Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-1081 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | 4.6 MEDIUM | N/A |
| The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | |||||
| CVE-2000-0654 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 4.6 MEDIUM | N/A |
| Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | |||||
| CVE-2000-0603 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 4.6 MEDIUM | N/A |
| Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. | |||||
| CVE-2000-0485 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 2.1 LOW | N/A |
| Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | |||||
| CVE-2000-0402 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 2.1 LOW | N/A |
| The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | |||||
| CVE-2000-0202 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-11-20 | 7.5 HIGH | N/A |
| Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | |||||
| CVE-2000-0199 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.2 HIGH | N/A |
| When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | |||||
| CVE-1999-1556 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 7.2 HIGH | N/A |
| Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | |||||
| CVE-1999-0999 | 1 Microsoft | 1 Sql Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | |||||
| CVE-2021-1636 | 1 Microsoft | 1 Sql Server | 2024-10-08 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SQL Elevation of Privilege Vulnerability | |||||
| CVE-2020-0618 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | |||||
| CVE-2012-1856 | 1 Microsoft | 7 Commerce Server, Host Integration Server, Office and 4 more | 2024-07-16 | 9.3 HIGH | 8.8 HIGH |
| The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability." | |||||
| CVE-2023-21718 | 1 Microsoft | 1 Sql Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21713 | 1 Microsoft | 1 Sql Server | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21705 | 1 Microsoft | 1 Sql Server | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21704 | 1 Microsoft | 1 Sql Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-21528 | 1 Microsoft | 1 Sql Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2024-05-29 | N/A | 8.8 HIGH |
| Microsoft SQL OLE DB Remote Code Execution Vulnerability | |||||
| CVE-2023-36785 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||
| CVE-2023-36730 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2024-05-29 | N/A | 7.8 HIGH |
| Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | |||||