Sql Server@2008 Security Vulnerabilities and Issues — Sql Server@2008 CVE List

Lucene search

MicrosoftSql Server2008

10 matches found

CVE•added 2015/07/14 11:59 p.m.•3023 views

CVE-2015-1763

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL Server Remote Code Ex...

8.5CVSS8AI score0.10746EPSS

CVE•added 2023/04/11 9:15 p.m.•2802 views

CVE-2023-23384

Microsoft SQL Server Remote Code Execution Vulnerability

7.3CVSS7.6AI score0.00795EPSS

CVE•added 2012/08/15 1:55 a.m.•1184 views

CVE-2012-1856

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce ...

9.3CVSS7.9AI score0.91953EPSS

CVE•added 2015/07/14 11:59 p.m.•819 views

CVE-2015-1762

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by leveraging certain p...

7.1CVSS8AI score0.02025EPSS

CVE•added 2023/02/14 8:15 p.m.•698 views

CVE-2023-21528

Microsoft SQL Server Remote Code Execution Vulnerability

7.8CVSS8AI score0.00135EPSS

CVE•added 2023/02/14 8:15 p.m.•555 views

CVE-2023-21718

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

7.8CVSS8AI score0.00408EPSS

CVE•added 2015/07/14 11:59 p.m.•387 views

CVE-2015-1761

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of Privilege Vulnerability."

6.5CVSS7.1AI score0.08421EPSS

CVE•added 2012/10/09 9:55 p.m.•280 views

CVE-2012-2552

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected ...

4.3CVSS5.6AI score0.57732EPSS

CVE•added 2014/08/12 9:55 p.m.•202 views

CVE-2014-4061

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vu...

6.8CVSS6.6AI score0.33911EPSS

CVE•added 2011/06/16 8:55 p.m.•150 views

CVE-2011-1280

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrar...

4.3CVSS7AI score0.33585EPSS