978"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-777"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-810"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-810"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-28 17:29
Modified
2024-11-21 03:07
Severity ?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.5.7 | |
| firebirdsql | firebird | 3.0.2 | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "13393620-4886-4BDC-A4F7-582939A1E13B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F40DAE39-D9A9-4753-A9E4-DFADBBA75B23",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
},
{
"lang": "es",
"value": "Un atacante remoto autenticado puede ejecutar c\u00f3digo arbitrario en Firebird SQL Server, versiones 2.5.7 y 3.0.2, ejecutando una instrucci\u00f3n SQL mal formada."
}
],
"id": "CVE-2017-11509",
"lastModified": "2024-11-21T03:07:54.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-28T17:29:00.210",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
},
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-01-13 15:59
Modified
2024-11-21 02:46
Severity ?
Summary
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.5.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "36682323-0E2A-4FC7-B02C-93B2AB13C7A1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
},
{
"lang": "es",
"value": "FireBird 2.5.5 permite a usuarios autenticados provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) utilizando el servicio manager para invocar la utilidad gbak con un par\u00e1metro no v\u00e1lido."
}
],
"id": "CVE-2016-1569",
"lastModified": "2024-11-21T02:46:39.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-01-13T15:59:03.803",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
},
{
"source": "security@debian.org",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"source": "security@debian.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"source": "security@debian.org",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 0.7 | |
| mozilla | mozilla | 0.8 | |
| mozilla | mozilla | 0.9.2 | |
| mozilla | mozilla | 0.9.2.1 | |
| mozilla | mozilla | 0.9.3 | |
| mozilla | mozilla | 0.9.4 | |
| mozilla | mozilla | 0.9.4.1 | |
| mozilla | mozilla | 0.9.5 | |
| mozilla | mozilla | 0.9.6 | |
| mozilla | mozilla | 0.9.7 | |
| mozilla | mozilla | 0.9.8 | |
| mozilla | mozilla | 0.9.9 | |
| mozilla | mozilla | 0.9.35 | |
| mozilla | mozilla | 0.9.48 | |
| mozilla | mozilla | 1.0 | |
| mozilla | mozilla | 1.0 | |
| mozilla | mozilla | 1.0 | |
| mozilla | mozilla | 1.0.1 | |
| mozilla | mozilla | 1.0.2 | |
| mozilla | mozilla | 1.1 | |
| mozilla | mozilla | 1.1 | |
| mozilla | mozilla | 1.1 | |
| mozilla | mozilla | 1.2 | |
| mozilla | mozilla | 1.2 | |
| mozilla | mozilla | 1.2 | |
| mozilla | mozilla | 1.2.1 | |
| mozilla | mozilla | 1.3 | |
| mozilla | mozilla | 1.3.1 | |
| mozilla | mozilla | 1.4 | |
| mozilla | mozilla | 1.4 | |
| mozilla | mozilla | 1.4 | |
| mozilla | mozilla | 1.4.1 | |
| mozilla | mozilla | 1.4.2 | |
| mozilla | mozilla | 1.4.4 | |
| mozilla | mozilla | 1.5 | |
| mozilla | mozilla | 1.5.1 | |
| mozilla | mozilla | 1.6 | |
| mozilla | thunderbird | 0.1 | |
| mozilla | thunderbird | 0.2 | |
| mozilla | thunderbird | 0.3 | |
| mozilla | thunderbird | 0.4 | |
| mozilla | thunderbird | 0.5 | |
| mozilla | thunderbird | 0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F374AF9E-BBBC-4C0E-B00C-5DB7FC83B445",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BA58BA23-4CFE-40F8-A2F4-104007E12E05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "22F00276-9071-4B96-B49C-2E0898476874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EB84CC9B-346B-4AF4-929E-D56D85960103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9420CD82-0E5F-4486-9AF8-9DCD6ED7E037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9C79AB-4ABE-49E6-BAB2-94610AE0316F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04DE7CCB-79B8-4F9B-AC14-E4A100F9E473",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1444C77E-FF98-40E5-9CA9-B4C71B3C9304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3B40771F-30CB-45D0-9EDE-1F13852085B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4F64F8-CCC2-47FF-9B9D-41B3BCDD513C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47315EC4-1EED-4070-A087-8E37C8FE6703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.9:*:*:*:*:*:*:*",
"matchCriteriaId": "9F1EB38F-CEB2-40BC-AA5D-CC539F597137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.35:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6B0681-B96F-405C-8042-1BF2DDB41648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:0.9.48:*:*:*:*:*:*:*",
"matchCriteriaId": "5436BBD2-E3FF-4558-B8F5-FFF5CA9FC045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDAEAE6-BA9F-4D40-B264-4A72930239E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C9296197-0EE0-4CC0-A11F-E44E3443E990",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A76ACC55-754D-4501-8312-5A4E10D053B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A8987151-0901-4547-B750-5DC470BB9CF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53E60BCC-6D1C-489E-9F3B-9BE42B46704F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "66A87ED8-9E1F-4C2C-B806-A41765081C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:alpha:*:*:*:*:*:*",
"matchCriteriaId": "C795D86F-9B08-41FE-B82B-5BBB3DE6357D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.1:beta:*:*:*:*:*:*",
"matchCriteriaId": "2637D552-4A3D-4867-B52A-ACCED8681AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC237C8-CFE0-4128-B549-93CD16894E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:alpha:*:*:*:*:*:*",
"matchCriteriaId": "6B8EA79A-8426-44CF-AF13-58F7EF8B6D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2:beta:*:*:*:*:*:*",
"matchCriteriaId": "367A5D46-0FF3-4140-9478-251363822E9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CAA58EE9-05C7-4395-A8A4-5F54BE4C5DAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C656A621-BE62-4BB8-9B25-A3916E60FA12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8DE4889-424F-4A44-8C14-9F18821CE961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4D3F91A1-7DD9-4146-8BA4-BE594C66DD30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:alpha:*:*:*:*:*:*",
"matchCriteriaId": "82A6419D-0E94-4D80-8B07-E5AB4DBA2F28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "1003D688-3EEA-45F9-BB2C-5BAB395D7678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED69BEB9-8D83-415B-826D-9D17FB67976B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9AE678D7-812D-4C55-91B0-F3AC6BE0CD58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "098458D4-635B-4A4D-9472-39370094E1ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BCDB64E5-AE26-43DF-8A66-654D5D22A635",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED9D75F1-8333-43DE-A08B-142E4C5899D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:mozilla:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF63077-4E98-497D-8CE6-B84B022DB21D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0618BD26-0EF5-4774-9131-B5ABD4CD302A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D604DAE-DF63-413C-9F49-FFC8E84699F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11DE6185-09F4-48E3-9742-F9D8030B5774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E70864-E077-4CD6-A0E8-BC2C4C298A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "61E565E5-286D-4A68-B085-5659DFE59A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:thunderbird:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2A68B4-9101-4AC5-9E82-EEB5A5405541",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user\u0027s hard drive by obscuring a file upload control and tricking the user into dragging text into that control."
}
],
"id": "CVE-2004-1449",
"lastModified": "2024-11-20T23:50:54.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en el Services API del Firebird anterior al 2.0.2, permite a atacantes remotos provocar una denegaci\u00f3n de servicio, tambi\u00e9n conocido como CORE-1149."
}
],
"id": "CVE-2007-4667",
"lastModified": "2024-11-21T00:36:09.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26615"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el servidor en Firebird anterior a 2.0.2 permite a atacantes remotos determinar la existencia de archivos de su elecci\u00f3n, y posiblemente obtener otros \"accesos a archivo,\" a trav\u00e9s de vectores desconocidos, tambi\u00e9n conocido como CORE-1312."
}
],
"id": "CVE-2007-4668",
"lastModified": "2024-11-21T00:36:09.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3021"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-04 22:17
Modified
2024-11-21 00:36
Severity ?
Summary
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B9331-B885-4B9B-9134-E2E689390BB9",
"versionEndIncluding": "2.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
},
{
"lang": "es",
"value": "La Services API del Firebird anterior al 2.0.2 permite a usuarios remotos autenticados sin privilegios SYSDBA leer el log del servidor (firebird.log), tambi\u00e9n conocido como CORE-1148."
}
],
"id": "CVE-2007-4669",
"lastModified": "2024-11-21T00:36:09.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-04T22:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "cve@mitre.org",
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25497"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-01-29 02:00
Modified
2024-11-21 00:41
Severity ?
Summary
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * | |
| firebirdsql | firebird | * | |
| firebirdsql | firebird | 2.1.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9439D7B3-B54A-4C31-B35B-445CF52B03D6",
"versionEndIncluding": "1.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED5BF0C6-148D-4142-9479-52831305FF8D",
"versionEndExcluding": "1.5.6",
"versionStartIncluding": "1.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F587EADE-6D7E-4342-9626-0DB2D1640E07",
"versionEndExcluding": "2.0.4",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CAD9E1-1572-4BD7-AFAE-B862A5AF4B2E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."
},
{
"lang": "es",
"value": "Desbordamiento de entero en Firebird SQL 1.0.3 y versiones anteriores, 1.5.x versiones anteriores a 1.5.6, 2.0.x versiones anteriores a 2.0.4, y 2.1.x versiones anteriores a 2.1.0 RC1, podr\u00eda permitir a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante peticiones manipuladas (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, y (6) op_start_send_and_receive XDR, que disparan corrupci\u00f3n de memoria."
}
],
"id": "CVE-2008-0387",
"lastModified": "2024-11-21T00:41:58.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-01-29T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29203"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/29501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-10-11 00:17
Modified
2024-11-21 00:36
Severity ?
Summary
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| firebirdsql | firebird | 2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:firebirdsql:firebird:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABEC51F-A318-4F0A-B496-06800C41023C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n process_packet de fbserver.exe en Firebird SQL 2.0.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante una petici\u00f3n larga al puerto TCP 3050."
}
],
"id": "CVE-2007-4992",
"lastModified": "2024-11-21T00:36:53.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-10-11T00:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/27982"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1018802"
},
{
"source": "cve@mitre.org",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26011"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/27982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1018802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2017-11509
Vulnerability from cvelistv5
Published
2018-03-28 17:00
Modified
2024-09-16 22:24
Severity ?
EPSS score ?
Summary
An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.
References
| ▼ | URL | Tags |
|---|---|---|
| https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html | mailing-list, x_refsource_MLIST | |
| https://www.tenable.com/security/research/tra-2017-36 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Firebird Foundation | Firebird SQL Server |
Version: 2.5.7 Version: 3.0.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:12:40.152Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firebird SQL Server",
"vendor": "Firebird Foundation",
"versions": [
{
"status": "affected",
"version": "2.5.7"
},
{
"status": "affected",
"version": "3.0.2"
}
]
}
],
"datePublic": "2017-11-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authenticated Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-20T13:06:10",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2017-11-21T00:00:00",
"ID": "CVE-2017-11509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firebird SQL Server",
"version": {
"version_data": [
{
"version_value": "2.5.7"
},
{
"version_value": "3.0.2"
}
]
}
}
]
},
"vendor_name": "Firebird Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authenticated Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180511 [SECURITY] [DLA 1374-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00005.html"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-36",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-36"
},
{
"name": "[debian-lts-announce] 20200229 [SECURITY] [DLA 2129-1] firebird2.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00036.html"
},
{
"name": "[debian-lts-announce] 20211120 [SECURITY] [DLA 2824-1] firebird3.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00018.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2017-11509",
"datePublished": "2018-03-28T17:00:00Z",
"dateReserved": "2017-07-21T00:00:00",
"dateUpdated": "2024-09-16T22:24:43.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1240
Vulnerability from cvelistv5
Published
2006-03-15 17:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/427480/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17077 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25282 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1240",
"datePublished": "2006-03-15T17:00:00",
"dateReserved": "2006-03-15T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-6369
Vulnerability from cvelistv5
Published
2017-03-24 10:00
Modified
2024-08-05 15:25
Severity ?
EPSS score ?
Summary
Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3824 | vendor-advisory, x_refsource_DEBIAN | |
| http://tracker.firebirdsql.org/browse/CORE-5474 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/97070 | vdb-entry, x_refsource_BID | |
| https://usn.ubuntu.com/3929-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:25:49.245Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a \u0027system\u0027 entrypoint from fbudf.so."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3824"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5474",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5474"
},
{
"name": "97070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97070"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-6369",
"datePublished": "2017-03-24T10:00:00",
"dateReserved": "2017-02-28T00:00:00",
"dateUpdated": "2024-08-05T15:25:49.245Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4667
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36356 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3021 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26615 | third-party-advisory, x_refsource_SECUNIA | |
| http://tracker.firebirdsql.org/browse/CORE-1149 | x_refsource_MISC | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:10.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firebird-serviceapi-dos(36356)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firebird-serviceapi-dos(36356)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firebird-serviceapi-dos(36356)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36356"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1149",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1149"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4667",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:10.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5246
Vulnerability from cvelistv5
Published
2007-10-06 17:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.191Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27057"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27982"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27057"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27982"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote attackers to execute arbitrary code via (1) a long attach request on TCP port 3050 to the isc_attach_database function or (2) a long create request on TCP port 3050 to the isc_create_database function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "27057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27057"
},
{
"name": "http://risesecurity.org/blog/entry/3/",
"refsource": "MISC",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "ADV-2007-3379",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3379"
},
{
"name": "firebird-attach-create-bo(36958)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36958"
},
{
"name": "http://risesecurity.org/exploit/16/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/16/"
},
{
"name": "GLSA-200712-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195569",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "25925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "http://risesecurity.org/exploit/17/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/17/"
},
{
"name": "27982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27982"
},
{
"name": "http://www.risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5246",
"datePublished": "2007-10-06T17:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1241
Vulnerability from cvelistv5
Published
2006-03-15 17:00
Modified
2024-08-07 17:03
Severity ?
EPSS score ?
Summary
Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/427480/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/17077 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/25282 | vdb-entry, x_refsource_XF | |
| http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.741Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow local users to gain privileges via a buffer overflow as identified by CVE-2006-1240, or possibly other vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/427480/100/0/threaded"
},
{
"name": "17077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17077"
},
{
"name": "firebird-fbinetserver-fbserver-bo(25282)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25282"
},
{
"name": "20060312 Buffer Overflow and Installation Script Error in Firebird 1.5.3",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/043546.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1241",
"datePublished": "2006-03-15T17:00:00",
"dateReserved": "2006-03-15T00:00:00",
"dateUpdated": "2024-08-07T17:03:28.741Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7212
Vulnerability from cvelistv5
Published
2007-06-29 18:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28474 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7212",
"datePublished": "2007-06-29T18:00:00",
"dateReserved": "2007-06-29T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3527
Vulnerability from cvelistv5
Published
2007-07-03 18:00
Modified
2024-08-07 14:21
Severity ?
EPSS score ?
Summary
Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://osvdb.org/43782 | vdb-entry, x_refsource_OSVDB | |
| http://tracker.firebirdsql.org/browse/CORE-1063 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/28473 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:21:35.611Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "43782",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/43782"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1063"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "28473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28473"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "43782",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/43782"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1063"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "28473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28473"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database operations with multi-byte character sets that trigger an attempt to use the value 65536 for a 16-bit integer, which is treated as 0 and causes an infinite loop on zero-length data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "43782",
"refsource": "OSVDB",
"url": "http://osvdb.org/43782"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1063",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1063"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "28473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28473"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3527",
"datePublished": "2007-07-03T18:00:00",
"dateReserved": "2007-07-03T00:00:00",
"dateUpdated": "2024-08-07T14:21:35.611Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0779
Vulnerability from cvelistv5
Published
2004-08-14 04:00
Modified
2024-08-08 00:31
Severity ?
EPSS score ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:082 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7 | x_refsource_CONFIRM | |
| http://bugzilla.mozilla.org/show_bug.cgi?id=226278 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17018 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:46.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278"
},
{
"name": "mozilla-plaintext-password(17018)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278"
},
{
"name": "mozilla-plaintext-password(17018)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2004:082",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"name": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=226278"
},
{
"name": "mozilla-plaintext-password(17018)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17018"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0779",
"datePublished": "2004-08-14T04:00:00",
"dateReserved": "2004-08-13T00:00:00",
"dateUpdated": "2024-08-08T00:31:46.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4665
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://tracker.firebirdsql.org/browse/CORE-1403 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2007/3021 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26615 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36353 | vdb-entry, x_refsource_XF | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1403",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1403"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "firebird-xnet-dos(36353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36353"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4665",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0281
Vulnerability from cvelistv5
Published
2003-05-14 04:00
Modified
2024-08-08 01:50
Severity ?
EPSS score ?
Summary
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11977 | vdb-entry, x_refsource_XF | |
| http://security.gentoo.org/glsa/glsa-200405-18.xml | vendor-advisory, x_refsource_GENTOO | |
| http://seclists.org/lists/bugtraq/2002/Jun/0212.html | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=105259012802997&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/7546 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/8758 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:50:47.341Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firebird-interbase-bo(11977)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977"
},
{
"name": "GLSA-200405-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-18.xml"
},
{
"name": "20020617 Interbase 6.0 malloc() issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2002/Jun/0212.html"
},
{
"name": "20030509 Firebird Local exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105259012802997\u0026w=2"
},
{
"name": "7546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7546"
},
{
"name": "8758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firebird-interbase-bo(11977)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977"
},
{
"name": "GLSA-200405-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-18.xml"
},
{
"name": "20020617 Interbase 6.0 malloc() issues",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2002/Jun/0212.html"
},
{
"name": "20030509 Firebird Local exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105259012802997\u0026w=2"
},
{
"name": "7546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7546"
},
{
"name": "8758",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8758"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firebird-interbase-bo(11977)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11977"
},
{
"name": "GLSA-200405-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-18.xml"
},
{
"name": "20020617 Interbase 6.0 malloc() issues",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2002/Jun/0212.html"
},
{
"name": "20030509 Firebird Local exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105259012802997\u0026w=2"
},
{
"name": "7546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7546"
},
{
"name": "8758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8758"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0281",
"datePublished": "2003-05-14T04:00:00",
"dateReserved": "2003-05-12T00:00:00",
"dateUpdated": "2024-08-08T01:50:47.341Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-2620
Vulnerability from cvelistv5
Published
2009-07-29 17:00
Modified
2024-08-07 05:59
Severity ?
EPSS score ?
Summary
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/35842 | vdb-entry, x_refsource_BID | |
| https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.coresecurity.com/content/firebird-sql-dos | x_refsource_MISC | |
| http://www.exploit-db.com/exploits/9295 | exploit, x_refsource_EXPLOIT-DB | |
| https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=514463 | x_refsource_CONFIRM | |
| http://tracker.firebirdsql.org/browse/CORE-2563 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:59:55.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35842",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-07-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35842",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35842",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35842"
},
{
"name": "FEDORA-2009-8317",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01341.html"
},
{
"name": "http://www.coresecurity.com/content/firebird-sql-dos",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/firebird-sql-dos"
},
{
"name": "9295",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9295"
},
{
"name": "FEDORA-2009-8340",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01370.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=514463",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=514463"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-2563",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-2563"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-2620",
"datePublished": "2009-07-29T17:00:00",
"dateReserved": "2009-07-28T00:00:00",
"dateUpdated": "2024-08-07T05:59:55.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0718
Vulnerability from cvelistv5
Published
2004-07-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:27.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-810"
},
{
"name": "DSA-777",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-777"
},
{
"name": "http-frame-spoof(1598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "SUSE-SA:2004:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"name": "RHSA-2004:421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"name": "FLSA:2089",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
},
{
"name": "15495",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "11978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11978"
},
{
"name": "oval:org.mitre.oval:def:4756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"name": "oval:org.mitre.oval:def:9997",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-07-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-10T00:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-810",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-810"
},
{
"name": "DSA-777",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-777"
},
{
"name": "http-frame-spoof(1598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "SCOSA-2005.49",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "SUSE-SA:2004:036",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"name": "RHSA-2004:421",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"name": "FLSA:2089",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
},
{
"name": "15495",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "11978",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11978"
},
{
"name": "oval:org.mitre.oval:def:4756",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"name": "oval:org.mitre.oval:def:9997",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-810",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-810"
},
{
"name": "DSA-777",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-777"
},
{
"name": "http-frame-spoof(1598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1598"
},
{
"name": "SCOSA-2005.49",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
},
{
"name": "SUSE-SA:2004:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2004_36_mozilla.html"
},
{
"name": "RHSA-2004:421",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2004-421.html"
},
{
"name": "MDKSA-2004:082",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:082"
},
{
"name": "FLSA:2089",
"refsource": "FEDORA",
"url": "http://marc.info/?l=bugtraq\u0026m=109900315219363\u0026w=2"
},
{
"name": "15495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15495"
},
{
"name": "11978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11978"
},
{
"name": "oval:org.mitre.oval:def:4756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4756"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=246448"
},
{
"name": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/",
"refsource": "MISC",
"url": "http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/"
},
{
"name": "oval:org.mitre.oval:def:9997",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0718",
"datePublished": "2004-07-23T04:00:00",
"dateReserved": "2004-07-22T00:00:00",
"dateUpdated": "2024-08-08T00:24:27.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-9323
Vulnerability from cvelistv5
Published
2014-12-16 18:00
Modified
2024-08-06 13:40
Severity ?
EPSS score ?
Summary
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2014/dsa-3109 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/ | x_refsource_CONFIRM | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:172 | vendor-advisory, x_refsource_MANDRIVA | |
| http://tracker.firebirdsql.org/browse/CORE-4630 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html | vendor-advisory, x_refsource_SUSE | |
| http://advisories.mageia.org/MGASA-2014-0523.html | x_refsource_CONFIRM | |
| https://usn.ubuntu.com/3929-1/ | vendor-advisory, x_refsource_UBUNTU |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:40:24.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-02T16:06:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3109",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3929-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via an op_response action with a non-empty status."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3109",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-3109"
},
{
"name": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/en/news/security-updates-for-v2-1-and-v2-5-series-66011/"
},
{
"name": "MDVSA-2015:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:172"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-4630",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-4630"
},
{
"name": "openSUSE-SU-2014:1621",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00012.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0523.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0523.html"
},
{
"name": "USN-3929-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3929-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9323",
"datePublished": "2014-12-16T18:00:00",
"dateReserved": "2014-12-07T00:00:00",
"dateUpdated": "2024-08-06T13:40:24.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0197
Vulnerability from cvelistv5
Published
2003-04-08 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK).
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=104940730819887&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt | x_refsource_MISC | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104940730819887\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"
},
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104940730819887\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"
},
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable (INTERBASE_LOCK)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104940730819887\u0026w=2"
},
{
"name": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt",
"refsource": "MISC",
"url": "http://www.secnetops.com/research/advisories/SRT2003-04-03-1300.txt"
},
{
"name": "20030403 SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0003.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0197",
"datePublished": "2003-04-08T04:00:00",
"dateReserved": "2003-04-03T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0387
Vulnerability from cvelistv5
Published
2008-01-29 01:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200803-02.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/29203 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39996 | vdb-entry, x_refsource_XF | |
| http://www.coresecurity.com/?action=item&id=2095 | x_refsource_MISC | |
| http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/archive/1/487173/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/3580 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/27403 | vdb-entry, x_refsource_BID | |
| http://tracker.firebirdsql.org/browse/CORE-1681 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27403"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote attackers to execute arbitrary code via crafted (1) op_receive, (2) op_start, (3) op_start_and_receive, (4) op_send, (5) op_start_and_send, and (6) op_start_send_and_receive XDR requests, which triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "29203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29203"
},
{
"name": "firebird-xdrprotocol-integer-overflow(39996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39996"
},
{
"name": "http://www.coresecurity.com/?action=item\u0026id=2095",
"refsource": "MISC",
"url": "http://www.coresecurity.com/?action=item\u0026id=2095"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "20080128 CORE-2007-1219: Firebird Remote Memory Corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487173/100/0/threaded"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "3580",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3580"
},
{
"name": "27403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27403"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1681",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1681"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0387",
"datePublished": "2008-01-29T01:00:00",
"dateReserved": "2008-01-22T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.114Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4666
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tracker.firebirdsql.org/browse/CORE-1397 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36355 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3021 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26615 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.914Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via \"large network packets with garbage\", aka CORE-1397."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via \"large network packets with garbage\", aka CORE-1397."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1397",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1397"
},
{
"name": "firebird-unspecified-network-dos(36355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36355"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4666",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.914Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5529
Vulnerability from cvelistv5
Published
2012-11-20 00:00
Modified
2024-08-06 21:05
Severity ?
EPSS score ?
Summary
TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id?1027769 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/80073 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/56521 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2012/11/14/6 | mailing-list, x_refsource_MLIST | |
| http://tracker.firebirdsql.org/browse/CORE-3884 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2013/dsa-2648 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.openwall.com/lists/oss-security/2012/11/14/8 | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:05:47.262Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1027769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027769"
},
{
"name": "firebird-tracedsqlprepareprepare-dos(80073)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
},
{
"name": "56521",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56521"
},
{
"name": "[oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "[oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by preparing an empty dynamic SQL query."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1027769",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027769"
},
{
"name": "firebird-tracedsqlprepareprepare-dos(80073)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80073"
},
{
"name": "56521",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56521"
},
{
"name": "[oss-security] 20121114 CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/6"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-3884"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "[oss-security] 20121114 Re: CVE Request -- firebird: DoS (NULL pointer dereference) while preparing an empty query with trace enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/14/8"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5529",
"datePublished": "2012-11-20T00:00:00",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:05:47.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4668
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3021 | vdb-entry, x_refsource_VUPEN | |
| http://tracker.firebirdsql.org/browse/CORE-1312 | x_refsource_MISC | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other \"file access,\" via unknown vectors, aka CORE-1312."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1312",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1312"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4668",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1569
Vulnerability from cvelistv5
Published
2016-01-13 15:00
Modified
2024-08-05 23:02
Severity ?
EPSS score ?
Summary
FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2016/01/10/2 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2016/01/10/3 | mailing-list, x_refsource_MLIST | |
| http://tracker.firebirdsql.org/browse/CORE-5068 | x_refsource_CONFIRM | |
| http://sourceforge.net/p/firebird/code/62783/ | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:02:11.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-02T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak utility with an invalid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20160110 CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/2"
},
{
"name": "[oss-security] 20160110 Re: CVE Request: FireBird RDBMS: authenticated clients crash FireBird when running gbak with invalid parameter",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/01/10/3"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-5068",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-5068"
},
{
"name": "http://sourceforge.net/p/firebird/code/62783/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/firebird/code/62783/"
},
{
"name": "FEDORA-2016-bec6b9c395",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-February/177119.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1569",
"datePublished": "2016-01-13T15:00:00",
"dateReserved": "2016-01-10T00:00:00",
"dateUpdated": "2024-08-05T23:02:11.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2043
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:15
Severity ?
EPSS score ?
Summary
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2006/dsa-1014 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16229 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/19350 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108611386202493&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/6624 | vdb-entry, x_refsource_OSVDB | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html | mailing-list, x_refsource_FULLDISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16316 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10446 | vdb-entry, x_refsource_BID | |
| http://www.securiteam.com/unixfocus/5AP0P0UCUO.html | x_refsource_MISC | |
| http://securitytracker.com/id?1010381 | vdb-entry, x_refsource_SECTRACK | |
| http://www.osvdb.org/6408 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/11756 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:15:01.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-1014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1014"
},
{
"name": "firebird-database-name-bo(16229)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"
},
{
"name": "19350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19350"
},
{
"name": "20040601 Firebird Database Remote Database Name Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611386202493\u0026w=2"
},
{
"name": "6624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6624"
},
{
"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"
},
{
"name": "interbase-database-name-bo(16316)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"
},
{
"name": "10446",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"
},
{
"name": "1010381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1010381"
},
{
"name": "6408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6408"
},
{
"name": "11756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11756"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-1014",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1014"
},
{
"name": "firebird-database-name-bo(16229)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"
},
{
"name": "19350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19350"
},
{
"name": "20040601 Firebird Database Remote Database Name Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108611386202493\u0026w=2"
},
{
"name": "6624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6624"
},
{
"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"
},
{
"name": "interbase-database-name-bo(16316)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"
},
{
"name": "10446",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"
},
{
"name": "1010381",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1010381"
},
{
"name": "6408",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6408"
},
{
"name": "11756",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11756"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1014",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1014"
},
{
"name": "firebird-database-name-bo(16229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16229"
},
{
"name": "19350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19350"
},
{
"name": "20040601 Firebird Database Remote Database Name Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108611386202493\u0026w=2"
},
{
"name": "6624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6624"
},
{
"name": "20040602 Firebird [ AND Interbase 7 ] Database Remote Database Name Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0027.html"
},
{
"name": "interbase-database-name-bo(16316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16316"
},
{
"name": "10446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10446"
},
{
"name": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5AP0P0UCUO.html"
},
{
"name": "1010381",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1010381"
},
{
"name": "6408",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6408"
},
{
"name": "11756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11756"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2043",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:15:01.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2606
Vulnerability from cvelistv5
Published
2007-05-11 10:00
Modified
2024-08-07 13:42
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\ConfigFile.cpp or (2) msgs\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE.
References
| ▼ | URL | Tags |
|---|---|---|
| http://osvdb.org/37309 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34201 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/468070/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/28478 | vdb-entry, x_refsource_BID | |
| http://osvdb.org/37308 | vdb-entry, x_refsource_OSVDB | |
| http://securityreason.com/securityalert/2708 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.412Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37309",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37309"
},
{
"name": "firebird-configfile-checkmsgs-bo(34201)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"
},
{
"name": "20070509 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"name": "28478",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28478"
},
{
"name": "37308",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37308"
},
{
"name": "2708",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2708"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37309",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37309"
},
{
"name": "firebird-configfile-checkmsgs-bo(34201)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"
},
{
"name": "20070509 Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"name": "28478",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28478"
},
{
"name": "37308",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37308"
},
{
"name": "2708",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2708"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via certain input processed by (1) config\\ConfigFile.cpp or (2) msgs\\check_msgs.epp. NOTE: if ConfigFile.cpp reads a configuration file with restrictive permissions, then the ConfigFile.cpp vector may not cross privilege boundaries and perhaps should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37309",
"refsource": "OSVDB",
"url": "http://osvdb.org/37309"
},
{
"name": "firebird-configfile-checkmsgs-bo(34201)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34201"
},
{
"name": "20070509 Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/468070/100/0/threaded"
},
{
"name": "28478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28478"
},
{
"name": "37308",
"refsource": "OSVDB",
"url": "http://osvdb.org/37308"
},
{
"name": "2708",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2708"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2606",
"datePublished": "2007-05-11T10:00:00",
"dateReserved": "2007-05-11T00:00:00",
"dateUpdated": "2024-08-07T13:42:33.412Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3181
Vulnerability from cvelistv5
Published
2007-06-12 23:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to "an InterBase version of gds32.dll."
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/24436 | vdb-entry, x_refsource_BID | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://osvdb.org/37231 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/25601 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34833 | vdb-entry, x_refsource_XF | |
| http://dvlabs.tippingpoint.com/advisory/TPTI-07-11 | x_refsource_MISC | |
| http://security.gentoo.org/glsa/glsa-200707-01.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.vupen.com/english/advisories/2007/2149 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25872 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24436",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24436"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "37231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37231"
},
{
"name": "25601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25601"
},
{
"name": "firebird-fbserver-bo(34833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34833"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11"
},
{
"name": "GLSA-200707-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-01.xml"
},
{
"name": "ADV-2007-2149",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2149"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "25872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25872"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to \"an InterBase version of gds32.dll.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24436",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24436"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "37231",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37231"
},
{
"name": "25601",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25601"
},
{
"name": "firebird-fbserver-bo(34833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34833"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11"
},
{
"name": "GLSA-200707-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-01.xml"
},
{
"name": "ADV-2007-2149",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2149"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "25872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25872"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count value in a p_cnct structure in a connect (0x01) request to port 3050/tcp, related to \"an InterBase version of gds32.dll.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24436"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.1-ReleaseNotes.pdf"
},
{
"name": "37231",
"refsource": "OSVDB",
"url": "http://osvdb.org/37231"
},
{
"name": "25601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25601"
},
{
"name": "firebird-fbserver-bo(34833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34833"
},
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-07-11"
},
{
"name": "GLSA-200707-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-01.xml"
},
{
"name": "ADV-2007-2149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2149"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "25872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25872"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3181",
"datePublished": "2007-06-12T23:00:00",
"dateReserved": "2007-06-12T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1449
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082 | vendor-advisory, x_refsource_MANDRAKE | |
| http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.517Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user\u0027s hard drive by obscuring a file upload control and tricking the user into dragging text into that control."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:38:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2004:082",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user\u0027s hard drive by obscuring a file upload control and tricking the user into dragging text into that control."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2004:082",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:082"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=206859#c0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1449",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4669
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://tracker.firebirdsql.org/browse/CORE-1148 | x_refsource_CONFIRM | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.982Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4669",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1148",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1148"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4669",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4992
Vulnerability from cvelistv5
Published
2007-10-11 00:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/37079 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1018802 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/26011 | vdb-entry, x_refsource_BID | |
| http://security.gentoo.org/glsa/glsa-200712-06.xml | vendor-advisory, x_refsource_GENTOO | |
| http://bugs.gentoo.org/show_bug.cgi?id=195569 | x_refsource_CONFIRM | |
| http://www.zerodayinitiative.com/advisories/ZDI-07-057.html | x_refsource_MISC | |
| http://secunia.com/advisories/27982 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/482025/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:27.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "firebirdsql-processpacket-bo(37079)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37079"
},
{
"name": "1018802",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1018802"
},
{
"name": "26011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26011"
},
{
"name": "GLSA-200712-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-06.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=195569",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=195569"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-07-057.html"
},
{
"name": "27982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27982"
},
{
"name": "20071010 ZDI-07-057: Firebird process_packet() Remote Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/482025/100/0/threaded"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.3-ReleaseNotes.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4992",
"datePublished": "2007-10-11T00:00:00",
"dateReserved": "2007-09-20T00:00:00",
"dateUpdated": "2024-08-07T15:17:27.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7214
Vulnerability from cvelistv5
Published
2007-06-29 18:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28474 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7214",
"datePublished": "2007-06-29T18:00:00",
"dateReserved": "2007-06-29T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2492
Vulnerability from cvelistv5
Published
2013-03-15 14:00
Modified
2024-08-06 15:36
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security.gentoo.org/glsa/201512-11 | vendor-advisory, x_refsource_GENTOO | |
| https://gist.github.com/zeroSteiner/85daef257831d904479c | x_refsource_MISC | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html | vendor-advisory, x_refsource_SUSE | |
| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb | x_refsource_MISC | |
| http://www.securityfocus.com/bid/58393 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2013/dsa-2648 | vendor-advisory, x_refsource_DEBIAN | |
| http://tracker.firebirdsql.org/browse/CORE-4058 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html | vendor-advisory, x_refsource_SUSE | |
| http://www.debian.org/security/2013/dsa-2647 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:36:46.823Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201512-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201512-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote attackers to execute arbitrary code via a crafted packet to TCP port 3050, related to a missing size check during extraction of a group number from CNCT information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201512-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-11"
},
{
"name": "https://gist.github.com/zeroSteiner/85daef257831d904479c",
"refsource": "MISC",
"url": "https://gist.github.com/zeroSteiner/85daef257831d904479c"
},
{
"name": "openSUSE-SU-2013:0496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00036.html"
},
{
"name": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb",
"refsource": "MISC",
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/misc/fb_cnct_group.rb"
},
{
"name": "58393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58393"
},
{
"name": "DSA-2648",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2648"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-4058",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-4058"
},
{
"name": "openSUSE-SU-2013:0504",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00039.html"
},
{
"name": "DSA-2647",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2492",
"datePublished": "2013-03-15T14:00:00",
"dateReserved": "2013-03-06T00:00:00",
"dateUpdated": "2024-08-06T15:36:46.823Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7211
Vulnerability from cvelistv5
Published
2007-06-29 18:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28474 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7211",
"datePublished": "2007-06-29T18:00:00",
"dateReserved": "2007-06-29T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-7213
Vulnerability from cvelistv5
Published
2007-06-29 18:00
Modified
2024-08-07 20:57
Severity ?
EPSS score ?
Summary
Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/28474 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:57:40.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-04-09T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-7213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0-ReleaseNotes.pdf"
},
{
"name": "28474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28474"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-7213",
"datePublished": "2007-06-29T18:00:00",
"dateReserved": "2007-06-29T00:00:00",
"dateUpdated": "2024-08-07T20:57:40.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0008
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5911 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/2192 | vdb-entry, x_refsource_BID | |
| http://www.cert.org/advisories/CA-2001-01.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:54.604Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "interbase-backdoor-account(5911)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5911"
},
{
"name": "2192",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2192"
},
{
"name": "CA-2001-01",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-01.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "interbase-backdoor-account(5911)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5911"
},
{
"name": "2192",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2192"
},
{
"name": "CA-2001-01",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-01.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "interbase-backdoor-account(5911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5911"
},
{
"name": "2192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2192"
},
{
"name": "CA-2001-01",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-01.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0008",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-01-10T00:00:00",
"dateUpdated": "2024-08-08T04:06:54.604Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5245
Vulnerability from cvelistv5
Published
2007-10-06 17:00
Modified
2024-08-07 15:24
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://risesecurity.org/advisory/RISE-2007003/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/25917 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/28635 | third-party-advisory, x_refsource_SECUNIA | |
| http://risesecurity.org/blog/entry/3/ | x_refsource_MISC | |
| http://www.securityfocus.com/archive/1/481491/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securitytracker.com/id?1018773 | vdb-entry, x_refsource_SECTRACK | |
| http://risesecurity.org/exploit/18/ | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36957 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3380 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/25925 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/27066 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.risesecurity.org/advisory/RISE-2007003/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:24:42.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/27066"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018773"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/27066"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the SVC_attach function or (2) unspecified vectors involving the INET_connect function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://risesecurity.org/advisory/RISE-2007003/"
},
{
"name": "25917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25917"
},
{
"name": "28635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28635"
},
{
"name": "http://risesecurity.org/blog/entry/3/",
"refsource": "MISC",
"url": "http://risesecurity.org/blog/entry/3/"
},
{
"name": "20071004 [RISE-2007003] Firebird Relational Database Multiple Buffer Overflow Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481491/100/0/threaded"
},
{
"name": "1018773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018773"
},
{
"name": "http://risesecurity.org/exploit/18/",
"refsource": "MISC",
"url": "http://risesecurity.org/exploit/18/"
},
{
"name": "firebird-attach-connect-bo(36957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36957"
},
{
"name": "ADV-2007-3380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3380"
},
{
"name": "25925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25925"
},
{
"name": "27066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27066"
},
{
"name": "http://www.risesecurity.org/advisory/RISE-2007003/",
"refsource": "MISC",
"url": "http://www.risesecurity.org/advisory/RISE-2007003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5245",
"datePublished": "2007-10-06T17:00:00",
"dateReserved": "2007-10-06T00:00:00",
"dateUpdated": "2024-08-07T15:24:42.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4664
Vulnerability from cvelistv5
Published
2007-09-04 22:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
References
| ▼ | URL | Tags |
|---|---|---|
| http://tracker.firebirdsql.org/browse/CORE-1405 | x_refsource_MISC | |
| http://www.securityfocus.com/bid/25497 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/3021 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/26615 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.firebirdsql.org/index.php?op=files&id=engine_202 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://sourceforge.net/project/shownotes.php?release_id=535898 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36359 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26615"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1405",
"refsource": "MISC",
"url": "http://tracker.firebirdsql.org/browse/CORE-1405"
},
{
"name": "25497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25497"
},
{
"name": "ADV-2007-3021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3021"
},
{
"name": "26615",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26615"
},
{
"name": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/index.php?op=files\u0026id=engine_202"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=535898",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=535898"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
},
{
"name": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf",
"refsource": "CONFIRM",
"url": "http://www.firebirdsql.org/rlsnotes/Firebird-2.0.2-ReleaseNotes.pdf"
},
{
"name": "firebird-maxpathlen-unspecified(36359)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4664",
"datePublished": "2007-09-04T22:00:00",
"dateReserved": "2007-09-04T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0467
Vulnerability from cvelistv5
Published
2008-01-29 01:00
Modified
2024-08-07 07:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200803-02.xml | vendor-advisory, x_refsource_GENTOO | |
| http://sourceforge.net/project/shownotes.php?release_id=570816&group_id=9028 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/29203 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/28596 | third-party-advisory, x_refsource_SECUNIA | |
| http://tracker.firebirdsql.org/browse/CORE-1603 | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39981 | vdb-entry, x_refsource_XF | |
| http://www.securitytracker.com/id?1019277 | vdb-entry, x_refsource_SECTRACK | |
| http://sourceforge.net/project/shownotes.php?group_id=9028&release_id=570800 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2008/0300 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/27467 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/29501 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2008/dsa-1529 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:55.008Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28596"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019277"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200803-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28596"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019277"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1529"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code via a long username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200803-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200803-02.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=570816\u0026group_id=9028"
},
{
"name": "29203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29203"
},
{
"name": "28596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28596"
},
{
"name": "http://tracker.firebirdsql.org/browse/CORE-1603",
"refsource": "CONFIRM",
"url": "http://tracker.firebirdsql.org/browse/CORE-1603"
},
{
"name": "firebird-username-bo(39981)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39981"
},
{
"name": "1019277",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019277"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=9028\u0026release_id=570800"
},
{
"name": "ADV-2008-0300",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0300"
},
{
"name": "27467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27467"
},
{
"name": "29501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29501"
},
{
"name": "DSA-1529",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0467",
"datePublished": "2008-01-29T01:00:00",
"dateReserved": "2008-01-28T00:00:00",
"dateUpdated": "2024-08-07T07:46:55.008Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41038
Vulnerability from cvelistv5
Published
2024-03-20 14:22
Modified
2024-08-13 16:44
Severity ?
EPSS score ?
Summary
Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692 | x_refsource_CONFIRM | |
| https://firebirdsql.org/en/snapshot-builds | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | FirebirdSQL | firebird |
Version: >= 4.0.0, < 4.0.4.2981 Version: >= 5.0 beta1, < 5.0.0.1176 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:firebirdsql:firebird:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "firebird",
"vendor": "firebirdsql",
"versions": [
{
"lessThan": "4.0.4.2981",
"status": "affected",
"version": "4.0.0",
"versionType": "custom"
},
{
"lessThan": "5.0.0.1176",
"status": "affected",
"version": "5.0_beta1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-20T19:37:40.792401Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T16:44:27.739Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "firebird",
"vendor": "FirebirdSQL",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.0.4.2981"
},
{
"status": "affected",
"version": "\u003e= 5.0 beta1, \u003c 5.0.0.1176"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long `CHAR` length, which causes the server to crash due to stack corruption. Versions 4.0.4.2981 and 5.0.0.117 contain fixes for this issue. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T14:22:50.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FirebirdSQL/firebird/security/advisories/GHSA-6fv8-8rwr-9692"
},
{
"name": "https://firebirdsql.org/en/snapshot-builds",
"tags": [
"x_refsource_MISC"
],
"url": "https://firebirdsql.org/en/snapshot-builds"
}
],
"source": {
"advisory": "GHSA-6fv8-8rwr-9692",
"discovery": "UNKNOWN"
},
"title": "Server crash when using specific form of SET BIND statement"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41038",
"datePublished": "2024-03-20T14:22:50.484Z",
"dateReserved": "2023-08-22T16:57:23.932Z",
"dateUpdated": "2024-08-13T16:44:27.739Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}