Filtered by vendor Microsoft
Subscriptions
Filtered by product Sql Server
Subscriptions
Total
111 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2000-0402 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | ||||
CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | ||||
CVE-2000-0485 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | ||||
CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
CVE-2001-0344 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. | ||||
CVE-2001-0879 | 1 Microsoft | 4 Sql Server, Windows 2000, Windows Nt and 1 more | 2025-04-03 | N/A |
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service. | ||||
CVE-2002-0057 | 1 Microsoft | 4 Internet Explorer, Sql Server, Windows Xp and 1 more | 2025-04-03 | N/A |
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source. | ||||
CVE-2002-0186 | 1 Microsoft | 1 Sql Server | 2025-04-03 | N/A |
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension." | ||||
CVE-2002-1872 | 1 Microsoft | 1 Sql Server | 2025-04-03 | 7.5 High |
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password. | ||||
CVE-2002-1123 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow. | ||||
CVE-2000-1081 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
CVE-2020-0618 | 1 Microsoft | 1 Sql Server | 2025-04-02 | 8.8 High |
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. | ||||
CVE-2023-21718 | 1 Microsoft | 1 Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2023-29356 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2023-32025 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2023-32026 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2023-32027 | 1 Microsoft | 2 Odbc Driver For Sql Server, Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | ||||
CVE-2023-29349 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2025-03-01 | 7.8 High |
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability | ||||
CVE-2023-38169 | 1 Microsoft | 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server | 2025-02-28 | 8.8 High |
Microsoft SQL OLE DB Remote Code Execution Vulnerability | ||||
CVE-2023-23384 | 1 Microsoft | 1 Sql Server | 2025-01-23 | 7.3 High |
Microsoft SQL Server Remote Code Execution Vulnerability |