Every CVE whose affected-product data names Firebirdsql Firebird, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (46)
CVE-2007-5246 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and 2.0.1.12855, and WI 2.0.0.12748 and 2.0.1.12855, allow remote…
CVE-2001-0008 — CVSS 10.0 (critical): Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
CVE-2007-3181 — CVSS 10.0 (critical): Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows remote attackers to execute arbitrary code via a large p_cnct_count…
CVE-2008-0467 — CVSS 10.0 (critical): Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before 2.1.0 RC1, might allow remote attackers to execute arbitrary code…
CVE-2007-5245 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and 1.5.4.4910, and WI 1.5.3.4870 and 1.5.4.4910, allow remote attackers to…
CVE-2007-4992 — CVSS 10.0 (critical): Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute…
CVE-2026-40342 — CVSS 9.9 (critical): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin…
CVE-2017-11509 — CVSS 8.8 (high): An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL…
CVE-2017-6369 — CVSS 8.8 (high): Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute…
CVE-2026-28224 — CVSS 8.2 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an…
CVE-2026-27890 — CVSS 8.2 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing…
CVE-2025-65104 — CVSS 7.9 (high): Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values…
CVE-2006-7214 — CVSS 7.8 (high): Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending…
CVE-2008-0387 — CVSS 7.8 (high): Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before 1.5.6, 2.0.x before 2.0.4, and 2.1.x before 2.1.0 RC1 might allow remote…
CVE-2007-2606 — CVSS 7.8 (high): Multiple buffer overflows in Firebird 2.1 allow attackers to trigger memory corruption and possibly have other unspecified impact via…
CVE-2004-0718 — CVSS 7.5 (high): The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain…
CVE-2007-4664 — CVSS 7.5 (high): Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename…
CVE-2026-28212 — CVSS 7.5 (high): Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an…
CVE-2026-35215 — CVSS 7.5 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function…
CVE-2004-0779 — CVSS 7.5 (high): The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites…
CVE-2023-41038 — CVSS 7.5 (high): Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a…
CVE-2026-33337 — CVSS 7.5 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice…
CVE-2026-34232 — CVSS 7.5 (high): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector()…
CVE-2003-0197 — CVSS 7.2 (high): Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local users to gain privileges via a long ISC_LOCK_ENV environment variable…
CVE-2025-24975 — CVSS 7.1 (high): Firebird is a relational database. Prior to snapshot versions 4.0.6.3183, 5.0.2.1610, and 6.0.0.609, Firebird is vulnerable if…
CVE-2006-7212 — CVSS 6.8 (medium): Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might…
CVE-2007-3527 — CVSS 6.8 (medium): Integer overflow in Firebird 2.0.0 allows remote authenticated users to cause a denial of service (CPU consumption) via certain database…
CVE-2013-2492 — CVSS 6.8 (medium): Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before 18514, and 2.5.1 through 2.5.3 before 26623, on Windows allows remote…
CVE-2016-1569 — CVSS 6.5 (medium): FireBird 2.5.5 allows remote authenticated users to cause a denial of service (daemon crash) by using service manager to invoke the gbak…
CVE-2026-28214 — CVSS 6.5 (medium): Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClump…
CVE-2006-7213 — CVSS 5.5 (medium): Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.
CVE-2025-54989 — CVSS 5.3 (medium): Firebird is a relational database. Prior to versions 3.0.13, 4.0.6, and 5.0.3, there is an XDR message parsing NULL pointer dereference…
CVE-2007-4666 — CVSS 5.0 (medium): Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote…
CVE-2007-4665 — CVSS 5.0 (medium): Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an…
CVE-2009-2620 — CVSS 5.0 (medium): src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2…
CVE-2014-9323 — CVSS 5.0 (medium): The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service…
CVE-2007-4668 — CVSS 5.0 (medium): Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and…
CVE-2007-4667 — CVSS 5.0 (medium): Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
CVE-2004-2043 — CVSS 5.0 (medium): Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase…
CVE-2006-7211 — CVSS 4.9 (medium): fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service…
CVE-2003-0281 — CVSS 4.6 (medium): Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local…
CVE-2006-1241 — CVSS 4.6 (medium): Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) fb_inet_server with setuid firebird permissions, which might allow…
CVE-2006-1240 — CVSS 4.6 (medium): Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via…
CVE-2007-4669 — CVSS 4.0 (medium): The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log…
CVE-2012-5529 — CVSS 3.5 (low): TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, allows remote authenticated users to cause a denial of service (NULL…
CVE-2004-1449 — CVSS 2.6 (low): Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's…