Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe

Filtered by product Sql Server

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-0819	1 Microsoft	1 Sql Server	2020-08-24	4.0 MEDIUM	6.5 MEDIUM
An information disclosure vulnerability exists in Microsoft SQL Server Analysis Services when it improperly enforces metadata permissions, aka 'Microsoft SQL Server Analysis Services Information Disclosure Vulnerability'.
CVE-2016-7251	1 Microsoft	1 Sql Server	2018-10-12	4.3 MEDIUM	6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."
CVE-2016-7252	1 Microsoft	1 Sql Server	2018-10-12	4.0 MEDIUM	6.5 MEDIUM
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability."