Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sql_server
(Microsoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 108 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2008-09-10 | CVE-2008-3012 | gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote... | Digital_image_suite, Forefront_client_security, Internet_explorer, Office, Office_powerpoint_viewer, Office_system, Report_viewer, Server, Sql_server, Sql_server_reporting_services, Visio, Windows, Windows\-Nt, Windows_vista, Windows_xp, Works | N/A | ||
| 2008-07-08 | CVE-2008-0107 | Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory... | Data_engine, Sql_server, Sql_server_desktop_engine, Windows_server_2008, Wmsde, Wyukon | N/A | ||
| 2008-07-08 | CVE-2008-0106 | Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. | Data_engine, Sql_server, Sql_server_desktop_engine, Sql_server_express_edition | N/A | ||
| 2008-07-08 | CVE-2008-0086 | Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression. | Data_engine, Sql_server, Sql_server_desktop_engine, Sql_server_express_edition | N/A | ||
| 2008-07-08 | CVE-2008-0085 | SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | Data_engine, Sql_server, Sql_server_desktop_engine, Wmsde, Wyukon | N/A | ||
| 2008-09-10 | CVE-2007-5348 | Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image... | Digital_image_suite, Forefront_client_security, Internet_explorer, Office, Office_powerpoint_viewer, Office_system, Report_viewer, Server, Sql_server, Sql_server_reporting_services, Visio, Windows, Windows\-Nt, Windows_vista, Windows_xp, Works | N/A | ||
| 2007-09-11 | CVE-2007-4814 | Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method. | Sql_server | N/A | ||
| 2004-12-31 | CVE-2004-1560 | Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | Sql_server | N/A | ||
| 2003-08-27 | CVE-2003-0232 | Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow. | Data_engine, Sql_server | N/A | ||
| 2003-08-27 | CVE-2003-0231 | Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | Data_engine, Sql_server | N/A |