Software Detail

Software Informaton Top

Database

Software Detail

Microsoft SQL Server

Number Of NVD

107

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.microsoft.com/ja-jp/sql-server/
Explanation	It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen). The support end date depends on the service pack provided. If a new service pack is provided, the old service pack will be supported for 12 months.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2			https://sqlserverbuilds.blogspot.com/
3			https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Extended for a fee	High	Medium	Low
31	SQL Server 2022	2022	Nov. 16, 2022	Jan. 11, 2028	Jan. 11, 2033	18	1	0
32	SQL Server 2019	2019	Nov. 4, 2019	Jan. 7, 2025	Jan. 8, 2030	20	1	0
33	SQL Server 2014 Service Pack 3	2014	Oct. 30, 2018	July 9, 2019	July 9, 2024	15	3	0
34	SQL Server 2016 Service Pack 2	2016	April 24, 2018	July 13, 2021	July 14, 2026	13	3	0
35	SQL Server 2017	2017	Sept. 29, 2017	Oct. 11, 2022	Oct. 12, 2027	9	2	0
36	SQL Server 2012 Service Pack 4	2012	July 11, 2017		July 12, 2022	12	4	0
37	SQL Server 7.0	7.0		Jan. 1, 2000		16	17	3
38	SQL Server 6.5	6.5		Jan. 1, 2000		2	1	1
39	SQL Server 6.0	6.0		Jan. 1, 2000		1	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
31	8.8 6.5	HIGH Network	Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-7250	cpe:2.3:a:microsoft:sql_server:2016:* cpe:2.3:a:microsoft:sql_server:2014:sp2 cpe:2.3:a:microsoft:sql_server:2014…	2024-11-21 11:57 2016-11-10	Show	GitHub Exploit DB Packet Storm

32	8.8 6.5	HIGH Network	Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation o…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-7249	cpe:2.3:a:microsoft:sql_server:2016:*	2024-11-21 11:57 2016-11-10	Show	GitHub Exploit DB Packet Storm

33	- 8.5	HIGH	Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remo…	CWE-284 Improper Access Control	CVE-2015-1763	cpe:2.3:a:microsoft:sql_server:2014:* cpe:2.3:a:microsoft:sql_server:2012:sp2 cpe:2.3:a:microsoft:sql_server:2012…	2024-11-21 11:26 2015-07-15	Show	GitHub Exploit DB Packet Storm

34	- 7.1	HIGH	Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified funct…	CWE-74 Injection	CVE-2015-1762	cpe:2.3:a:microsoft:sql_server:2014:* cpe:2.3:a:microsoft:sql_server:2012:sp2 cpe:2.3:a:microsoft:sql_server:2012…	2024-11-21 11:26 2015-07-15	Show	GitHub Exploit DB Packet Storm

35	- 6.5	MEDIUM	Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain pr…	CWE-284 Improper Access Control	CVE-2015-1761	cpe:2.3:a:microsoft:sql_server:2014:* cpe:2.3:a:microsoft:sql_server:2012:sp2 cpe:2.3:a:microsoft:sql_server:2012…	2024-11-21 11:26 2015-07-15	Show	GitHub Exploit DB Packet Storm

36	- 6.8	MEDIUM	Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not properly control use of stack memory for processing of T-SQL batch commands, which allows remote authenticated users to cause a denia…	CWE-399 Resource Management Errors	CVE-2014-4061	cpe:2.3:a:microsoft:sql_server:2012:sp1 cpe:2.3:a:microsoft:sql_server:2012:sp1 cpe:2.3:a:microsoft:sql_server:20…	2024-11-21 11:09 2014-08-13	Show	GitHub Exploit DB Packet Storm

37	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 Cross-site Scripting	CVE-2014-1820	cpe:2.3:a:microsoft:sql_server:2014:- cpe:2.3:a:microsoft:sql_server:2012:sp1	2024-11-21 11:05 2014-08-13	Show	GitHub Exploit DB Packet Storm

38	- 4.3	MEDIUM	Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows r…	CWE-79 Cross-site Scripting	CVE-2012-2552	cpe:2.3:a:microsoft:sql_server:2012:- cpe:2.3:a:microsoft:sql_server:2012:- cpe:2.3:a:microsoft:sql_server:2008:s…	2024-11-21 10:39 2012-10-10	Show	GitHub Exploit DB Packet Storm

39	8.8 9.3	HIGH Network	The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Se…	NVD-CWE-noinfo	CVE-2012-1856	cpe:2.3:a:microsoft:sql_server:2008:sp3 cpe:2.3:a:microsoft:sql_server:2008:sp2 cpe:2.3:a:microsoft:sql_server:20…	2026-04-23 01:48 2012-08-15	Show	GitHub Exploit DB Packet Storm

40	- 4.3	MEDIUM	The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server 2005 SP3 and SP4 and 2008 SP1, SP2, and R2; SQL Server Management Studio Express (SSMSE) 2005; and Visual Studio 2005 SP1, 2008 SP1,…	CWE-200 Information Exposure	CVE-2011-1280	cpe:2.3:a:microsoft:sql_server:2008:sp2 cpe:2.3:a:microsoft:sql_server:2008:sp2 cpe:2.3:a:microsoft:sql_server:20…	2024-11-21 10:25 2011-06-17	Show	GitHub Exploit DB Packet Storm