Skip to main content

Sql Server

38 CVEs product

Monthly

CVE-2024-0056 NuGet HIGH PATCH This Month

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Microsoft Data Sqlclient Sql Server System Data Sqlclient +3
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2023-36785 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Odbc Driver For Sql Server Sql Server
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-36730 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-36728 MEDIUM PATCH This Month

Microsoft SQL Server Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Odbc Driver For Sql Server +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-36420 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Odbc Driver For Sql Server Sql Server
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-36417 HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Ole Db Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-38169 HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Odbc Driver For Sql Server +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-32028 HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Ole Db Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32027 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-32026 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32025 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29356 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Odbc Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29349 HIGH PATCH This Week

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Odbc Driver For Sql Server Ole Db Driver For Sql Server +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-23384 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Sql Server
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-21718 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft Sql Server
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21713 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sql Server
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-21705 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql Server
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-21704 HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Sql Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21528 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Sql Server
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-29143 HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Microsoft Sql Server
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2021-1636 HIGH This Week

Microsoft SQL Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Sql Server
NVD
CVSS 3.1
8.8
EPSS
6.2%
CVE-2020-0618 HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Deserialization Sql Server
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
99.0%
CVE-2019-1068 HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sql Server
NVD
CVSS 3.0
8.8
EPSS
44.7%
CVE-2019-0819 MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server
NVD
CVSS 3.0
6.5
EPSS
5.4%
CVE-2018-8273 CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Sql Server
NVD
CVSS 3.1
9.8
EPSS
29.2%
CVE-2017-8516 HIGH PATCH This Week

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Sql Server
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2016-7254 HIGH Act Now

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2016-7253 HIGH Act Now

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
CVSS 3.0
8.8
EPSS
18.2%
CVE-2016-7252 MEDIUM This Month

Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Information Disclosure Microsoft Sql Server
NVD
CVSS 3.0
6.5
EPSS
19.7%
CVE-2016-7251 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sql Server
NVD
CVSS 3.0
6.1
EPSS
7.6%
CVE-2016-7250 HIGH Act Now

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2016-7249 HIGH Act Now

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
CVSS 3.0
8.8
EPSS
16.6%
CVE-2015-1763 HIGH Act Now

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Microsoft RCE Authentication Bypass Sql Server
NVD
CVSS 2.0
8.5
EPSS
10.7%
CVE-2015-1762 HIGH This Week

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Sql Server
NVD
CVSS 2.0
7.1
EPSS
2.2%
CVE-2015-1761 MEDIUM This Month

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sql Server
NVD
CVSS 2.0
6.5
EPSS
6.6%
CVE-2014-4061 MEDIUM This Month

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.4% and no vendor patch available.

Denial Of Service Microsoft Sql Server
NVD
CVSS 2.0
6.8
EPSS
38.4%
CVE-2014-1820 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 21.4% and no vendor patch available.

XSS Microsoft Sql Server
NVD
CVSS 2.0
4.3
EPSS
21.4%
CVE-2012-2552 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Microsoft XSS Sql Server Sql Server Reporting Services
NVD
CVSS 2.0
4.3
EPSS
44.4%
EPSS 1% CVSS 8.7
HIGH PATCH This Month

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Microsoft Data Sqlclient +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

Microsoft SQL Server Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Microsoft Odbc Driver For Sql Server +1
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft SQL OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +3
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft +3
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Microsoft +1
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft Sql Server
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Buffer Overflow Microsoft +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Microsoft SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable.

RCE Microsoft Sql Server
NVD
EPSS 6% CVSS 8.8
HIGH This Week

Microsoft SQL Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Microsoft Sql Server
NVD
EPSS 99% CVSS 8.8
HIGH POC KEV PATCH THREAT Act Now

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Microsoft RCE Deserialization +1
NVD Exploit-DB
EPSS 45% CVSS 8.8
HIGH PATCH This Week

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft RCE Sql Server
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Sql Server
NVD
EPSS 29% CVSS 9.8
CRITICAL PATCH Act Now

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Sql Server
NVD
EPSS 17% CVSS 8.8
HIGH Act Now

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
EPSS 18% CVSS 8.8
HIGH Act Now

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.2% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
EPSS 20% CVSS 6.5
MEDIUM This Month

Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.7% and no vendor patch available.

Information Disclosure Microsoft Sql Server
NVD
EPSS 8% CVSS 6.1
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Sql Server
NVD
EPSS 17% CVSS 8.8
HIGH Act Now

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
EPSS 17% CVSS 8.8
HIGH Act Now

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.6% and no vendor patch available.

Privilege Escalation Microsoft Sql Server
NVD
EPSS 11% CVSS 8.5
HIGH Act Now

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. Epss exploitation probability 10.7% and no vendor patch available.

Microsoft RCE Authentication Bypass +1
NVD
EPSS 2% CVSS 7.1
HIGH This Week

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

RCE Microsoft Sql Server
NVD
EPSS 7% CVSS 6.5
MEDIUM This Month

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sql Server
NVD
EPSS 38% CVSS 6.8
MEDIUM This Month

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.4% and no vendor patch available.

Denial Of Service Microsoft Sql Server
NVD
EPSS 21% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 21.4% and no vendor patch available.

XSS Microsoft Sql Server
NVD
EPSS 44% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 44.4% and no vendor patch available.

Microsoft XSS Sql Server +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy