VYPR

SQL Server

by Microsoft

CVEs (109)

  • CVE-2024-43474Sep 10, 2024
    risk 0.01cvss epss 0.01

    Microsoft SQL Server Information Disclosure Vulnerability

  • CVE-2021-1636Jan 12, 2021
    risk 0.01cvss epss 0.06

    Microsoft SQL Elevation of Privilege Vulnerability

  • CVE-2015-1763Jul 14, 2015
    risk 0.01cvss epss 0.12

    Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code via a crafted query, aka "SQL…

  • CVE-2015-1762Jul 14, 2015
    risk 0.01cvss epss 0.10

    Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users to execute arbitrary code by…

  • CVE-2015-1761Jul 14, 2015
    risk 0.01cvss epss 0.18

    Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "SQL Server Elevation of…

  • CVE-2014-1820Aug 12, 2014
    risk 0.01cvss epss 0.15

    Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability."

  • CVE-2012-2552Oct 9, 2012
    risk 0.01cvss epss 0.16

    Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified…

  • CVE-2011-1280Jun 16, 2011
    risk 0.01cvss epss 0.15

    The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote…

  • CVE-2008-4110Sep 16, 2008
    risk 0.01cvss epss 0.18

    Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second…

  • CVE-2008-0085Jul 8, 2008
    risk 0.01cvss epss 0.11

    SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating…

  • CVE-2002-1145Oct 28, 2002
    risk 0.01cvss epss 0.08

    The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is…

  • CVE-2002-1137Oct 11, 2002
    risk 0.01cvss epss 0.09

    Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a…

  • CVE-2002-0729Aug 12, 2002
    risk 0.01cvss epss 0.11

    Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.

  • CVE-2002-0650Aug 12, 2002
    risk 0.01cvss epss 0.18

    The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two…

  • CVE-2002-0641Jul 23, 2002
    risk 0.01cvss epss 0.11

    Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.

  • CVE-2001-0879Dec 20, 2001
    risk 0.01cvss epss 0.08

    Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

  • CVE-2001-0542Dec 20, 2001
    risk 0.01cvss epss 0.14

    Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is…

  • CVE-2001-0509Sep 20, 2001
    risk 0.01cvss epss 0.17

    Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.

  • CVE-2000-0202Mar 8, 2000
    risk 0.01cvss epss 0.10

    Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.

  • CVE-2025-47954Aug 12, 2025
    risk 0.00cvss epss 0.01

    Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.

Page 4 of 6