Software Detail

Software Informaton Top

Database

Software Detail

Microsoft SQL Server

Number Of NVD

107

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.microsoft.com/ja-jp/sql-server/
Explanation	It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen). The support end date depends on the service pack provided. If a new service pack is provided, the old service pack will be supported for 12 months.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2			https://sqlserverbuilds.blogspot.com/
3			https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Extended for a fee	High	Medium	Low
71	SQL Server 2022	2022	Nov. 16, 2022	Jan. 11, 2028	Jan. 11, 2033	18	1	0
72	SQL Server 2019	2019	Nov. 4, 2019	Jan. 7, 2025	Jan. 8, 2030	20	1	0
73	SQL Server 2014 Service Pack 3	2014	Oct. 30, 2018	July 9, 2019	July 9, 2024	15	3	0
74	SQL Server 2016 Service Pack 2	2016	April 24, 2018	July 13, 2021	July 14, 2026	13	3	0
75	SQL Server 2017	2017	Sept. 29, 2017	Oct. 11, 2022	Oct. 12, 2027	9	2	0
76	SQL Server 2012 Service Pack 4	2012	July 11, 2017		July 12, 2022	12	4	0
77	SQL Server 7.0	7.0		Jan. 1, 2000		16	17	3
78	SQL Server 6.5	6.5		Jan. 1, 2000		2	1	1
79	SQL Server 6.0	6.0		Jan. 1, 2000		1	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
71	- 10.0	HIGH	Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote at…	NVD-CWE-Other	CVE-2002-0721	cpe:2.3:a:microsoft:sql_server:7.0:sp4 cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:31 2002-09-5	Show	GitHub Exploit DB Packet Storm

72	- 7.5	HIGH	Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.	NVD-CWE-Other	CVE-2002-0859	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2023-11-7 10:55 2002-09-5	Show	GitHub Exploit DB Packet Storm

73	- 7.5	HIGH	Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute…	NVD-CWE-Other	CVE-2002-0644	cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:31 2002-08-12	Show	GitHub Exploit DB Packet Storm

74	- 7.5	HIGH	SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.	NVD-CWE-Other	CVE-2002-0645	cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:31 2002-08-12	Show	GitHub Exploit DB Packet Storm

75	- 7.5	HIGH	Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary cod…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2002-0649	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2018-10-20 00:29 2002-08-12	Show	GitHub Exploit DB Packet Storm

76	- 5.0	MEDIUM	The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434)…	NVD-CWE-Other	CVE-2002-0650	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2018-10-13 06:31 2002-08-12	Show	GitHub Exploit DB Packet Storm

77	- 5.0	MEDIUM	Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.	NVD-CWE-Other	CVE-2002-0729	cpe:2.3:a:microsoft:sql_server:2000:*	2016-10-18 11:21 2002-08-12	Show	GitHub Exploit DB Packet Storm

78	- 7.5	HIGH	Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database an…	NVD-CWE-Other	CVE-2002-0624	cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:31 2002-07-23	Show	GitHub Exploit DB Packet Storm

79	- 7.5	HIGH	Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute a…	NVD-CWE-Other	CVE-2002-0641	cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:31 2002-07-23	Show	GitHub Exploit DB Packet Storm

80	- 7.2	HIGH	The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows …	NVD-CWE-Other	CVE-2002-0642	cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:31 2002-07-23	Show	GitHub Exploit DB Packet Storm