Sql Server CVEs and Security Vulnerabilities

Filtered by vendor Microsoft Subscriptions

Filtered by product Sql Server Subscriptions

Search

Switch to Advanced Search (Beta)

Total 159 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-21415	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21414	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21398	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21373	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21335	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21333	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-21332	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38087	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2024-38088	1 Microsoft	5 Sql Server, Sql Server 2016, Sql Server 2017 and 2 more	2025-12-09	8.8 High
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
CVE-2012-1856	1 Microsoft	7 Commerce Server, Host Integration Server, Office and 4 more	2025-10-22	8.8 High
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
CVE-2024-0056	2 Microsoft, Redhat	21 .net, .net Framework, Microsoft.data.sqlclient and 18 more	2025-06-03	8.7 High
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
CVE-2024-28934	1 Microsoft	6 Odbc Driver For Sql Server, Sql Server, Sql Server 2019 and 3 more	2025-05-03	8.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2017-8516	1 Microsoft	1 Sql Server	2025-04-20	7.5 High
Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".
CVE-2023-36785	1 Microsoft	2 Odbc Driver For Sql Server, Sql Server	2025-04-14	7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36417	1 Microsoft	2 Ole Db Driver For Sql Server, Sql Server	2025-04-14	7.8 High
Microsoft SQL OLE DB Remote Code Execution Vulnerability
CVE-2023-36420	1 Microsoft	2 Odbc Driver For Sql Server, Sql Server	2025-04-14	7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2023-36728	1 Microsoft	3 Odbc Driver For Sql Server, Ole Db Driver For Sql Server, Sql Server	2025-04-14	5.5 Medium
Microsoft SQL Server Denial of Service Vulnerability
CVE-2023-36730	1 Microsoft	2 Odbc Driver For Sql Server, Sql Server	2025-04-14	7.8 High
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
CVE-2016-7254	1 Microsoft	1 Sql Server	2025-04-12	N/A
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability."
CVE-2016-7253	1 Microsoft	1 Sql Server	2025-04-12	N/A
The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Server Agent Elevation of Privilege Vulnerability."

« first previous Page 3 of 8. next last »