SQL Server Microsoft SQL Server Database Server

Do you want an email whenever new security vulnerabilities are reported in Microsoft SQL Server?

Recent Microsoft SQL Server Security Advisories

Advisory Title Published
CVE-2022-23276 SQL Server for Linux Containers Elevation of Privilege Vulnerability February 8, 2022

@SQLServer Tweets

RT @msdev: Innovate faster and achieve greater agility—with a comprehensive data platform: https://t.co/nywaHbiSyy #Azure #CloudData #MSBui…
Tue May 24 16:09:08 +0000 2022

Announcing SQL Server 2022 public preview! This newest SQL Server release is the most Azure-enabled version yet, bu… https://t.co/9UXj86u1wR
Tue May 24 16:00:08 +0000 2022

RT @AzureSQL: Dive deeper into the NEW SQL #ManagedInstance link feature providing a hybrid connection between #SQLServer 2016 and Azure -…
Thu May 19 17:30:01 +0000 2022

RT @MSCloud: Innovate anywhere with Azure Arc—learn how with @Roanne_Sones at Azure Hybrid, Multicloud, and Edge Day. Register now for free…
Thu May 19 16:30:01 +0000 2022

✅ Get near real-time data replication ✅ Offload workloads to read-only secondaries ✅ Gain a minimum downtime migrat… https://t.co/hNLJrwBjQ2
Wed May 18 22:00:01 +0000 2022

By the Year

In 2022 there have been 0 vulnerabilities in Microsoft SQL Server . Last year SQL Server had 1 security vulnerability published. Right now, SQL Server is on track to have less security vulnerabilities in 2022 than it did last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 1 8.80
2020 1 8.80
2019 2 7.65
2018 1 9.80

It may take a day or so for new SQL Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft SQL Server Security Vulnerabilities

Microsoft SQL Elevation of Privilege Vulnerability

CVE-2021-1636 8.8 - High - January 12, 2021

Microsoft SQL Elevation of Privilege Vulnerability

SQL Injection

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests

CVE-2020-0618 8.8 - High - February 11, 2020

A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'.

Marshaling, Unmarshaling

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions

CVE-2019-1068 8.8 - High - July 15, 2019

A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'.

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions

CVE-2019-0819 6.5 - Medium - May 16, 2019

An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.

A buffer overflow vulnerability exists in the Microsoft SQL Server

CVE-2018-8273 9.8 - Critical - August 15, 2018

A buffer overflow vulnerability exists in the Microsoft SQL Server that could allow remote code execution on an affected system, aka "Microsoft SQL Server Remote Code Execution Vulnerability." This affects Microsoft SQL Server.

Memory Corruption

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0

CVE-2008-3013 - September 11, 2008

gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."

Resource Management Errors

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which

CVE-2002-0057 - March 08, 2002

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows XP or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft SQL Server
Database Server

subscribe