Software Detail

Software Informaton Top

Database

Software Detail

Microsoft SQL Server

Number Of NVD

107

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.microsoft.com/ja-jp/sql-server/
Explanation	It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen). The support end date depends on the service pack provided. If a new service pack is provided, the old service pack will be supported for 12 months.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2			https://sqlserverbuilds.blogspot.com/
3			https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Extended for a fee	High	Medium	Low
61	SQL Server 2022	2022	Nov. 16, 2022	Jan. 11, 2028	Jan. 11, 2033	18	1	0
62	SQL Server 2019	2019	Nov. 4, 2019	Jan. 7, 2025	Jan. 8, 2030	20	1	0
63	SQL Server 2014 Service Pack 3	2014	Oct. 30, 2018	July 9, 2019	July 9, 2024	15	3	0
64	SQL Server 2016 Service Pack 2	2016	April 24, 2018	July 13, 2021	July 14, 2026	13	3	0
65	SQL Server 2017	2017	Sept. 29, 2017	Oct. 11, 2022	Oct. 12, 2027	9	2	0
66	SQL Server 2012 Service Pack 4	2012	July 11, 2017		July 12, 2022	12	4	0
67	SQL Server 7.0	7.0		Jan. 1, 2000		16	17	3
68	SQL Server 6.5	6.5		Jan. 1, 2000		2	1	1
69	SQL Server 6.0	6.0		Jan. 1, 2000		1	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
61	- 7.2	HIGH	Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2003-0230	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:32 2003-08-27	Show	GitHub Exploit DB Packet Storm

62	- 5.0	MEDIUM	Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.	NVD-CWE-Other	CVE-2003-0231	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:32 2003-08-27	Show	GitHub Exploit DB Packet Storm

63	- 7.2	HIGH	Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.	NVD-CWE-Other	CVE-2003-0232	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:32 2003-08-27	Show	GitHub Exploit DB Packet Storm

64	- 5.0	MEDIUM	Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify…	NVD-CWE-Other	CVE-2002-1981	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2008-09-6 05:32 2002-12-31	Show	GitHub Exploit DB Packet Storm

65	7.5 5.0	HIGH Network	Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.	CWE-326 Inadequate Encryption Strength	CVE-2002-1872	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2024-02-15 00:50 2002-12-31	Show	GitHub Exploit DB Packet Storm

66	- 10.0	HIGH	The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLI…	NVD-CWE-Other	CVE-2002-1145	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:32 2002-10-28	Show	GitHub Exploit DB Packet Storm

67	- 7.5	HIGH	Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 20…	NVD-CWE-Other	CVE-2002-1137	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:31 2002-10-11	Show	GitHub Exploit DB Packet Storm

68	- 7.5	HIGH	Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the …	NVD-CWE-Other	CVE-2002-1138	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:31 2002-10-11	Show	GitHub Exploit DB Packet Storm

69	- 7.5	HIGH	Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.	NVD-CWE-Other	CVE-2002-0982	cpe:2.3:a:microsoft:sql_server:2000:sp2	2016-10-18 11:23 2002-09-24	Show	GitHub Exploit DB Packet Storm

70	- 7.5	HIGH	Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port …	NVD-CWE-Other	CVE-2002-1123	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2018-10-13 06:31 2002-09-24	Show	GitHub Exploit DB Packet Storm