18 matches found
CVE-2017-8516
The CVE-2017-8516 entry applies to Microsoft SQL Server Analysis Services across SQL Server 2012, 2014, and 2016, describing an information disclosure vulnerability caused by improper enforcement of permissions. The vulnerability is characterized by a CVSS v3.1 base score of 7.5 (HIGH) and CVSS v...
CVE-2021-1636
Technical details about CVE-2021-1636 are not publicly provided in the supplied documents. Please monitor for updates from official sources for affected products, vulnerable components, impact, and remediation.
CVE-2015-1763
Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...
CVE-2023-23384
CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...
CVE-2019-1068
CVE-2019-1068 is a remote code execution vulnerability in Microsoft SQL Server triggered by incorrect handling of internal functions. The CVE is publicly documented with CVSS2/3 scores (6.5/8.8) and is linked to Microsoft security updates KB4505222/KB4505224 (and related KBs) addressing SQL Serve...
CVE-2023-21713
CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...
CVE-2020-0618
CVE-2020-0618 affects Microsoft SQL Server Reporting Services (SSRS) and is a remote code execution vulnerability caused by improper handling of page requests, with deserialization of viewstate cited in some sources. The vulnerability can allow code execution on the Report Server service account,...
CVE-2022-29143
CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...
CVE-2023-21705
CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...
CVE-2015-1762
CVE-2015-1762 affects Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 when transactional replication is configured. Cause: uninitialized memory in an unspecified function call, allowing remote authenticated users to execute arbitrary code via crafted queries, demonstrat...
CVE-2023-21528
CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...
CVE-2023-36728
CVE-2023-36728 is a Denial-of-Service vulnerability impacting Microsoft SQL Server components. Public references in the supplied documents describe DoS impact from a malformed TDS packet/login handling that can lead to unavailability or undefined behavior, as cited in the October 2023 security up...
CVE-2023-21718
Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.
CVE-2016-7250
CVE-2016-7250 affects Microsoft SQL Server 2014 SP1/ SP2 and 2016. The vulnerability arises from an improper cast of an unspecified pointer in the SQL RDBMS Engine, enabling remote authenticated users to escalate privileges via unknown vectors. The issue is part of MS16-136 family of fixes; the r...
CVE-2023-21704
CVE-2023-21704 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Microsoft’s security update KB5021126 addresses CVE-2023-21704 as part of a CU/patch bundle, updating the ODBC driver component used by SQL Server connectivity. The documented impact ...
CVE-2016-7253
CVE-2016-7253 affects Microsoft SQL Server Agent privilege escalation in SQL Server 2012 SP2/3, 2014 SP1/2, and 2016. Root cause: the SQL Server Agent does not properly check ACLs on atxcore.dll, enabling remote authenticated users to gain privileges via unspecified vectors. Impact: elevation of ...
CVE-2014-1820
CVE-2014-1820 describes a cross-site scripting (XSS) vulnerability in Microsoft SQL Server's Master Data Services (MDS). Affected products/versions are SQL Server 2012 SP1 and SQL Server 2014 running on 64-bit platforms, where a crafted URL can cause the MDS web interface to execute arbitrary scr...
CVE-2015-1761
CVE-2015-1761 relates to Microsoft SQL Server across multiple versions (2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, 2014) where an incorrect class during casts of unspecified pointers allows remote authenticated users to gain privileges via certain write access. The root cause is described as a ...