Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Microsoft Subscribe
Filtered by product Sql Server
Total 97 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-21718 1 Microsoft 1 Sql Server 2023-02-23 N/A 7.8 HIGH
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21705 1 Microsoft 1 Sql Server 2023-02-23 N/A 8.8 HIGH
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21528 1 Microsoft 1 Sql Server 2023-02-23 N/A 7.8 HIGH
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21713 1 Microsoft 1 Sql Server 2023-02-23 N/A 8.8 HIGH
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21704 1 Microsoft 1 Sql Server 2023-02-23 N/A 7.8 HIGH
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2017-8516 1 Microsoft 1 Sql Server 2022-10-26 5.0 MEDIUM 7.5 HIGH
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
CVE-2022-29143 1 Microsoft 1 Sql Server 2022-06-24 6.0 MEDIUM 7.5 HIGH
Microsoft SQL Server Remote Code Execution Vulnerability.
CVE-2022-23276 2 Linux, Microsoft 2 Linux Kernel, Sql Server 2022-02-14 4.6 MEDIUM 7.8 HIGH
SQL Server for Linux Containers Elevation of Privilege Vulnerability.
CVE-2020-0618 1 Microsoft 1 Sql Server 2022-01-01 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
CVE-2018-8273 1 Microsoft 1 Sql Server 2021-09-13 10.0 HIGH 9.8 CRITICAL
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
CVE-2002-0057 1 Microsoft 4 Internet Explorer, Sql Server, Windows Xp and 1 more 2021-07-23 5.0 MEDIUM N/A
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2008-3013 1 Microsoft 13 Digital Image Suite, Forefront Client Security, Internet Explorer and 10 more 2021-07-23 9.3 HIGH N/A
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
CVE-2021-1636 1 Microsoft 1 Sql Server 2021-01-14 6.5 MEDIUM 8.8 HIGH
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2019-0819 1 Microsoft 1 Sql Server 2020-08-24 4.0 MEDIUM 6.5 MEDIUM
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.
CVE-2019-1068 1 Microsoft 1 Sql Server 2020-08-24 6.5 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
CVE-2001-0509 1 Microsoft 4 Exchange Server, Sql Server, Windows 2000 and 1 more 2020-04-02 5.0 MEDIUM N/A
Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
CVE-2001-0879 1 Microsoft 4 Sql Server, Windows 2000, Windows Nt and 1 more 2019-04-30 5.0 MEDIUM N/A
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
CVE-2002-0224 1 Microsoft 3 Internet Information Services, Sql Server, Windows 2000 2019-04-30 5.0 MEDIUM N/A
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
CVE-2008-0085 1 Microsoft 7 Data Engine, Sql Server, Sql Server Desktop Engine and 4 more 2019-02-27 5.0 MEDIUM N/A
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse.
CVE-2008-0107 1 Microsoft 8 Data Engine, Sql Server, Sql Server Desktop Engine and 5 more 2019-02-26 9.0 HIGH N/A
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."