11 matches found
CVE-2021-1636
Technical details about CVE-2021-1636 are not publicly provided in the supplied documents. Please monitor for updates from official sources for affected products, vulnerable components, impact, and remediation.
CVE-2015-1763
Microsoft SQL Server 2008 SP3/SP4, 2008 R2 SP2/SP3, 2012 SP1/SP2, and 2014 are affected by CVE-2015-1763, caused by use of uninitialized memory during certain virtual function calls, enabling remote authenticated code execution via a crafted query. This aligns with MS15-058 vulnerabilities. Explo...
CVE-2019-1068
CVE-2019-1068 is a remote code execution vulnerability in Microsoft SQL Server triggered by incorrect handling of internal functions. The CVE is publicly documented with CVSS2/3 scores (6.5/8.8) and is linked to Microsoft security updates KB4505222/KB4505224 (and related KBs) addressing SQL Serve...
CVE-2023-38169
CVE-2023-38169 is a Microsoft SQL OLE DB Remote Code Execution vulnerability. Public sources confirm the issue affects Microsoft SQL OLE DB/ODBC components (e.g., OLE DB Driver for SQL Server and SQL Server client libraries) and can be exploited remotely via a network to run code with high impact...
CVE-2023-21713
CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...
CVE-2023-21705
CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...
CVE-2024-0056
CVE-2024-0056 affects Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider security feature bypass. CVSS v3.1 base score 8.7 (NETWORK, HIGH impact on confidentiality and integrity, no availability impact) per Microsoft, with CVSS v4 score 8.8 indicating high impact. Descriptions i...
CVE-2016-7250
CVE-2016-7250 affects Microsoft SQL Server 2014 SP1/ SP2 and 2016. The vulnerability arises from an improper cast of an unspecified pointer in the SQL RDBMS Engine, enabling remote authenticated users to escalate privileges via unknown vectors. The issue is part of MS16-136 family of fixes; the r...
CVE-2016-7253
CVE-2016-7253 affects Microsoft SQL Server Agent privilege escalation in SQL Server 2012 SP2/3, 2014 SP1/2, and 2016. Root cause: the SQL Server Agent does not properly check ACLs on atxcore.dll, enabling remote authenticated users to gain privileges via unspecified vectors. Impact: elevation of ...
CVE-2016-7249
CVE-2016-7249 arises from a flaw in Microsoft SQL Server 2016 where the engine may miscast an unspecified pointer, enabling remote authenticated users to gain privileges via unknown vectors. The connected Nessus/OpenVAS/NASL data confirms this as a privileged-elevation issue in the SQL Server Eng...
CVE-2016-7254
CVE-2016-7254 affects Microsoft SQL Server 2012 SP2/SP3: the engine fails to properly cast an unspecified pointer, enabling remote authenticated privilege elevation via unknown vectors. The linked data also notes MS16-136 (KB3194725) as the security update mitigating multiple SQL Server vulnerabi...