Filtered by vendor Microsoft
Subscriptions
Filtered by product Sql Server
Subscriptions
Total
200 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-37318 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21428 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21415 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21414 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21398 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21373 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21335 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21333 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-21332 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-38087 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2024-38088 | 1 Microsoft | 5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more | 2024-09-19 | 8.8 High |
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability | ||||
CVE-2020-0618 | 1 Microsoft | 1 Sql Server | 2024-09-19 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | ||||
CVE-2012-4015 | 2 Microsoft, Mylittletools | 2 Sql Server, Mylittleadmin | 2024-09-17 | N/A |
Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry. | ||||
CVE-2017-8516 | 1 Microsoft | 1 Sql Server | 2024-09-16 | 7.5 High |
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability". | ||||
CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2024-09-16 | N/A |
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | ||||
CVE-2022-29143 | 1 Microsoft | 1 Sql Server | 2024-09-10 | 7.5 High |
Microsoft SQL Server Remote Code Execution Vulnerability | ||||
CVE-2024-28914 | 1 Microsoft | 3 Ole Db Driver 18 For Sql Server, Ole Db Driver 19 For Sql Server, Sql Server | 2024-08-12 | 8.8 High |
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2024-28941 | 1 Microsoft | 3 Odbc Driver 17 For Sql Server, Odbc Driver 18 For Sql Server, Sql Server | 2024-08-12 | 8.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2000-1081 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-08-08 | N/A |
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
CVE-2000-1088 | 1 Microsoft | 2 Data Engine, Sql Server | 2024-08-08 | N/A |
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. |