Sql Server Security Vulnerabilities and Issues — Sql Server CVE List

Lucene search

MicrosoftSql Server

11 matches found

cve•added 2023/10/10 6:15 p.m.•675 views

CVE-2023-36728

Microsoft SQL Server Denial of Service Vulnerability

5.5CVSS5.9AI score0.0008EPSS

cve•added 2008/07/08 11:41 p.m.•67 views

CVE-2008-0085

SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows da...

5CVSS6.7AI score0.27536EPSS

cve•added 2003/04/02 5:0 a.m.•64 views

CVE-2002-0650

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange pa...

5CVSS7.1AI score0.25225EPSS

cve•added 2002/06/25 4:0 a.m.•62 views

CVE-2002-0057

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

5CVSS6.4AI score0.41761EPSS

cve•added 2002/05/16 4:0 a.m.•57 views

CVE-2002-0224

The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.

5CVSS7.1AI score0.58255EPSS

cve•added 2002/03/09 5:0 a.m.•52 views

CVE-2001-0879

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

5CVSS7AI score0.10185EPSS

cve•added 2001/09/20 4:0 a.m.•50 views

CVE-2001-0509

Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

5CVSS7.2AI score0.13062EPSS

cve•added 2003/08/27 4:0 a.m.•44 views

CVE-2003-0231

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.

5CVSS6.6AI score0.23534EPSS

cve•added 2005/02/20 5:0 a.m.•43 views

CVE-2004-1560

Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.

5CVSS7.4AI score0.14122EPSS

cve•added 2004/09/01 4:0 a.m.•42 views

CVE-2002-0729

Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.

5CVSS7.1AI score0.15629EPSS

cve•added 2005/06/28 4:0 a.m.•42 views

CVE-2002-1981

Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.

5CVSS7.5AI score0.27793EPSS