Vulnerabilites related to Microsoft - Microsoft SQL Server 2016 Service Pack 3 (GDR)
cve-2024-49004
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49004", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T21:40:07.585174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T21:40:24.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:16.114Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49004", datePublished: "2024-11-12T17:54:11.537Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:16.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21414
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21414", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:12:41.847099Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:12:52.014Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.861Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:14.189Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21414", datePublished: "2024-07-09T17:02:15.377Z", dateReserved: "2023-12-08T22:45:21.300Z", dateUpdated: "2025-03-11T16:39:14.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49021
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T18:52:04.039266Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:55:04.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1135.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4155.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1135.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4155.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:25.364Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49021", datePublished: "2024-11-12T17:54:20.153Z", dateReserved: "2024-10-11T20:57:49.182Z", dateUpdated: "2025-01-30T00:10:25.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48996
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48996", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:23.597063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:55.489Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48996", datePublished: "2024-11-12T17:53:53.952Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:55.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49000
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49000", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T21:46:00.514102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T21:46:08.489Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:13.963Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49000", datePublished: "2024-11-12T17:54:09.288Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:13.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35271
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35271", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:22:27.152534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:15:26.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:43.774Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35271", datePublished: "2024-07-09T17:02:44.013Z", dateReserved: "2024-05-14T20:14:47.414Z", dateUpdated: "2025-03-11T16:39:43.774Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37319
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37319", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T15:00:40.385234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T15:00:58.666Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:48.448Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37319", datePublished: "2024-07-09T17:02:48.643Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:48.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43459
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43459", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:11:56.141537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:12:16.803Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:53.385Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43459", datePublished: "2024-11-12T17:53:51.317Z", dateReserved: "2024-08-14T01:08:33.515Z", dateUpdated: "2025-01-30T00:09:53.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48995
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48995", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:49.066225Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:54.937Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48995", datePublished: "2024-11-12T17:53:53.162Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:54.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21333
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21333", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T15:39:11.759885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T15:39:26.675Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:11.851Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21333", datePublished: "2024-07-09T17:02:13.078Z", dateReserved: "2023-12-08T22:45:19.371Z", dateUpdated: "2025-03-11T16:39:11.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48999
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48999", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:59.959387Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:13.363Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48999", datePublished: "2024-11-12T17:54:08.821Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:13.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37333
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37333", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:57:21.500768Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:57:28.997Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:56.115Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37333", datePublished: "2024-07-09T17:02:55.997Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:56.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21713
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Version: 13.0.0 < 13.0.7024.30 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:17.104Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21713", datePublished: "2023-02-14T19:33:42.806Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-01-01T00:41:17.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21331
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21331", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:06:27.527357Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:06:33.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.921Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:47.268Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21331", datePublished: "2024-07-09T17:02:47.499Z", dateReserved: "2023-12-08T22:45:19.370Z", dateUpdated: "2025-03-11T16:39:47.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37327
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37327", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T20:04:29.330839Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T20:04:35.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:53.292Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37327", datePublished: "2024-07-09T17:02:53.172Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:53.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43462
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43462", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:11:17.162885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:11:29.437Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:53.938Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43462", datePublished: "2024-11-12T17:53:51.958Z", dateReserved: "2024-08-14T01:08:33.516Z", dateUpdated: "2025-01-30T00:09:53.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36728
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-02-27 20:44
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36728", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:21.915063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:34.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2052.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6179.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6449.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6435.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7029.3", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3465.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2052.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6179.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6449.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6435.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7029.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3465.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:10:43.882Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "Microsoft SQL Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36728", datePublished: "2023-10-10T17:07:32.864Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-02-27T20:44:34.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37321
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37321", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:58:27.883167Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:58:36.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:49.588Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37321", datePublished: "2024-07-09T17:02:49.778Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:49.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21425
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 for x64-based Systems (CU 27) |
Version: 15.0.0 < 15.0.4382.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21425", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:05:44.123148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:05:50.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:47.816Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21425", datePublished: "2024-07-09T17:02:48.086Z", dateReserved: "2023-12-08T22:45:21.301Z", dateUpdated: "2025-03-11T16:39:47.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21335
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:58:53.274764Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:59:04.492Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:12.471Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21335", datePublished: "2024-07-09T17:02:13.652Z", dateReserved: "2023-12-08T22:45:19.371Z", dateUpdated: "2025-03-11T16:39:12.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49013
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49013", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:56:52.055888Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:57:31.039Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:21.355Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49013", datePublished: "2024-11-12T17:54:16.266Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:21.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21718
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Version: 11.0.0 < 11.0.7512.11 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:49.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:21.406080Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:13.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x64:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:47.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21718", datePublished: "2023-02-14T19:32:46.111Z", dateReserved: "2022-12-13T18:08:03.492Z", dateUpdated: "2025-02-28T21:14:13.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49009
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49009", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:00:20.386817Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:00:39.426Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:19.119Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49009", datePublished: "2024-11-12T17:54:14.252Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:19.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48997
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:16.048172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:12.320Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48997", datePublished: "2024-11-12T17:54:07.706Z", dateReserved: "2024-10-11T20:57:49.176Z", dateUpdated: "2025-01-30T00:10:12.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49015
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49015", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:55:26.685728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:55:54.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:22.491Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49015", datePublished: "2024-11-12T17:54:17.295Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:22.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21332
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21332", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:01:54.365174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:01:58.688Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:10.730Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21332", datePublished: "2024-07-09T17:02:12.491Z", dateReserved: "2023-12-08T22:45:19.370Z", dateUpdated: "2025-03-11T16:39:10.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38087
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38087", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:03:50.228334Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T19:04:05.758Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:25.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:09.940Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38087", datePublished: "2024-07-09T17:02:11.937Z", dateReserved: "2024-06-11T22:36:08.183Z", dateUpdated: "2025-03-11T16:39:09.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49001
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49001", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:20:34.213571Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:20:45.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:14.548Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49001", datePublished: "2024-11-12T17:54:09.822Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:14.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21428
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21428", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T20:05:22.691324Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T16:56:14.796Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:15.226Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21428", datePublished: "2024-07-09T17:02:16.498Z", dateReserved: "2023-12-08T22:45:21.302Z", dateUpdated: "2025-03-11T16:39:15.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49012
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49012", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:57:56.487351Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:58:12.995Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:20.832Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49012", datePublished: "2024-11-12T17:54:15.790Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:20.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37332
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37332", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:57:34.152293Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:58:13.627Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:16.308Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37332", datePublished: "2024-07-09T17:02:17.679Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:16.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49016
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:54:13.049035Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:54:30.184Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:22.992Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49016", datePublished: "2024-11-12T17:54:17.858Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:22.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29143
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2042.3 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2042.3", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6169.19", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.5108.50", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6439.10", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2095.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 16)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4236.7", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2017 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3445.2", status: "affected", version: "14.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 2 (CU 17)", vendor: "Microsoft", versions: [ { lessThan: "13.0.5893.48", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6419.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7016.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2042.3", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6169.19", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp2:*:*:*:*:x64:*", versionEndExcluding: "13.0.5108.50", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6439.10", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2095.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4236.7", versionStartIncluding: "15.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3445.2", versionStartIncluding: "14.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp2:*:*:*:*:x64:*", versionEndExcluding: "13.0.5893.48", versionStartIncluding: "13.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6419.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7016.1", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:12.592Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29143", datePublished: "2022-06-15T21:51:15", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T19:03:12.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37980
Vulnerability from cvelistv5
Published
2024-09-10 16:54
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37980", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T17:57:23.171718Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T17:57:37.411Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6445.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7040.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6445.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7040.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269: Improper Privilege Management", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:29.495Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37980", datePublished: "2024-09-10T16:54:22.310Z", dateReserved: "2024-06-10T21:22:19.230Z", dateUpdated: "2024-12-31T23:03:29.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49010
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:59:23.030068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:59:35.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:19.760Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49010", datePublished: "2024-11-12T17:54:14.740Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:19.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49006
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49006", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:28:16.455818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:54.067Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:17.791Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49006", datePublished: "2024-11-12T17:54:13.138Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:17.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38088
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38088", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:59:36.443059Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:59:56.241Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:25.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:09.323Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38088", datePublished: "2024-07-09T17:02:11.365Z", dateReserved: "2024-06-11T22:36:08.183Z", dateUpdated: "2025-03-11T16:39:09.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37322
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37322", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:29:48.432280Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:29:57.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:50.066Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37322", datePublished: "2024-07-09T17:02:50.332Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:50.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48998
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48998", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:41.129592Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:12.840Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48998", datePublished: "2024-11-12T17:54:08.341Z", dateReserved: "2024-10-11T20:57:49.176Z", dateUpdated: "2025-01-30T00:10:12.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21303
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 13) |
Version: 16.0.0 < 16.0.4131.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21303", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:01:12.899513Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:01:25.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:45.680Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21303", datePublished: "2024-07-09T17:02:45.781Z", dateReserved: "2023-12-08T22:45:19.365Z", dateUpdated: "2025-03-11T16:39:45.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35272
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.66 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35272", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:38:18.225584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:38:24.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.66", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.40", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.19", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.14", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.7", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.3", status: "affected", version: "17.11", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.66", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.40", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.19", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.14", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.7", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.3", versionStartIncluding: "17.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:44.335Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35272", datePublished: "2024-07-09T17:02:44.609Z", dateReserved: "2024-05-14T20:14:47.415Z", dateUpdated: "2025-03-11T16:39:44.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21449
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21449", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:10:28.135926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T16:34:53.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:51.881Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21449", datePublished: "2024-07-09T17:02:52.050Z", dateReserved: "2023-12-08T22:45:21.306Z", dateUpdated: "2025-03-11T16:39:51.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37324
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 13) |
Version: 16.0.0 < 16.0.4131.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37324", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:37:39.875809Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:37:51.450Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.007Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:51.334Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37324", datePublished: "2024-07-09T17:02:51.484Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:51.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35256
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35256", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:17:58.606084Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:18:09.971Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:57.617Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35256", datePublished: "2024-07-09T17:02:57.698Z", dateReserved: "2024-05-14T20:14:47.411Z", dateUpdated: "2025-03-11T16:39:57.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49002
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49002", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:20:04.985529Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:20:13.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:15.096Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49002", datePublished: "2024-11-12T17:54:10.396Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:15.096Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37320
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37320", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:26:16.936355Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:26:47.310Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:48.950Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37320", datePublished: "2024-07-09T17:02:49.195Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:48.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37323
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37323", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:00:36.632042Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:00:56.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:50.692Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37323", datePublished: "2024-07-09T17:02:50.926Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:50.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49018
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49018", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:53:03.702999Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:53:17.084Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:24.191Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49018", datePublished: "2024-11-12T17:54:18.954Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:24.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49043
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:22:55.414283Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.409Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1135.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4155.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1135.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4155.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:57.150Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043", }, ], title: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49043", datePublished: "2024-11-12T17:53:55.260Z", dateReserved: "2024-10-11T20:57:49.186Z", dateUpdated: "2025-01-30T00:09:57.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37331
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37331", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:00:31.907649Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:00:37.721Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:16.921Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37331", datePublished: "2024-07-09T17:02:18.217Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:16.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20701
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20701", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:30:21.406949Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:30:29.424Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:59:42.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:45.007Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-20701", datePublished: "2024-07-09T17:02:45.206Z", dateReserved: "2023-12-01T00:38:27.975Z", dateUpdated: "2025-03-11T16:39:45.007Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37326
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37326", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:05:17.997441Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:05:24.164Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:52.434Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37326", datePublished: "2024-07-09T17:02:52.612Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:52.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37965
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37965 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37965", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:55:57.491489Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:56:22.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6445.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7040.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6445.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7040.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:01.160Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37965", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37965", datePublished: "2024-09-10T16:53:53.704Z", dateReserved: "2024-06-10T21:22:19.228Z", dateUpdated: "2024-12-31T23:03:01.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21308
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21308", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:37:02.111007Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:37:23.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:46.169Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21308", datePublished: "2024-07-09T17:02:46.353Z", dateReserved: "2023-12-08T22:45:19.366Z", dateUpdated: "2025-03-11T16:39:46.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37336
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37336", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T16:12:15.861051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T21:12:20.976Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:56.609Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37336", datePublished: "2024-07-09T17:02:56.556Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:56.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37328
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37328", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:08:37.128740Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T16:34:39.559Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:53.837Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37328", datePublished: "2024-07-09T17:02:53.736Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:53.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21704
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2047.8 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:45.364Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21704", datePublished: "2023-02-14T19:32:42.272Z", dateReserved: "2022-12-13T18:08:03.489Z", dateUpdated: "2025-01-01T00:40:45.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49014
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49014", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:56:18.275465Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:56:32.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:21.952Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49014", datePublished: "2024-11-12T17:54:16.810Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:21.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21415
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21415", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:08:01.568139Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:08:18.079Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:14.753Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21415", datePublished: "2024-07-09T17:02:15.928Z", dateReserved: "2023-12-08T22:45:21.300Z", dateUpdated: "2025-03-11T16:39:14.753Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37329
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37329", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:20:05.117932Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:14:09.364Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:54.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37329", datePublished: "2024-07-09T17:02:54.322Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:54.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49007
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49007", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:27:51.906795Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.847Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:17.200Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49007", datePublished: "2024-11-12T17:54:12.607Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:17.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23384
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:04
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2008 Service Pack 4 (QFE) |
Version: 10.0.0 < 10.0.6814.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.757Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:04:30.377Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23384", datePublished: "2023-04-11T19:13:12.381Z", dateReserved: "2023-01-11T22:08:03.134Z", dateUpdated: "2025-01-23T01:04:30.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37341
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2065.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37341", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:55:22.879757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:55:33.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2065.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2125.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6450.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7045.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3480.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1130.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4150.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4395.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2065.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2125.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6450.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7045.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3480.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1130.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4150.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4395.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:01.646Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37341", datePublished: "2024-09-10T16:53:54.263Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:03:01.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49017
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49017", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:53:39.445537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:53:55.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:23.649Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49017", datePublished: "2024-11-12T17:54:18.405Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:23.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21398
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21398", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:32:36.942140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:32:47.489Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.738Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:13.687Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21398", datePublished: "2024-07-09T17:02:14.812Z", dateReserved: "2023-12-08T22:45:20.455Z", dateUpdated: "2025-03-11T16:39:13.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28928
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28928", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:23:45.493220Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T14:46:25.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:57.075Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28928", datePublished: "2024-07-09T17:02:57.132Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-03-11T16:39:57.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48993
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48993", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:25:38.907728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.104Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:11.865Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48993", datePublished: "2024-11-12T17:54:07.146Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:10:11.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49008
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49008", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:28:43.125108Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:54.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:18.439Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49008", datePublished: "2024-11-12T17:54:13.676Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:18.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21317
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21317", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:21:17.926476Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:14:36.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.958Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:46.717Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21317", datePublished: "2024-07-09T17:02:46.929Z", dateReserved: "2023-12-08T22:45:19.366Z", dateUpdated: "2025-03-11T16:39:46.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49003
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49003", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:19:03.668048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:19:15.287Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:15.576Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49003", datePublished: "2024-11-12T17:54:10.996Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:15.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37330
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37330", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T14:51:22.813524Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T14:51:31.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:54.937Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37330", datePublished: "2024-07-09T17:02:54.896Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:54.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21705
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Version: 11.0.0 < 11.0.7512.11 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-321", description: "CWE-321: Use of Hard-coded Cryptographic Key", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:45.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21705", datePublished: "2023-02-14T19:32:43.252Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-01-01T00:40:45.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37318
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 for x64-based Systems (CU 27) |
Version: 15.0.0 < 15.0.4382.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37318", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:01:13.007611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:01:32.769Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:15.691Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37318", datePublished: "2024-07-09T17:02:17.073Z", dateReserved: "2024-06-05T20:19:26.773Z", dateUpdated: "2025-03-11T16:39:15.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48994
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48994", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:10:35.588953Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:10:57.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:54.399Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48994", datePublished: "2024-11-12T17:53:52.545Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:54.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21373
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21373", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:03:17.435150Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T19:03:32.481Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:13.108Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21373", datePublished: "2024-07-09T17:02:14.227Z", dateReserved: "2023-12-08T22:45:20.450Z", dateUpdated: "2025-03-11T16:39:13.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49011
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49011", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:58:49.412044Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:59:02.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:20.306Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49011", datePublished: "2024-11-12T17:54:15.302Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:20.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21528
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Version: 13.0.0 < 13.0.7024.30 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x64:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:48.257Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21528", datePublished: "2023-02-14T19:32:35.030Z", dateReserved: "2022-12-01T14:00:11.197Z", dateUpdated: "2025-01-01T00:40:48.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38255
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38255", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:13:40.138397Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:13:51.477Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:52.287Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38255", datePublished: "2024-11-12T17:53:50.155Z", dateReserved: "2024-06-11T22:36:08.234Z", dateUpdated: "2025-01-30T00:09:52.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49005
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49005", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:27:24.319562Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:16.630Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49005", datePublished: "2024-11-12T17:54:12.029Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:16.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }