Software Detail

Software Informaton Top

Database

Software Detail

Microsoft SQL Server

Number Of NVD

107

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.microsoft.com/ja-jp/sql-server/
Explanation	It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen). The support end date depends on the service pack provided. If a new service pack is provided, the old service pack will be supported for 12 months.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2			https://sqlserverbuilds.blogspot.com/
3			https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Extended for a fee	High	Medium	Low
51	SQL Server 2022	2022	Nov. 16, 2022	Jan. 11, 2028	Jan. 11, 2033	18	1	0
52	SQL Server 2019	2019	Nov. 4, 2019	Jan. 7, 2025	Jan. 8, 2030	20	1	0
53	SQL Server 2014 Service Pack 3	2014	Oct. 30, 2018	July 9, 2019	July 9, 2024	15	3	0
54	SQL Server 2016 Service Pack 2	2016	April 24, 2018	July 13, 2021	July 14, 2026	13	3	0
55	SQL Server 2017	2017	Sept. 29, 2017	Oct. 11, 2022	Oct. 12, 2027	9	2	0
56	SQL Server 2012 Service Pack 4	2012	July 11, 2017		July 12, 2022	12	4	0
57	SQL Server 7.0	7.0		Jan. 1, 2000		16	17	3
58	SQL Server 6.5	6.5		Jan. 1, 2000		2	1	1
59	SQL Server 6.0	6.0		Jan. 1, 2000		1	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
51	- 9.3	HIGH	Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, …	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-3014	cpe:2.3:a:microsoft:sql_server:2005:sp2	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

52	- 9.3	HIGH	gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Offi…	CWE-399 Resource Management Errors	CVE-2008-3013	cpe:2.3:a:microsoft:sql_server:2005:sp2	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

53	- 9.3	HIGH	gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Offi…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-3012	cpe:2.3:a:microsoft:sql_server:2005:sp2	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

54	- 9.3	HIGH	Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft…	CWE-189 Numeric Errors	CVE-2007-5348	cpe:2.3:a:microsoft:sql_server:2005:sp2	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

55	- 5.0	MEDIUM	SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Inter…	CWE-200 Information Exposure	CVE-2008-0085	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:2005:sp2 cpe:2.3:a:microsoft:sql_server:200…	2026-04-23 09:35 2008-07-9	Show	GitHub Exploit DB Packet Storm

56	- 9.0	HIGH	Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary c…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-0086	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:2005:sp2 cpe:2.3:a:microsoft:sql_server:200…	2026-04-23 09:35 2008-07-9	Show	GitHub Exploit DB Packet Storm

57	- 9.0	HIGH	Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-0106	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:2005:sp2 cpe:2.3:a:microsoft:sql_server:200…	2026-04-23 09:35 2008-07-9	Show	GitHub Exploit DB Packet Storm

58	- 9.0	HIGH	Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSD…	CWE-189 Numeric Errors	CVE-2008-0107	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:2005:sp2 cpe:2.3:a:microsoft:sql_server:200…	2026-04-23 09:35 2008-07-9	Show	GitHub Exploit DB Packet Storm

59	- 7.5	HIGH	Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attacke…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2007-4814	cpe:2.3:a:microsoft:sql_server:2005:sp2	2026-04-23 09:35 2007-09-12	Show	GitHub Exploit DB Packet Storm

60	- 5.0	MEDIUM	Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.	NVD-CWE-Other	CVE-2004-1560	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2017-07-11 10:31 2004-12-31	Show	GitHub Exploit DB Packet Storm