本頁列出影響 microsoft sql_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2000-0654 | Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. | [email protected] | 4.6 | 1.39% | 2000-07-11 | 2026-06-16 |
| CVE-2000-0603 | Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. | [email protected] | 4.6 | 2.31% | 2000-07-07 | 2026-06-16 |
| CVE-2000-0485 | Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. | [email protected] | 2.1 | 2.39% | 2000-05-30 | 2026-06-16 |
| CVE-2000-0402 | The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. | [email protected] | 2.1 | 90.61% | 2000-05-30 | 2026-06-16 |
| CVE-2000-0199 | When a new SQL Server is registered in Enterprise Manager for Microsoft SQL Server 7.0 and the "Always prompt for login name and password" option is not set, then the Enterprise Manager uses weak encryption to store the login ID and password. | [email protected] | 7.2 | 1.45% | 2000-03-14 | 2026-06-16 |
| CVE-2000-0202 | Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. | [email protected] | 7.5 | 9.52% | 2000-03-08 | 2026-06-16 |
| CVE-1999-0999 | Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet. | [email protected] | 4.3 | 21.68% | 1999-11-19 | 2026-06-16 |
| CVE-1999-1556 | Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value. | [email protected] | 7.2 | 1.18% | 1998-06-29 | 2026-06-16 |