Every CVE whose affected-product data names Microsoft Data Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (26)
CVE-2000-1209 — CVSS 10.0 (critical): The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE)…
CVE-2002-1145 — CVSS 10.0 (critical): The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and…
CVE-2002-0721 — CVSS 10.0 (critical): Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions…
CVE-2008-0107 — CVSS 9.0 (critical): Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2…
CVE-2008-0106 — CVSS 9.0 (critical): Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to…
CVE-2008-0086 — CVSS 9.0 (critical): Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine…
CVE-2002-0649 — CVSS 7.5 (high): Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote…
CVE-2002-0644 — CVSS 7.5 (high): Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000…
CVE-2002-0645 — CVSS 7.5 (high): SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow…
CVE-2000-0202 — CVSS 7.5 (high): Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in…
CVE-2002-1123 — CVSS 7.5 (high): Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote…
CVE-2002-1137 — CVSS 7.5 (high): Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft…
CVE-2002-1138 — CVSS 7.5 (high): Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files…
CVE-2003-0232 — CVSS 7.2 (high): Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls…
CVE-2003-0230 — CVSS 7.2 (high): Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another…
CVE-2008-0085 — CVSS 5.0 (medium): SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop…
CVE-2003-0231 — CVSS 5.0 (medium): Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long…
CVE-2000-1081 — CVSS 4.6 (medium): The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a…
CVE-2000-1084 — CVSS 4.6 (medium): The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer…
CVE-2000-1087 — CVSS 4.6 (medium): The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of…
CVE-2000-1088 — CVSS 4.6 (medium): The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a…
CVE-2000-1086 — CVSS 4.6 (medium): The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of…
CVE-2002-0643 — CVSS 4.6 (medium): The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions…
CVE-2000-1085 — CVSS 4.6 (medium): The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a…
CVE-2000-1082 — CVSS 4.6 (medium): The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a…
CVE-2000-1083 — CVSS 2.1 (low): The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer…