Microsoft

Sql Server

107 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2016-7250

  • EPSS 16.57%
  • Published 10.11.2016 07:00:04
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

8.8

CVE-2016-7249

  • EPSS 16.57%
  • Published 10.11.2016 07:00:03
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."

7.1

CVE-2015-1762

  • EPSS 2.03%
  • Published 14.07.2015 23:59:01
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified function calls, which allows remote authenticated users ...

8.5

CVE-2015-1763

  • EPSS 10.75%
  • Published 14.07.2015 23:59:01
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remote authenticated users to execute arbitrary code vi...

6.5

CVE-2015-1761

  • EPSS 8.42%
  • Published 14.07.2015 23:59:00
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka "S...

6.8

CVE-2014-4061

  • EPSS 33.91%
  • Published 12.08.2014 21:55:07
  • Last modified 12.04.2025 10:46:40

Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL stat...

4.3

CVE-2014-1820

  • EPSS 19.54%
  • Published 12.08.2014 21:55:06
  • Last modified 12.04.2025 10:46:40

Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS V...

4.3

CVE-2012-2552

  • EPSS 57.73%
  • Published 09.10.2012 21:55:02
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or H...

9.3

CVE-2012-1856

Warning
  • EPSS 92.14%
  • Published 15.08.2012 01:55:01
  • Last modified 11.04.2025 00:51:21

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1...

4.3

CVE-2011-1280

  • EPSS 32.49%
  • Published 16.06.2011 20:55:02
  • Last modified 11.04.2025 00:51:21

The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entitie...