Lucene search
K
MicrosoftSql Server

43 matches found

CVE
CVE
added 2017/08/08 9:0 p.m.50487 views

CVE-2017-8516

The CVE-2017-8516 entry applies to Microsoft SQL Server Analysis Services across SQL Server 2012, 2014, and 2016, describing an information disclosure vulnerability caused by improper enforcement of permissions. The vulnerability is characterized by a CVSS v3.1 base score of 7.5 (HIGH) and CVSS v...

7.5CVSS7.1AI score0.08041EPSS
CVE
CVE
added 2023/04/11 7:13 p.m.2946 views

CVE-2023-23384

CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...

7.3CVSS7.6AI score0.00871EPSS
CVE
CVE
added 2022/06/15 9:51 p.m.1359 views

CVE-2022-29143

CVE-2022-29143 describes a remote code execution vulnerability in Microsoft SQL Server where a specially crafted query against a table with a Column Store index can corrupt memory. Public details in the connected sources indicate exploitation could occur through authenticated access over network,...

7.5CVSS7.9AI score0.01974EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.1142 views

CVE-2023-36785

Technical details about CVE-2023-36785 are not publicly provided in the supplied documents; monitor for updates from official advisories and vendor feeds.

7.8CVSS8.1AI score0.01056EPSS
CVE
CVE
added 2015/07/14 11:0 p.m.855 views

CVE-2015-1762

CVE-2015-1762 affects Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 when transactional replication is configured. Cause: uninitialized memory in an unspecified function call, allowing remote authenticated users to execute arbitrary code via crafted queries, demonstrat...

7.1CVSS8AI score0.10359EPSS
CVE
CVE
added 2023/02/14 7:32 p.m.855 views

CVE-2023-21528

CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...

7.8CVSS8AI score0.00393EPSS
CVE
CVE
added 2023/02/14 7:32 p.m.652 views

CVE-2023-21718

Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.

7.8CVSS8AI score0.0074EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.632 views

CVE-2023-36417

CVE-2023-36417 is a Remote Code Execution vulnerability affecting the Microsoft SQL Server OLE DB Driver. The Nessus entries and Microsoft advisories indicate an RCE in the SQL OLE DB component that can enable authentication bypass and arbitrary command execution. The issue has been addressed in ...

7.8CVSS8AI score0.00982EPSS
CVE
CVE
added 2022/02/09 4:37 p.m.598 views

CVE-2022-23276

CVE-2022-23276 is a local privilege-escalation vulnerability affecting SQL Server 2019 on Linux container images . Connected sources confirm the issue resides in the Linux container deployment, not in SQL Server on bare metal/VM, and is specific to the container image lifecycle. The vulnerability...

7.8CVSS8AI score0.00543EPSS
CVE
CVE
added 2023/02/14 7:32 p.m.535 views

CVE-2023-21704

CVE-2023-21704 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Microsoft’s security update KB5021126 addresses CVE-2023-21704 as part of a CU/patch bundle, updating the ODBC driver component used by SQL Server connectivity. The documented impact ...

7.8CVSS8AI score0.00393EPSS
CVE
CVE
added 2023/10/10 5:7 p.m.533 views

CVE-2023-36730

CVE-2023-36730 affects the Microsoft SQL Server ODBC Driver. The vulnerability is described as a Remote Code Execution issue in the ODBC Driver component; root cause details are not explicitly provided in the documents beyond the vulnerability family. Microsoft’s October 2023 security updates (KB...

7.8CVSS8.1AI score0.01034EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.526 views

CVE-2023-29349

CVE-2023-29349 concerns Microsoft ODBC and OLE DB components (SQL Server ODBC Driver and OLE DB Driver) enabling remote code execution. The vulnerability arises from improper handling in the ODBC/OLE DB stack, with an attack vector described as LOCAL and requiring user interaction, resulting in h...

7.8CVSS7.9AI score0.00603EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.524 views

CVE-2023-32027

CVE-2023-32027 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Public sources describe exploitation that requires the attacker to lure the victim via a rogue SQL server, with the driver client on the affected workstation executing code. The vulne...

7.8CVSS8.1AI score0.00603EPSS
CVE
CVE
added 2023/10/10 5:8 p.m.520 views

CVE-2023-36420

CVE-2023-36420 is an in-scope vulnerability affecting the Microsoft SQL Server ODBC Driver, described in connected sources as a Remote Code Execution vulnerability. Public details confirm the affected component is the ODBC Driver for SQL Server and that the issue is addressed by Microsoft securit...

7.8CVSS8.1AI score0.00982EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.502 views

CVE-2023-32028

CVE-2023-32028 – Microsoft SQL OLE DB Remote Code Execution Vulnerability affects the Microsoft OLE DB Driver for SQL Server (OLE DB Driver 19 for SQL Server, 18 for SQL Server) and related SQL Server OLE DB components. The root cause enables remote code execution, with exploitation described as ...

7.8CVSS8.2AI score0.00722EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.493 views

CVE-2023-32025

CVE-2023-32025 concerns the Microsoft ODBC Driver for SQL Server. Connected sources indicate a remote code execution vulnerability in the ODBC driver, with exploitation described as requiring the attacker to lure the victim to connect to a rogue SQL server. The NCSC advisory confirms the issue wa...

7.8CVSS8.1AI score0.00603EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.474 views

CVE-2023-32026

The CVE-2023-32026 entry concerns the Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Public sources describe the vulnerable component as the ODBC Driver for SQL Server, with exploitation enabling remote code execution. The NCSC advisory clarifies that exploitation requi...

7.8CVSS8.1AI score0.00722EPSS
CVE
CVE
added 2023/06/16 12:44 a.m.467 views

CVE-2023-29356

CVE-2023-29356 concerns a Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affected component: Microsoft ODBC Driver for SQL Server. Underlying issue is exploited when a user connects to a rogue SQL server via ODBC; exploitation requires the attacker to lure the us...

7.8CVSS8.1AI score0.00603EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.171 views

CVE-2002-1123

CVE-2002-1123 is a buffer overflow in the authentication function of Microsoft SQL Server 2000 and MSDE 2000 triggered by a long TCP 1433 request, enabling remote code execution. Public writeups and scanners (MS02-056, Metasploit/MSF module, OpenVAS checks) confirm the existence of the Hello Over...

7.5CVSS8AI score0.77712EPSS
CVE
CVE
added 2007/09/11 7:0 p.m.92 views

CVE-2007-4814

CVE-2007-4814 affects the SQL Server Distributed Management Objects (DMO) ActiveX control sqldmo.dll. A buffer overflow in the Start method is triggered by a long argument, enabling remote code execution. Exploitation details are documented in SAINT references, with note that exploits exist for M...

7.5CVSS8AI score0.4571EPSS
CVE
CVE
added 2008/09/16 10:0 p.m.92 views

CVE-2008-4110

The OpenVAS/OpenVAS-derived data (plus CVE-2008-4110 details) confirms a buffer overflow in the Microsoft SQL Server 2000 ActiveX control: sqlvdir.dll (SQLVDIRLib.SQLVDirControl) that is loaded from Tools\Binn\sqlvdir.dll. The vulnerability is triggered by a long URL passed as the second argument...

7.6CVSS8.2AI score0.18415EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.87 views

CVE-2002-0642

CVE-2002-0642 corresponds to an elevation-of-privilege issue in Microsoft SQL Server 2000 and MSDE 2000 caused by insecure permissions on the registry key that stores the SQL Server service account. The OpenVAS/SECURITYVULNS entries corroborate a privilege-escalation risk tied to the SQL Server s...

7.2CVSS6.5AI score0.49698EPSS
CVE
CVE
added 2002/07/26 4:0 a.m.86 views

CVE-2002-0649

CVE-2002-0649 describes a remote buffer-overflow in the SQL Server Resolution Service of Microsoft SQL Server 2000 and MSDE (port 1434/UDP). The vulnerability is triggered by UDP packets beginning with 0x04 (long registry key name) or 0x08 (long string), which can cause a denial of service or arb...

7.5CVSS8AI score0.8475EPSS
CVE
CVE
added 2002/02/18 5:0 a.m.79 views

CVE-2001-0542

CVE-2001-0542 describes buffer/format-string vulnerabilities in Microsoft SQL Server 7.0 and 2000. The issues affect the built-in formatting functions raiserror, formatmessage, and xp_sprintf, allowing an attacker with SQL Server access to execute arbitrary code or potentially cause a denial of s...

7.5CVSS7.8AI score0.13621EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.74 views

CVE-2002-0186

CVE-2002-0186 describes a buffer overflow in the Microsoft SQLXML ISAPI extension for SQL Server 2000. The flaw arises from inadequate validation of the contenttype parameter in SQLXML HTTP requests, allowing a remote attacker to trigger a crash or execute arbitrary code (the extension runs with ...

7.5CVSS8.2AI score0.55455EPSS
CVE
CVE
added 2000/04/10 4:0 a.m.73 views

CVE-2000-0202

CVE-2000-0202 affects Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0. A malformed SELECT statement in an SQL query allows remote attackers to gain privileges. The connected OpenVAS entry corroborates multiple MSSQL vulnerabilities; however, exploitation details, affected versions b...

7.5CVSS7.4AI score0.09522EPSS
CVE
CVE
added 2002/04/27 4:0 a.m.70 views

CVE-2002-0154

Microsoft SQL Server 7.0 and SQL Server 2000 contain buffer overflow vulnerabilities in multiple extended stored procedures. A remote attacker could exploit these to cause a denial of service or execute arbitrary code (potentially with the SQL Server service account privileges), and could even af...

7.5CVSS8AI score0.24864EPSS
CVE
CVE
added 2002/02/21 5:0 a.m.69 views

CVE-2002-0056

CVE-2002-0056 concerns Microsoft SQL Server 7.0 and 2000, where a buffer overflow is triggered by a long OLE DB provider name used with OpenDataSource or OpenRowset in an ad hoc connection. The resulting issue can allow an attacker to execute arbitrary code with the SQL Server service account’s p...

7.5CVSS8.2AI score0.24864EPSS
CVE
CVE
added 2003/07/25 4:0 a.m.69 views

CVE-2003-0230

CVE-2003-0230 affects Microsoft SQL Server 7, 2000, and MSDE. The vulnerability allows local users to gain privileges by hijacking a named pipe during authentication, due to a flaw in how named pipes are checked by SQL Server when a client authenticates via a named pipe. Impact is privilege eleva...

7.2CVSS7AI score0.02262EPSS
CVE
CVE
added 2002/07/26 4:0 a.m.67 views

CVE-2002-0644

CVE-2002-0644 / CVE-2002-1137 describe a buffer overflow in the Database Consistency Checkers (DBCCs) of Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 . The vulnerability allows db_owner and db_ddladmin role members to execute arbitrary code due to overflow in DBCC input hand...

7.5CVSS7.9AI score0.11419EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.66 views

CVE-2002-0187

The CVE-2002-0187 entry corresponds to a cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000, where an attacker could inject script via the root parameter of an XML SQL query. Connected documents also describe a related overflow issue in the SQLXML ISAPI filter...

7.5CVSS7.4AI score0.13893EPSS
CVE
CVE
added 2005/06/28 4:0 a.m.65 views

CVE-2002-1872

Consolidated details from multiple sources confirm CVE-2002-1872 affects Microsoft SQL Server 6.0 through 2000 when SQL Authentication is enabled. The underlying issue is weak password encryption using XOR, enabling remote attackers to sniff and decrypt passwords. Affected software: Microsoft SQL...

7.5CVSS7.9AI score0.05945EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.64 views

CVE-2002-1138

CVE-2002-1138 affects Microsoft SQL Server 7.0 and 2000, including MSDE 1.0 and MSDE 2000. The flaw is in Output File Handling for Scheduled Jobs: these components write output files for scheduled jobs under the SQL Server service account rather than the launching entity. This privilege mismatch ...

7.5CVSS7.1AI score0.04709EPSS
CVE
CVE
added 2002/07/26 4:0 a.m.62 views

CVE-2002-0645

Technical details for CVE-2002-0645 are not publicly provided in the connected documents; the available sources reference the vulnerability at a high level. Monitor for updates from official advisories.

7.5CVSS7.6AI score0.03844EPSS
CVE
CVE
added 2002/08/23 4:0 a.m.62 views

CVE-2002-0982

Microsoft SQL Server 2000 SP2 (when configured as a distributor) is exposed to an arbitrary code execution vulnerability through the @scriptfile parameter of the sp_MScopyscript stored procedure. The CVE-2002-0982 entry documents this as a high-severity issue (CVSS v2 base score 7.5) with network...

7.5CVSS7.7AI score0.07821EPSS
CVE
CVE
added 2003/07/25 4:0 a.m.62 views

CVE-2003-0232

CVE-2003-0232 affects Microsoft SQL Server 7, 2000, and MSDE. The issue is a buffer overflow in a Local Procedure Call (LPC) port that can be triggered by a specially crafted request, allowing a local attacker to execute arbitrary code with the SQL Server service account’s privileges. The vulnera...

7.2CVSS7.7AI score0.04126EPSS
CVE
CVE
added 2002/07/12 4:0 a.m.61 views

CVE-2002-0624

CVE-2002-0624 describes a buffer overflow in the pwdencrypt() password-encryption function in Microsoft SQL Server 2000 (including MSDE 2000) that can allow remote attackers to execute arbitrary code with the SQL Server service account when authenticating via SQL Server Authentication. Public sou...

7.5CVSS8.5AI score0.22845EPSS
CVE
CVE
added 2003/04/02 5:0 a.m.61 views

CVE-2002-0859

CVE-2002-0859 describes a buffer overflow in the OpenDataSource function of the Jet engine used by Microsoft SQL Server 2000. The vulnerability permits remote attackers to execute arbitrary code, affecting the system via the Jet engine component. The available records indicate the issue arises fr...

7.5CVSS8.4AI score0.26175EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.59 views

CVE-2002-1137

CVE-2002-1137 describes a buffer overflow in the Database Console Command (DBCC) in Microsoft SQL Server 7.0 and 2000, including MSDE 1.0/MSDE 2000. The vulnerability stems from handling of user input, allowing an attacker to execute arbitrary code via a long SourceDB argument in a non-SQL OLEDB ...

7.5CVSS8.1AI score0.09392EPSS
CVE
CVE
added 2002/07/12 4:0 a.m.57 views

CVE-2002-0641

The CVE-2002-0641 issue affects Microsoft SQL Server 2000 and MSDE 2000, where a buffer overflow in the BULK INSERT procedure can be triggered by a file name that is too long. Exploitation requires Bulk Admin or Administrator privileges and can allow execution of arbitrary code with system/high p...

7.5CVSS8AI score0.11237EPSS
CVE
CVE
added 2001/09/18 4:0 a.m.52 views

CVE-2001-0344

CVE-2001-0344 describes a privilege-escalation vulnerability in Microsoft SQL Server 2000 Gold and SQL Server 7.0 when running in Mixed Mode. An attacker with local database access could exploit reusing a cached sa administrator connection to gain privileges. The Initial Description states the vu...

7.2CVSS7AI score0.01917EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.50 views

CVE-1999-1556

CVE-1999-1556 affects Microsoft SQL Server 6.5. The issue arises from weak encryption of the password for the SQLExecutiveCmdExec account and storing it in an accessible portion of the registry, enabling local users to read and decrypt the CmdExecAccount value and potentially gain privileges. The...

7.2CVSS8.3AI score0.01179EPSS
CVE
CVE
added 2000/03/22 5:0 a.m.50 views

CVE-2000-0199

CVE-2000-0199 affects Microsoft SQL Server 7.0 via Enterprise Manager when the “Always prompt for login name and password” option is not set; the login credentials are stored with weak encryption. The connected Nessus entry also describes a potential local privilege escalation by authenticated us...

7.2CVSS7AI score0.01453EPSS