Sql Server@2012 Security Vulnerabilities and Issues — Sql Server@2012 CVE List

MicrosoftSql Server2012

16 matches found

CVE•added 2017/08/08 9:0 p.m.•50468 views

CVE-2017-8516

The CVE-2017-8516 entry applies to Microsoft SQL Server Analysis Services across SQL Server 2012, 2014, and 2016, describing an information disclosure vulnerability caused by improper enforcement of permissions. The vulnerability is characterized by a CVSS v3.1 base score of 7.5 (HIGH) and CVSS v...

7.5CVSS7.1AI score0.016EPSS

CVE•added 2021/01/12 7:41 p.m.•4782 views

CVE-2021-1636

Technical details about CVE-2021-1636 are not publicly provided in the supplied documents. Please monitor for updates from official sources for affected products, vulnerable components, impact, and remediation.

8.8CVSS8.8AI score0.07273EPSS

In wild

CVE•added 2015/07/14 11:0 p.m.•3056 views

CVE-2015-1763

Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...

8.5CVSS8AI score0.10746EPSS

CVE•added 2023/04/11 7:13 p.m.•2899 views

CVE-2023-23384

CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...

7.3CVSS7.6AI score0.01532EPSS

CVE•added 2023/02/14 7:33 p.m.•1866 views

CVE-2023-21713

CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...

8.8CVSS9.3AI score0.02059EPSS

CVE•added 2020/02/11 9:22 p.m.•1652 views

CVE-2020-0618

CVE-2020-0618 affects Microsoft SQL Server Reporting Services (SSRS) and is a remote code execution vulnerability caused by improper handling of page requests, with deserialization of viewstate cited in some sources. The vulnerability can allow code execution on the Report Server service account,...

9.8CVSS8.5AI score0.9424EPSS

In wild

CVE•added 2023/02/14 7:32 p.m.•1031 views

CVE-2023-21705

CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...

8.8CVSS9.3AI score0.00735EPSS

CVE•added 2015/07/14 11:0 p.m.•841 views

CVE-2015-1762

CVE-2015-1762 affects Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 when transactional replication is configured. Cause: uninitialized memory in an unspecified function call, allowing remote authenticated users to execute arbitrary code via crafted queries, demonstrat...

7.1CVSS8AI score0.02233EPSS

CVE•added 2023/02/14 7:32 p.m.•808 views

CVE-2023-21528

CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...

7.8CVSS8AI score0.00166EPSS

CVE•added 2023/02/14 7:32 p.m.•628 views

CVE-2023-21718

Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.

7.8CVSS8AI score0.00594EPSS

CVE•added 2016/11/10 6:16 a.m.•451 views

CVE-2016-7253

CVE-2016-7253 affects Microsoft SQL Server Agent privilege escalation in SQL Server 2012 SP2/3, 2014 SP1/2, and 2016. Root cause: the SQL Server Agent does not properly check ACLs on atxcore.dll, enabling remote authenticated users to gain privileges via unspecified vectors. Impact: elevation of ...

8.8CVSS8.6AI score0.18223EPSS

CVE•added 2014/08/12 9:0 p.m.•420 views

CVE-2014-1820

CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...

4.3CVSS5.4AI score0.21379EPSS

CVE•added 2015/07/14 11:0 p.m.•414 views

CVE-2015-1761

CVE-2015-1761 relates to Microsoft SQL Server across multiple versions (2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, 2014) where an incorrect class during casts of unspecified pointers allows remote authenticated users to gain privileges via certain write access. The root cause is described as a ...

6.5CVSS7.1AI score0.06637EPSS

CVE•added 2012/10/09 9:0 p.m.•302 views

CVE-2012-2552

Microsoft SQL Server 2000/2005/2008/2008 R2/2012 Reporting Services suffers a cross-site scripting (XSS) vulnerability in the SQL Server Report Manager, allowing an attacker to inject web script or HTML via an unspecified parameter (reflected XSS). The issue is identified as CVE-2012-2552. Public...

4.3CVSS5.6AI score0.44363EPSS

CVE•added 2014/08/12 9:0 p.m.•221 views

CVE-2014-4061

CVE-2014-4061 affects Microsoft SQL Server 2008 SP3, SQL Server 2008 R2 SP2, and SQL Server 2012 SP1. The root cause is improper control of stack memory when processing T-SQL batch commands, enabling remote authenticated users to cause a denial of service (daemon hang). Connected sources align on...

6.8CVSS6.6AI score0.3841EPSS

CVE•added 2016/11/10 6:16 a.m.•215 views

CVE-2016-7254

CVE-2016-7254 affects Microsoft SQL Server 2012 SP2/SP3: the engine fails to properly cast an unspecified pointer, enabling remote authenticated privilege elevation via unknown vectors. The linked data also notes MS16-136 (KB3194725) as the security update mitigating multiple SQL Server vulnerabi...

8.8CVSS8.6AI score0.16567EPSS