Vulnerabilities > Microsoft > SQL Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-12 | CVE-2014-4061 | Resource Management Errors vulnerability in Microsoft SQL Server 2008/2012 Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denial of service (daemon hang) via a crafted T-SQL statement, aka "Microsoft SQL Server Stack Overrun Vulnerability." | 6.8 |
| 2014-08-12 | CVE-2014-1820 | Cross-Site Scripting vulnerability in Microsoft SQL Server 2012/2014 Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "SQL Master Data Services XSS Vulnerability." | 4.3 |
| 2012-10-09 | CVE-2012-2552 | Cross-Site Scripting vulnerability in Microsoft SQL Server and SQL Server Reporting Services Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability." | 4.3 |
| 2012-09-25 | CVE-2012-4015 | Cross-Site Scripting vulnerability in Mylittletools Mylittleadmin Cross-site scripting (XSS) vulnerability in the management screen in myLittleTools myLittleAdmin for SQL Server 2000 allows remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted database entry. | 4.3 |
| 2011-06-16 | CVE-2011-1280 | Information Exposure vulnerability in Microsoft products The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1, and 2010 does not properly handle external entities, which allows remote attackers to read arbitrary files via a crafted .disco (Web Service Discovery) file, aka "XML External Entities Resolution Vulnerability." | 4.3 |
| 2008-07-08 | CVE-2008-0085 | Information Exposure vulnerability in Microsoft products SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 does not initialize memory pages when reallocating memory, which allows database operators to obtain sensitive information (database contents) via unknown vectors related to memory page reuse. | 5.0 |
| 2004-12-31 | CVE-2004-1560 | Remote Denial Of Service vulnerability in Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | 5.0 |
| 2003-08-27 | CVE-2003-0231 | Unspecified vulnerability in Microsoft Data Engine and SQL Server Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe. | 5.0 |
| 2002-12-31 | CVE-2002-1981 | Unspecified vulnerability in Microsoft SQL Server 2000 Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | 5.0 |
| 2002-08-12 | CVE-2002-0729 | Unspecified vulnerability in Microsoft SQL Server 2000 Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator. | 5.0 |