Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sql server vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2016-7250
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
Microsoft Sql Server 2014
Microsoft Sql Server 2016
8.8
CVSSv3
CVE-2016-7253
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability.&quo...
Microsoft Sql Server 2012
Microsoft Sql Server 2014
NA
CVE-2008-0085
SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memo...
Microsoft Data Engine 1.0
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Desktop Engine 2000
Microsoft Wmsde 2000
Microsoft Wyukon
NA
CVE-2008-0107
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users ...
Microsoft Sql Server 7.0
Microsoft Sql Server 2000
Microsoft Sql Server 2005
Microsoft Sql Server Desktop Engine 2000
Microsoft Data Engine 1.0
Microsoft Wmsde 2000
Microsoft Wyukon
Microsoft Windows Server 2008
NA
CVE-2002-0224
The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote malicious users to cause a denial of service (crash or hang) via malformed (random) input.
Microsoft Sql Server 2000
Microsoft Sql Server 6.5
Microsoft Sql Server 7.0
Microsoft Internet Information Services 5.0
Microsoft Windows 2000
7.3
CVSSv3
CVE-2023-21568
Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability
Microsoft Sql Server 2022 Integration Services -
Microsoft Sql Server 2019 Integration Services -
6.5
CVSSv3
CVE-2019-1313
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376.
Microsoft Sql Server Management Studio 18.3
Microsoft Sql Server Management Studio 18.3.1
1 Article
NA
CVE-2003-0230
Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
Microsoft Data Engine 1.0
NA
CVE-2003-0231
Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
Microsoft Sql Server 2000
Microsoft Data Engine 1.0
Microsoft Sql Server 7.0
1 EDB exploit
NA
CVE-2003-0232
Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
Microsoft Data Engine 1.0
Microsoft Sql Server 2000
Microsoft Sql Server 7.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »