CVSS: 8.8EPSS: 26%CPEs: 3EXPL: 0CVE-2016-7250
https://notcve.org/view.php?id=CVE-2016-7250
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of Privilege Vulnerability." Microsoft SQL Server 2014 SP1, 2014 SP2 y 2016 no realiza correctamente el molde de un puntero no especificado, lo que permite a usuarios remotos autenticados obtener privilegios a través de vectores desconocidos, vulnerabilidad también conocida como "SQL RDBMS Engine Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/94060 http://www.securitytracker.com/id/1037250 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7252
https://notcve.org/view.php?id=CVE-2016-7252
Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnerability." Microsoft SQL Server 2016 maneja incorrectamente la ruta FILESTREAM, lo que permite a usuarios remotos autenticados obtener privilegios a través de vectores no especificados, vulnerabilidad también conocida como "SQL Analysis Services Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94050 http://www.securitytracker.com/id/1037250 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-136 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •