Software Detail

Software Informaton Top

Database

Software Detail

Microsoft SQL Server

Number Of NVD

107

CRITICAL

HIGH

MEDIUM

LOW

URL	https://www.microsoft.com/ja-jp/sql-server/
Explanation	It is a relational database management system (RDBMS) provided by Microsoft, and like other Windows products, it can be operated in various ways from the GUI (screen). The support end date depends on the service pack provided. If a new service pack is provided, the old service pack will be supported for 12 months.
Tag	商用ライセンス有り

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com/ja-jp/lifecycle/search?alpha=SQL%20Server
2			https://sqlserverbuilds.blogspot.com/
3			https://learn.microsoft.com/ja-jp/lifecycle/policies/fixed

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Initial release	Normal Support	Extended for a fee	High	Medium	Low
81	SQL Server 2022	2022	Nov. 16, 2022	Jan. 11, 2028	Jan. 11, 2033	18	1	0
82	SQL Server 2019	2019	Nov. 4, 2019	Jan. 7, 2025	Jan. 8, 2030	20	1	0
83	SQL Server 2014 Service Pack 3	2014	Oct. 30, 2018	July 9, 2019	July 9, 2024	15	3	0
84	SQL Server 2016 Service Pack 2	2016	April 24, 2018	July 13, 2021	July 14, 2026	13	3	0
85	SQL Server 2017	2017	Sept. 29, 2017	Oct. 11, 2022	Oct. 12, 2027	9	2	0
86	SQL Server 2012 Service Pack 4	2012	July 11, 2017		July 12, 2022	12	4	0
87	SQL Server 7.0	7.0		Jan. 1, 2000		16	17	3
88	SQL Server 6.5	6.5		Jan. 1, 2000		2	1	1
89	SQL Server 6.0	6.0		Jan. 1, 2000		1	0	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
81	- 4.6	MEDIUM	The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows loc…	NVD-CWE-Other	CVE-2002-0643	cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:sp2 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:31 2002-07-23	Show	GitHub Exploit DB Packet Storm

82	- 7.5	HIGH	Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer…	NVD-CWE-Other	CVE-2002-0186	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2018-10-13 06:31 2002-07-3	Show	GitHub Exploit DB Packet Storm

83	- 7.5	HIGH	Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script …	NVD-CWE-Other	CVE-2002-0187	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2018-10-13 06:31 2002-07-3	Show	GitHub Exploit DB Packet Storm

84	- 7.5	HIGH	Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain lo…	NVD-CWE-Other	CVE-2002-0154	cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:sp2 cpe:2.3:a:microsoft:sql_server:7.0:…	2018-10-13 06:31 2002-05-16	Show	GitHub Exploit DB Packet Storm

85	- 5.0	MEDIUM	The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of se…	NVD-CWE-Other	CVE-2002-0224	cpe:2.3:a:microsoft:sql_server:7.0:sp3 cpe:2.3:a:microsoft:sql_server:7.0:sp2 cpe:2.3:a:microsoft:sql_server:7.0:…	2019-04-30 23:27 2002-05-16	Show	GitHub Exploit DB Packet Storm

86	- 7.5	HIGH	Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to (1) OpenDataSource or (2) OpenRowset in an ad hoc connection.	NVD-CWE-Other	CVE-2002-0056	cpe:2.3:a:microsoft:sql_server:7.0:* cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:30 2002-03-8	Show	GitHub Exploit DB Packet Storm

87	- 5.0	MEDIUM	XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an…	NVD-CWE-Other	CVE-2002-0057	cpe:2.3:a:microsoft:sql_server:2000:sp2 cpe:2.3:a:microsoft:sql_server:2000:sp1 cpe:2.3:a:microsoft:sql_server:20…	2021-07-23 21:55 2002-03-8	Show	GitHub Exploit DB Packet Storm

88	- 7.5	HIGH	Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. N…	NVD-CWE-Other	CVE-2001-0542	cpe:2.3:a:microsoft:sql_server:7.0:* cpe:2.3:a:microsoft:sql_server:2000:*	2018-10-13 06:30 2001-12-20	Show	GitHub Exploit DB Packet Storm

89	- 5.0	MEDIUM	Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.	NVD-CWE-Other	CVE-2001-0879	cpe:2.3:a:microsoft:sql_server:7.0:* cpe:2.3:a:microsoft:sql_server:2000:*	2019-04-30 23:27 2001-12-20	Show	GitHub Exploit DB Packet Storm

90	- 5.0	MEDIUM	Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a…	CWE-20 Improper Input Validation	CVE-2001-0509	cpe:2.3:a:microsoft:sql_server:7.0:- cpe:2.3:a:microsoft:sql_server:2000:-	2020-04-2 21:56 2001-09-20	Show	GitHub Exploit DB Packet Storm