CVE-2023-21713 (GCVE-0-2023-21713)
Vulnerability from – Published: 2023-02-14 19:33 – Updated: 2025-01-01 00:41
VLAI?
Title
Microsoft SQL Server Remote Code Execution Vulnerability
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7024.30",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6174.8",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6444.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2101.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6430.49",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2047.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 18)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4280.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3460.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1050.5",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7024.30",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6174.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6444.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2101.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6430.49",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2047.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4280.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3460.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1050.5",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:41:17.104Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21713",
"datePublished": "2023-02-14T19:33:42.806Z",
"dateReserved": "2022-12-13T18:08:03.491Z",
"dateUpdated": "2025-01-01T00:41:17.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21528 (GCVE-0-2023-21528)
Vulnerability from – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:40
VLAI?
Title
Microsoft SQL Server Remote Code Execution Vulnerability
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Affected:
13.0.0 , < 13.0.7024.30
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:01.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7024.30",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2101.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6430.49",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6444.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6174.8",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2047.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3460.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 18)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4280.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft SQL Server 2008 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.6814.4",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.50.6785.2",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1050.5",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7024.30",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2101.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6430.49",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6444.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6174.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2047.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3460.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4280.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.6814.4",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*",
"versionEndExcluding": "10.50.6785.2",
"versionStartIncluding": "10.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1050.5",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:48.257Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21528",
"datePublished": "2023-02-14T19:32:35.030Z",
"dateReserved": "2022-12-01T14:00:11.197Z",
"dateUpdated": "2025-01-01T00:40:48.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21705 (GCVE-0-2023-21705)
Vulnerability from – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:40
VLAI?
Title
Microsoft SQL Server Remote Code Execution Vulnerability
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-321 - Use of Hard-coded Cryptographic Key
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Affected:
11.0.0 , < 11.0.7512.11
(custom)
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.069Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"32-bit Systems"
],
"product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "11.0.7512.11",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2047.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6444.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6174.8",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2101.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6430.49",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7024.30",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3460.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1050.5",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 18)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4280.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*",
"versionEndExcluding": "11.0.7512.11",
"versionStartIncluding": "11.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2047.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "12.0.6444.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6174.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2101.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6430.49",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7024.30",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3460.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1050.5",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4280.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321: Use of Hard-coded Cryptographic Key",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:45.910Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705"
}
],
"title": "Microsoft SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21705",
"datePublished": "2023-02-14T19:32:43.252Z",
"dateReserved": "2022-12-13T18:08:03.490Z",
"dateUpdated": "2025-01-01T00:40:45.910Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21704 (GCVE-0-2023-21704)
Vulnerability from – Published: 2023-02-14 19:32 – Updated: 2025-01-01 00:40
VLAI?
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity ?
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2017 (GDR) |
Affected:
14.0.0 , < 14.0.2047.8
(custom)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:44:02.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.2047.8",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6444.4",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "12.0.6174.8",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2101.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.6430.49",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "13.0.7024.30",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 18)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4280.7",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 31)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "14.0.3460.9",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1050.5",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.2047.8",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "12.0.6444.4",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"versionEndExcluding": "12.0.6174.8",
"versionStartIncluding": "12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2101.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.6430.49",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*",
"versionEndExcluding": "13.0.7024.30",
"versionStartIncluding": "13.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4280.7",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*",
"versionEndExcluding": "14.0.3460.9",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1050.5",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-02-14T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-01T00:40:45.364Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-21704",
"datePublished": "2023-02-14T19:32:42.272Z",
"dateReserved": "2022-12-13T18:08:03.489Z",
"dateUpdated": "2025-01-01T00:40:45.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-2502 (GCVE-0-2009-2502)
Vulnerability from – Published: 2009-10-14 10:00 – Updated: 2024-10-21 16:34
VLAI?
Summary
Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
Severity ?
8.1 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:52:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2009-2502",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-11T16:41:52.863250Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T16:34:33.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "TA09-286A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka \"GDI+ TIFF Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "MS09-062",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-062"
},
{
"name": "oval:org.mitre.oval:def:5898",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5898"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2009-2502",
"datePublished": "2009-10-14T10:00:00",
"dateReserved": "2009-07-17T00:00:00",
"dateUpdated": "2024-10-21T16:34:33.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-1636 (GCVE-0-2021-1636)
Vulnerability from – Published: 2021-01-12 19:41 – Updated: 2024-10-08 16:17
VLAI?
Title
Microsoft SQL Elevation of Privilege Vulnerability
Summary
Microsoft SQL Elevation of Privilege Vulnerability
Severity ?
CWE
- Elevation of Privilege
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Affected:
11.0.0 , < publication
(custom)
cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1636"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Microsoft SQL Server 2012 Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*",
"cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems",
"32-bit Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*"
],
"platforms": [
"Unknown"
],
"product": "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*",
"cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "12.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2017 (CU 22)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "14.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2016 Service Pack 2 (CU 15)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "13.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "publication",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-01-12T08:00:00+00:00",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft SQL Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of Privilege",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:17:34.725Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft SQL Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636"
}
],
"title": "Microsoft SQL Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-1636",
"datePublished": "2021-01-12T19:41:55",
"dateReserved": "2020-12-02T00:00:00",
"dateUpdated": "2024-10-08T16:17:34.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8516 (GCVE-0-2017-8516)
Vulnerability from – Published: 2017-08-08 21:00 – Updated: 2024-09-16 23:22
VLAI?
Summary
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
Severity ?
No CVSS data available.
CWE
- Information Disclosure
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft Corporation | SQL Server |
Affected:
Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:41:23.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"
},
{
"name": "1039110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039110"
},
{
"name": "100041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SQL Server",
"vendor": "Microsoft Corporation",
"versions": [
{
"status": "affected",
"version": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"
}
]
}
],
"datePublic": "2017-08-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-24T04:49:49",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"
},
{
"name": "1039110",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039110"
},
{
"name": "100041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100041"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"DATE_PUBLIC": "2017-08-08T00:00:00",
"ID": "CVE-2017-8516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SQL Server",
"version": {
"version_data": [
{
"version_value": "Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka \"Microsoft SQL Server Analysis Services Information Disclosure Vulnerability\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8516"
},
{
"name": "1039110",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039110"
},
{
"name": "100041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100041"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2017-8516",
"datePublished": "2017-08-08T21:00:00Z",
"dateReserved": "2017-05-03T00:00:00",
"dateUpdated": "2024-09-16T23:22:02.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1981 (GCVE-0-2002-1981)
Vulnerability from – Published: 2005-06-28 04:00 – Updated: 2024-09-16 23:21
VLAI?
Summary
Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5604"
},
{
"name": "mssql-sp-public-access(10012)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10012.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt"
},
{
"name": "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/lists/bugtraq/2002/Sep/0009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5604"
},
{
"name": "mssql-sp-public-access(10012)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10012.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt"
},
{
"name": "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/lists/bugtraq/2002/Sep/0009.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the \"public\" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5604"
},
{
"name": "mssql-sp-public-access(10012)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10012.php"
},
{
"name": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/mssql-sp_MSSetServerProperties.txt"
},
{
"name": "20020902 Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2002/Sep/0009.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1981",
"datePublished": "2005-06-28T04:00:00Z",
"dateReserved": "2005-06-28T04:00:00Z",
"dateUpdated": "2024-09-16T23:21:00.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1088 (GCVE-0-2000-1088)
Vulnerability from – Published: 2000-12-19 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2043",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2043"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2043",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2043"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1088",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2043"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"refsource": "ATSTAKE",
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1088",
"datePublished": "2000-12-19T05:00:00",
"dateReserved": "2000-12-01T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-1086 (GCVE-0-2000-1086)
Vulnerability from – Published: 2000-12-19 05:00 – Updated: 2024-08-08 05:45
VLAI?
Summary
The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2041",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2041"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2041",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2041"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_ATSTAKE"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2041"
},
{
"name": "20001201 SQL Server 2000 Extended Stored Procedure Vulnerability",
"refsource": "ATSTAKE",
"url": "http://marc.info/?l=bugtraq\u0026m=97570884410184\u0026w=2"
},
{
"name": "MS00-092",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1086",
"datePublished": "2000-12-19T05:00:00",
"dateReserved": "2000-12-01T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
displaying 21 - 30 organizations in total 109