CVE-2017-8516

The CVE-2017-8516 entry applies to Microsoft SQL Server Analysis Services across SQL Server 2012, 2014, and 2016, describing an information disclosure vulnerability caused by improper enforcement of permissions. The vulnerability is characterized by a CVSS v3.1 base score of 7.5 (HIGH) and CVSS v...

CVE-2021-1636

Technical details about CVE-2021-1636 are not publicly provided in the supplied documents. Please monitor for updates from official sources for affected products, vulnerable components, impact, and remediation.

CVE-2023-23384

CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...

CVE-2019-1068

CVE-2019-1068 is a remote code execution vulnerability in Microsoft SQL Server triggered by incorrect handling of internal functions. The CVE is publicly documented with CVSS2/3 scores (6.5/8.8) and is linked to Microsoft security updates KB4505222/KB4505224 (and related KBs) addressing SQL Serve...

CVE-2023-21713

CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...

CVE-2020-0618

CVE-2020-0618 affects Microsoft SQL Server Reporting Services (SSRS) and is a remote code execution vulnerability caused by improper handling of page requests, with deserialization of viewstate cited in some sources. The vulnerability can allow code execution on the Report Server service account,...

CVE-2022-29143

CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...

CVE-2023-21705

CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...

CVE-2018-8273

CVE-2018-8273 is a buffer overflow vulnerability in Microsoft SQL Server that could allow remote code execution. Public details identify affected products as Microsoft SQL Server (notably SQL Server 2016/2017 families) with exploitation described as requiring the ability to execute SQL queries ag...

CVE-2023-21528

CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...

CVE-2023-36728

CVE-2023-36728 is a Denial-of-Service vulnerability impacting Microsoft SQL Server components. Public references in the supplied documents describe DoS impact from a malformed TDS packet/login handling that can lead to unavailability or undefined behavior, as cited in the October 2023 security up...

CVE-2023-21718

Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.

CVE-2016-7250

CVE-2016-7250 affects Microsoft SQL Server 2014 SP1/ SP2 and 2016. The vulnerability arises from an improper cast of an unspecified pointer in the SQL RDBMS Engine, enabling remote authenticated users to escalate privileges via unknown vectors. The issue is part of MS16-136 family of fixes; the r...

CVE-2023-21704

CVE-2023-21704 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Microsoft’s security update KB5021126 addresses CVE-2023-21704 as part of a CU/patch bundle, updating the ODBC driver component used by SQL Server connectivity. The documented impact ...

CVE-2016-7252

CVE-2016-7252 is tied to Microsoft SQL Server 2016 Analysis Services Information Disclosure via improper FILESTREAM path handling. The vulnerability allows an authenticated, remote attacker to disclose sensitive data by abusing the FILESTREAM path validation vulnerability (root cause: improper va...

CVE-2016-7249

CVE-2016-7249 arises from a flaw in Microsoft SQL Server 2016 where the engine may miscast an unspecified pointer, enabling remote authenticated users to gain privileges via unknown vectors. The connected Nessus/OpenVAS/NASL data confirms this as a privileged-elevation issue in the SQL Server Eng...

CVE-2016-7251

CVE-2016-7251 is a cross-site scripting (XSS) vulnerability in the Microsoft SQL Server 2016 Master Data Services (MDS) API. The issue arises from improper validation of a request parameter on the SQL Server MDS site, which could allow an attacker to inject client-side script or HTML. The vulnera...