Sql Server@2008 Security Vulnerabilities and Issues — Sql Server@2008 CVE List

MicrosoftSql Server2008

10 matches found

CVE•added 2015/07/14 11:0 p.m.•3059 views

CVE-2015-1763

Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...

8.5CVSS8AI score0.11925EPSS

CVE•added 2023/04/11 7:13 p.m.•2911 views

CVE-2023-23384

CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...

7.3CVSS7.6AI score0.00871EPSS

CVE•added 2012/08/15 1:0 a.m.•1253 views

CVE-2012-1856

CVE-2012-1856 covers a remote code execution vulnerability in the TabStrip ActiveX control (MSCOMCTL.OCX) used by multiple Microsoft Office components and related products. The issue arises from a system-state corruption triggered by crafted (1) documents or (2) web pages, allowing remote attacke...

9.3CVSS7.9AI score0.72119EPSS

In wild

CVE•added 2015/07/14 11:0 p.m.•845 views

CVE-2015-1762

CVE-2015-1762 affects Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 when transactional replication is configured. Cause: uninitialized memory in an unspecified function call, allowing remote authenticated users to execute arbitrary code via crafted queries, demonstrat...

7.1CVSS8AI score0.10359EPSS

CVE•added 2023/02/14 7:32 p.m.•815 views

CVE-2023-21528

CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...

7.8CVSS8AI score0.00393EPSS

CVE•added 2023/02/14 7:32 p.m.•635 views

CVE-2023-21718

Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.

7.8CVSS8AI score0.0074EPSS

CVE•added 2015/07/14 11:0 p.m.•418 views

CVE-2015-1761

CVE-2015-1761 relates to Microsoft SQL Server across multiple versions (2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, 2014) where an incorrect class during casts of unspecified pointers allows remote authenticated users to gain privileges via certain write access. The root cause is described as a ...

6.5CVSS7.1AI score0.185EPSS

CVE•added 2012/10/09 9:0 p.m.•305 views

CVE-2012-2552

Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...

4.3CVSS5.6AI score0.16295EPSS

CVE•added 2014/08/12 9:0 p.m.•225 views

CVE-2014-4061

CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...

6.8CVSS6.6AI score0.26499EPSS

CVE•added 2011/06/16 8:21 p.m.•173 views

CVE-2011-1280

CVE-2011-1280 is the XML External Entities Resolution vulnerability affecting Microsoft XML Editor components used with InfoPath 2007 SP2/2010, SQL Server 2005 SP3/4, 2008 SP1/2/R2, SSMSE 2005, and Visual Studio 2005 SP1/2008 SP1/2010. Technical detail from connected documents shows that the issu...

4.3CVSS7AI score0.15254EPSS