CVE Daily
← All tags

Tag: Microsoft SQL Server

All CVEs associated with "Microsoft SQL Server". Page 2/4 • 411 CVEs.

Subscribe CVEs: RSS for “Microsoft SQL Server”  ·  RSS (High+Critical only)

About “Microsoft SQL Server”

A curated feed of “Microsoft SQL Server”-related CVEs appears below. We currently track 411 CVEs for this tag (all time). In the last 365 days, 43 were published. Average CVSS is 8.0 (all time; 8.1 over 365d), and 80% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), CWE-20 - Improper Input Validation, CWE-787 - Out-of-bounds Write.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-07-09
High

CVE-2024-21373

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21335

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21333

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21332

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-21331

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21317

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21308

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-21303

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-20701

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-05-14
High

CVE-2024-30006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-27941

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected client systems do not properly sanitize input data before sending it to the SQL server. An attacker could…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-27940

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow any authenticated user to send arbitrary SQL commands to the SQL server. An attacker could…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2024-04-09
High

CVE-2024-29985

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29984

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29983

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29982

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29048

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29047

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29046

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29045

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.5 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-29044

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-29043

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-28945

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-28944

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2024-28943

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28942

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-28941

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28940

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28939

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-209 - Generation of Error Message Containing Sensitive Information View on NVD
High

CVE-2024-28938

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-28937

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28936

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-28935

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28934

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-28933

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-28932

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28931

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-28930

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-28929

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-28927

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28926

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28915

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28914

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28913

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28912

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28911

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28910

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28909

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28908

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-28906

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-26244

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2024-26214

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-26210

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2024-03-14
Medium

CVE-2024-25649

In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, dat…

CVSS: 6.7 CWE: CWE-316 - Cleartext Storage of Sensitive Information in Memory View on NVD
2024-03-12
High

CVE-2024-26166

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-26164

Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-26161

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21450

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-21444

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-21441

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2024-02-13
High

CVE-2024-21420

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-21391

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2024-21375

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-21370

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21369

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21368

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21367

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21366

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21365

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21361

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21360

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21359

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21358

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-21352

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2024-21350

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
2023-12-22
Critical

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, wh…

CVSS: 9.1 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-12-14
Critical

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database…

CVSS: 9.8 CWE: N/A View on NVD
2023-12-12
High

CVE-2023-36006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
2023-11-30
Medium

CVE-2021-35975

Absolute path traversal vulnerability in the Systematica SMTP Adapter component (up to v2.0.1.101) in Systematica Radius (up to v.3.9.256.777) allows remote attackers to read arbitrary files via a fu…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2023-11-14
High

CVE-2023-36402

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-11-10
Critical

CVE-2023-47800

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data exf…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2023-11-07
Critical

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execu…

CVSS: 9.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2023-10-10
High

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-36730

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2023-36728

Microsoft SQL Server Denial of Service Vulnerability

CVSS: 5.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2023-36577

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-36420

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
2023-10-03
High

CVE-2023-3440

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-…

CVSS: 8.4 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-08-08
High

CVE-2023-36882

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-416 - Use After Free View on NVD
2023-07-22
Medium

CVE-2023-38195

Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata s…

CVSS: 4.9 CWE: N/A View on NVD
2023-06-27
Medium

CVE-2023-35798

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requi…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2023-06-16
High

CVE-2023-32027

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-32026

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-32025

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-29356

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-06-14
High

CVE-2023-29372

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-06-02
Critical

CVE-2023-34362

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit Transf…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-05-24
Medium

CVE-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute a…

CVSS: 6.4 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-04-19
Medium

CVE-2023-30558

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. User input coming from…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2023-30557

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are s…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2023-30555

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases.Affected versions are su…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2023-30552

Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are s…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-04-11
High

CVE-2023-28275

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-23384

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-04-02
Medium

CVE-2023-1574

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to…

CVSS: 6.5 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
2023-03-30
Medium

CVE-2023-0620

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. When configuring the…

CVSS: 6.5 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2023-02-14
High

CVE-2023-21799

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-21718

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
High

CVE-2023-21713

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21705

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
High

CVE-2023-21704

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21686

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-21685

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-21568

Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability

CVSS: 7.3 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-21528

Microsoft SQL Server Remote Code Execution Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
2023-01-10
High

CVE-2023-21681

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability

CVSS: 8.8 CWE: CWE-191 - Integer Underflow (Wrap or Wraparound) View on NVD
2022-12-25
Critical

CVE-2022-44015

An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2022-44014

An issue was discovered in Simmeth Lieferantenmanager before 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via…

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
2022-12-13
Critical

CVE-2022-43724

A vulnerability has been identified in SICAM PAS/PQS (All versions < V7.0). Affected software transmits the database credentials for the inbuilt SQL server in cleartext. In combination with the by de…

CVSS: 9.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
2022-10-17
High

CVE-2022-3158

Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an input validation vulnerability. The FactoryTalk VantagePoint SQL Server lacks input validation w…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD