CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1455 – Microsoft SQL Server Management Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-1455
A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files. An attacker could exploit the vulnerability to trigger a denial of service. To exploit the vulnerability, an attacker would first require execution on the victim system. The security update addresses the vulnerability by ensuring Microsoft SQL Server Management Studio properly handles files. Se presenta una vulnerabilidad de denegación de servicio cuando Microsoft SQL Server Management Studio (SSMS), maneja archivos inapropiadamente, también se conoce como "Microsoft SQL Server Management Studio Denial of Service Vulnerability". • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1455 •
CVSS: 8.8EPSS: 97%CPEs: 3EXPL: 5CVE-2020-0618 – Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-0618
A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability'. Se presenta una vulnerabilidad de ejecución de código remota en Microsoft SQL Server Reporting Services cuando maneja inapropiadamente las peticiones de página, también se conoce como "Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability". A vulnerability exists within Microsoft's SQL Server Reporting Services which can allow an attacker to craft an HTTP POST request with a serialized object to achieve remote code execution. The vulnerability is due to the fact that the serialized blob is not signed by the server. Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. • https://www.exploit-db.com/exploits/48816 https://github.com/euphrat1ca/CVE-2020-0618 https://github.com/itstarsec/CVE-2020-0618 http://packetstormsecurity.com/files/156707/SQL-Server-Reporting-Services-SSRS-ViewState-Deserialization.html http://packetstormsecurity.com/files/159216/Microsoft-SQL-Server-Reporting-Services-2016-Remote-Code-Execution.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0618 https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporti • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 2CVE-2019-1332
https://notcve.org/view.php?id=CVE-2019-1332
A cross-site scripting (XSS) vulnerability exists when Microsoft SQL Server Reporting Services (SSRS) does not properly sanitize a specially-crafted web request to an affected SSRS server, aka 'Microsoft SQL Server Reporting Services XSS Vulnerability'. Hay una vulnerabilidad de tipo cross-site scripting (XSS) cuando Microsoft SQL Server Reporting Services (SSRS) no sanea apropiadamente una petición web especialmente diseñada para un servidor SSRS afectado, también se conoce como "Microsoft SQL Server Reporting Services XSS Vulnerability". • https://github.com/mbadanoiu/CVE-2019-1332 https://github.com/DrunkenShells/Disclosures/tree/master/CVE-2019-1332-Cross-Site%20Scripting-Microsoft%20SQL%20Server%20Reporting%20Services https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1332 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1376
https://notcve.org/view.php?id=CVE-2019-1376
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1313. Hay una vulnerabilidad de divulgación de información en Microsoft SQL Server Management Studio (SSMS) cuando aplica inapropiadamente los permisos, también se conoce como "SQL Server Management Studio Information Disclosure Vulnerability". Este ID de CVE es diferente de CVE-2019-1313. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1376 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-1313
https://notcve.org/view.php?id=CVE-2019-1313
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when it improperly enforces permissions, aka 'SQL Server Management Studio Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1376. Hay una vulnerabilidad de divulgación de información en Microsoft SQL Server Management Studio (SSMS) cuando aplica inapropiadamente los permisos, también se conoce como "SQL Server Management Studio Information Disclosure Vulnerability". Este ID de CVE es diferente de CVE-2019-1376. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1313 • CWE-755: Improper Handling of Exceptional Conditions •