Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Microsoft SQL Server Number Of NVD 107 CRITICAL 0 HIGH 74 MEDIUM 30 LOW 3
URL https://www.microsoft.com/ja-jp/sql-server/
Explanation It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen).
The support end date depends on the service pack provided.
If a new service pack is provided, the old service pack will be supported for 12 months.
Tag
  • 商用ライセンス有り
Add Information URL
No Type Name URL
1 https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2 https://sqlserverbuilds.blogspot.com/
3 https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
91 SQL Server 2022 2022 Nov. 16, 2022 Jan. 11, 2028 Jan. 11, 2033 0 18 1 0
92 SQL Server 2019 2019 Nov. 4, 2019 Jan. 7, 2025 Jan. 8, 2030 0 20 1 0
93 SQL Server 2014 Service Pack 3 2014 Oct. 30, 2018 July 9, 2019 July 9, 2024 0 15 3 0
94 SQL Server 2016 Service Pack 2 2016 April 24, 2018 July 13, 2021 July 14, 2026 0 13 3 0
95 SQL Server 2017 2017 Sept. 29, 2017 Oct. 11, 2022 Oct. 12, 2027 0 9 2 0
96 SQL Server 2012 Service Pack 4 2012 July 11, 2017 July 12, 2022 0 12 4 0
97 SQL Server 7.0 7.0 Jan. 1, 2000 0 16 17 3
98 SQL Server 6.5 6.5 Jan. 1, 2000 0 2 1 1
99 SQL Server 6.0 6.0 Jan. 1, 2000 0 1 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
91 -
7.2 		HIGH An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. NVD-CWE-Other
CVE-2001-0344 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:gold 		2018-10-13 06:30
2001-07-21 		Show GitHub Exploit DB Packet Storm
92 -
4.6 		MEDIUM The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Se… NVD-CWE-Other
CVE-2000-1081 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
93 -
4.6 		MEDIUM The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Serve… NVD-CWE-Other
CVE-2000-1082 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
94 -
2.1 		LOW The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API… NVD-CWE-Other
CVE-2000-1083 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
95 -
4.6 		MEDIUM The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server… NVD-CWE-Other
CVE-2000-1084 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
96 -
4.6 		MEDIUM The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Serv… NVD-CWE-Other
CVE-2000-1085 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
97 -
4.6 		MEDIUM The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQ… NVD-CWE-Other
CVE-2000-1086 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
98 -
4.6 		MEDIUM The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQ… NVD-CWE-Other
CVE-2000-1087 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
99 -
4.6 		MEDIUM The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL… NVD-CWE-Other
CVE-2000-1088 cpe:2.3:a:microsoft:sql_server:7.0:*
cpe:2.3:a:microsoft:sql_server:2000:* 		2018-10-13 06:29
2001-01-9 		Show GitHub Exploit DB Packet Storm
100 -
4.6 		MEDIUM Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vu… NVD-CWE-Other
CVE-2000-0654 cpe:2.3:a:microsoft:sql_server:7.0:* 2018-10-13 06:29
2000-07-11 		Show GitHub Exploit DB Packet Storm