Microsoft SQL Server Database Server
Recent Microsoft SQL Server Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2023-23384 | Microsoft SQL Server Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-28275 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | April 11, 2023 |
| CVE-2023-21528 | Microsoft SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21704 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21686 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21568 | Microsoft SQL Server Integration Service (VS extension) Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21799 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21713 | Microsoft SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21685 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
| CVE-2023-21705 | Microsoft SQL Server Remote Code Execution Vulnerability | February 14, 2023 |
By the Year
In 2023 there have been 6 vulnerabilities in Microsoft SQL Server with an average score of 8.5 out of ten. Last year SQL Server had 1 security vulnerability published. That is, 5 more vulnerabilities have already been reported in 2023 as compared to last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.97.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 6 | 8.47 |
| 2022 | 1 | 7.50 |
| 2021 | 1 | 8.80 |
| 2020 | 1 | 8.80 |
| 2019 | 2 | 7.65 |
| 2018 | 1 | 9.80 |
It may take a day or so for new SQL Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft SQL Server Security Vulnerabilities
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-23384
9.8 - Critical
- April 11, 2023
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
CVE-2023-21718
7.8 - High
- February 14, 2023
Microsoft SQL ODBC Driver Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21713
8.8 - High
- February 14, 2023
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21705
8.8 - High
- February 14, 2023
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-21704
7.8 - High
- February 14, 2023
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2023-21528
7.8 - High
- February 14, 2023
Microsoft SQL Server Remote Code Execution Vulnerability
Microsoft SQL Server Remote Code Execution Vulnerability.
CVE-2022-29143
7.5 - High
- June 15, 2022
Microsoft SQL Server Remote Code Execution Vulnerability.
Microsoft SQL Elevation of Privilege Vulnerability
CVE-2021-1636
8.8 - High
- January 12, 2021
Microsoft SQL Elevation of Privilege Vulnerability
SQL Injection
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests
CVE-2020-0618
8.8 - High
- February 11, 2020
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.
Marshaling, Unmarshaling
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions
CVE-2019-1068
8.8 - High
- July 15, 2019
A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions
CVE-2019-0819
6.5 - Medium
- May 16, 2019
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.
A buffer overflow vulnerability exists in the Microsoft SQL Server
CVE-2018-8273
9.8 - Critical
- August 15, 2018
A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.
Memory Corruption
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016
CVE-2017-8516
7.5 - High
- August 08, 2017
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
Information Disclosure
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0
CVE-2008-3013
- September 11, 2008
gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
Resource Management Errors
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which
CVE-2002-0057
- March 08, 2002
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows XP or by Microsoft? Click the Watch button to subscribe.
