Filtered by vendor Microsoft Subscriptions
Filtered by product Sql Server Subscriptions
Total 111 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2000-0402 1 Microsoft 1 Sql Server 2025-04-03 N/A
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
CVE-2004-1560 1 Microsoft 1 Sql Server 2025-04-03 N/A
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
CVE-2000-0485 1 Microsoft 1 Sql Server 2025-04-03 N/A
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
CVE-2000-1085 1 Microsoft 2 Data Engine, Sql Server 2025-04-03 N/A
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2001-0344 1 Microsoft 1 Sql Server 2025-04-03 N/A
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
CVE-2001-0879 1 Microsoft 4 Sql Server, Windows 2000, Windows Nt and 1 more 2025-04-03 N/A
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
CVE-2002-0057 1 Microsoft 4 Internet Explorer, Sql Server, Windows Xp and 1 more 2025-04-03 N/A
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
CVE-2002-0186 1 Microsoft 1 Sql Server 2025-04-03 N/A
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
CVE-2002-1872 1 Microsoft 1 Sql Server 2025-04-03 7.5 High
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2002-1123 1 Microsoft 2 Data Engine, Sql Server 2025-04-03 N/A
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
CVE-2000-1081 1 Microsoft 2 Data Engine, Sql Server 2025-04-03 N/A
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2020-0618 1 Microsoft 1 Sql Server 2025-04-02 8.8 High
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
CVE-2023-21718 1 Microsoft 1 Sql Server 2025-03-01 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-29356 1 Microsoft 2 Odbc Driver For Sql Server, Sql Server 2025-03-01 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-32025 1 Microsoft 2 Odbc Driver For Sql Server, Sql Server 2025-03-01 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-32026 1 Microsoft 2 Odbc Driver For Sql Server, Sql Server 2025-03-01 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-32027 1 Microsoft 2 Odbc Driver For Sql Server, Sql Server 2025-03-01 7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-29349 1 Microsoft 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server 2025-03-01 7.8 High
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
CVE-2023-38169 1 Microsoft 3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server 2025-02-28 8.8 High
Microsoft SQL OLE DB Remote Code Execution Vulnerability
CVE-2023-23384 1 Microsoft 1 Sql Server 2025-01-23 7.3 High
Microsoft SQL Server Remote Code Execution Vulnerability