Microsoft Sql_server
15 CVEs affecting Microsoft Sql_server. Latest disclosed: 2017-08-08. Critical: 0, High: 5.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2016-7254 | High | 8.8 | 2016-11-10 | Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileg… |
CVE-2016-7253 | High | 8.8 | 2016-11-10 | The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticat… |
CVE-2016-7250 | High | 8.8 | 2016-11-10 | Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain p… |
CVE-2016-7249 | High | 8.8 | 2016-11-10 | Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown ve… |
CVE-2017-8516 | High | 7.5 | 2017-08-08 | Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure… |
CVE-2016-7252 | Medium | 6.5 | 2016-11-10 | Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis… |
CVE-2016-7251 | Medium | 6.1 | 2016-11-10 | Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unsp… |
CVE-2015-1763 | | 2015-07-14 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to exec… | |
CVE-2015-1762 | | 2015-07-14 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of u… | |
CVE-2015-1761 | | 2015-07-14 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allo… | |
CVE-2014-4061 | | 2014-08-12 | Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows rem… | |
CVE-2014-1820 | | 2014-08-12 | Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to… | |
CVE-2012-2552 | | 2012-10-09 | Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2… | |
CVE-2012-4015 | | 2012-09-25 | Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrar… | |
CVE-2011-1280 | | 2011-06-16 | The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 200… |