Vulnerabilities > Microsoft > SQL Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2001-01-09 | CVE-2000-1084 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1082 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2001-01-09 | CVE-2000-1081 | Buffer Overflow vulnerability in Microsoft Data Engine and SQL Server The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | 4.6 |
| 2000-07-11 | CVE-2000-0654 | Unspecified vulnerability in Microsoft SQL Server 7.0 Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | 4.6 |
| 2000-07-07 | CVE-2000-0603 | Unspecified vulnerability in Microsoft SQL Server 7.0 Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. | 4.6 |