Vulnerabilites related to Microsoft - Microsoft SQL Server 2019 (GDR)
cve-2024-49004
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49004", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T21:40:07.585174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T21:40:24.045Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:16.114Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49004", datePublished: "2024-11-12T17:54:11.537Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:16.114Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21414
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21414", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:12:41.847099Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:12:52.014Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.861Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:14.189Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21414", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21414", datePublished: "2024-07-09T17:02:15.377Z", dateReserved: "2023-12-08T22:45:21.300Z", dateUpdated: "2025-03-11T16:39:14.189Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49021
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49021", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T18:52:04.039266Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T18:55:04.099Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1135.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4155.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1135.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4155.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:25.364Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49021", datePublished: "2024-11-12T17:54:20.153Z", dateReserved: "2024-10-11T20:57:49.182Z", dateUpdated: "2025-01-30T00:10:25.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28935
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28935", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T12:55:55.302963Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:37.151Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.415Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28935", datePublished: "2024-04-09T17:01:15.096Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:06.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28908
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28908", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:14:41.182241Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:14:52.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:17.864Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28908", datePublished: "2024-04-09T17:00:22.551Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:17.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29985
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29985", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T15:03:54.700971Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T16:11:21.985Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:00.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:18.383Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29985", datePublished: "2024-04-09T17:01:27.068Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:18.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28930
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28930", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:43:31.008624Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:35:37.350Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.397Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:04.726Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28930", datePublished: "2024-04-09T17:01:13.416Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:12:04.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29982
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29982", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T16:01:10.318617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:18:01.240Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:16.738Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29982", datePublished: "2024-04-09T17:01:25.387Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:16.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37335
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:11:54.266982Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:12:47.001Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:30.505Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37335", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37335", datePublished: "2024-09-10T16:53:37.267Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2024-12-31T23:02:30.505Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28945
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28945", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:38:01.291805Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:39.305Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:24.844Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28945", datePublished: "2024-04-09T17:00:30.403Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:11:24.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48996
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48996", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:23.597063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.643Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:55.489Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48996", datePublished: "2024-11-12T17:53:53.952Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:55.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26186
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26186", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:08:32.177448Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:43.474Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:46.337Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26186", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26186", datePublished: "2024-09-10T16:53:40.280Z", dateReserved: "2024-02-14T22:23:54.099Z", dateUpdated: "2024-12-31T23:02:46.337Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28943
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28943", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T13:40:54.272348Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T13:41:06.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:09.012Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28943", datePublished: "2024-04-09T17:01:17.807Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:12:09.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36730
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-02-27 20:44
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36730", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:10.793075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:39.623Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:10:42.830Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36730", datePublished: "2023-10-10T17:07:31.809Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-02-27T20:44:39.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29046
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29046", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T20:23:47.504221Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:57:04.988Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:10.716Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29046", datePublished: "2024-04-09T17:01:19.418Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:10.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49000
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49000", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-12T21:46:00.514102Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-12T21:46:08.489Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:13.963Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49000", datePublished: "2024-11-12T17:54:09.288Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:13.963Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28939
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28939", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T14:44:17.065535Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:20:45.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209: Generation of Error Message Containing Sensitive Information", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:23.917Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28939", datePublished: "2024-04-09T17:00:29.317Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:11:23.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35271
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35271", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:22:27.152534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:15:26.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.930Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:43.774Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35271", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35271", datePublished: "2024-07-09T17:02:44.013Z", dateReserved: "2024-05-14T20:14:47.414Z", dateUpdated: "2025-03-11T16:39:43.774Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37319
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37319", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T15:00:40.385234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T15:00:58.666Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.913Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:48.448Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37319", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37319", datePublished: "2024-07-09T17:02:48.643Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:48.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28942
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28942", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:14:13.046600Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:14:18.576Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.838Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:24.402Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28942", datePublished: "2024-04-09T17:00:29.841Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:11:24.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43459
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43459", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:11:56.141537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:12:16.803Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:53.385Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43459", datePublished: "2024-11-12T17:53:51.317Z", dateReserved: "2024-08-14T01:08:33.515Z", dateUpdated: "2025-01-30T00:09:53.385Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37340
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37340", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:12:31.036519Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:13:58.924Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:31.190Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37340", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37340", datePublished: "2024-09-10T16:53:37.939Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:31.190Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37966
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37966 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37966", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:13:14.833797Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:13:49.657Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:29.737Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37966", }, ], title: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37966", datePublished: "2024-09-10T16:53:36.605Z", dateReserved: "2024-06-10T21:22:19.228Z", dateUpdated: "2024-12-31T23:02:29.737Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48995
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48995", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:24:49.066225Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.759Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:54.937Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48995", datePublished: "2024-11-12T17:53:53.162Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:54.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21333
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21333", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T15:39:11.759885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T15:39:26.675Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.093Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:11.851Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21333", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21333", datePublished: "2024-07-09T17:02:13.078Z", dateReserved: "2023-12-08T22:45:19.371Z", dateUpdated: "2025-03-11T16:39:11.851Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48999
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48999", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:59.959387Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:13.363Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48999", datePublished: "2024-11-12T17:54:08.821Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:13.363Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37333
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37333", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:57:21.500768Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:57:28.997Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.272Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:56.115Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37333", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37333", datePublished: "2024-07-09T17:02:55.997Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:56.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21713
Vulnerability from cvelistv5
Published
2023-02-14 19:33
Modified
2025-01-01 00:41
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Version: 13.0.0 < 13.0.7024.30 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.495Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-502", description: "CWE-502: Deserialization of Untrusted Data", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:41:17.104Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21713", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21713", datePublished: "2023-02-14T19:33:42.806Z", dateReserved: "2022-12-13T18:08:03.491Z", dateUpdated: "2025-01-01T00:41:17.104Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28941
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-28941", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:52:13.543985Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-12T17:32:55.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:08.467Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28941", datePublished: "2024-04-09T17:01:17.273Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:12:08.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21331
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21331", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:06:27.527357Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:06:33.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.921Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:47.268Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21331", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21331", datePublished: "2024-07-09T17:02:47.499Z", dateReserved: "2023-12-08T22:45:19.370Z", dateUpdated: "2025-03-11T16:39:47.268Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28927
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28927", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:46:15.048603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:04:02.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:04.128Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28927", datePublished: "2024-04-09T17:01:12.876Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-01-23T01:12:04.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37327
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37327", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T20:04:29.330839Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T20:04:35.955Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.151Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:53.292Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37327", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37327", datePublished: "2024-07-09T17:02:53.172Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:53.292Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43462
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43462", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:11:17.162885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:11:29.437Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:53.938Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43462", datePublished: "2024-11-12T17:53:51.958Z", dateReserved: "2024-08-14T01:08:33.516Z", dateUpdated: "2025-01-30T00:09:53.938Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36728
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-02-27 20:44
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 22) |
Version: 15.0.0 < 15.0.4326.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36728", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:21.915063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:34.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2052.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6179.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6449.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6435.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7029.3", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3465.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2052.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6179.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6449.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6435.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7029.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3465.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:10:43.882Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "Microsoft SQL Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36728", datePublished: "2023-10-10T17:07:32.864Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-02-27T20:44:34.088Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37321
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37321", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:58:27.883167Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:58:36.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:49.588Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37321", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37321", datePublished: "2024-07-09T17:02:49.778Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:49.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28909
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28909", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T14:12:20.974804Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:12.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:18.420Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28909", datePublished: "2024-04-09T17:00:23.090Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:18.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21425
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 for x64-based Systems (CU 27) |
Version: 15.0.0 < 15.0.4382.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21425", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:05:44.123148Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:05:50.421Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:47.816Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21425", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21425", datePublished: "2024-07-09T17:02:48.086Z", dateReserved: "2023-12-08T22:45:21.301Z", dateUpdated: "2025-03-11T16:39:47.816Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21335
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21335", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:58:53.274764Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:59:04.492Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.405Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:12.471Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21335", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21335", datePublished: "2024-07-09T17:02:13.652Z", dateReserved: "2023-12-08T22:45:19.371Z", dateUpdated: "2025-03-11T16:39:12.471Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21718
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-02-28 21:14
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Version: 11.0.0 < 11.0.7512.11 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:51:49.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:23:21.406080Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:14:13.286Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x64:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:47.652Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21718", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21718", datePublished: "2023-02-14T19:32:46.111Z", dateReserved: "2022-12-13T18:08:03.492Z", dateUpdated: "2025-02-28T21:14:13.286Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49013
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49013", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:56:52.055888Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:57:31.039Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:21.355Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49013", datePublished: "2024-11-12T17:54:16.266Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:21.355Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49009
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49009", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:00:20.386817Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:00:39.426Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:19.119Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49009", datePublished: "2024-11-12T17:54:14.252Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:19.119Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48997
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48997", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:16.048172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.319Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:12.320Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48997", datePublished: "2024-11-12T17:54:07.706Z", dateReserved: "2024-10-11T20:57:49.176Z", dateUpdated: "2025-01-30T00:10:12.320Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28940
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28940", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:41:24.285678Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:18.517Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:07.932Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28940", datePublished: "2024-04-09T17:01:16.713Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:12:07.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49015
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49015", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:55:26.685728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:55:54.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:22.491Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49015", datePublished: "2024-11-12T17:54:17.295Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:22.491Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37338
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37338", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:14:40.625333Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:15:34.246Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:28.929Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37338", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37338", datePublished: "2024-09-10T16:53:35.477Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:28.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29048
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:43:16.002515Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:34:21.629Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:11.489Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29048", datePublished: "2024-04-09T17:01:19.942Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:11.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21332
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21332", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:01:54.365174Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:01:58.688Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:10.730Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21332", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21332", datePublished: "2024-07-09T17:02:12.491Z", dateReserved: "2023-12-08T22:45:19.370Z", dateUpdated: "2025-03-11T16:39:10.730Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38087
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38087", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:03:50.228334Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T19:04:05.758Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:25.155Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:09.940Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38087", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38087", datePublished: "2024-07-09T17:02:11.937Z", dateReserved: "2024-06-11T22:36:08.183Z", dateUpdated: "2025-03-11T16:39:09.940Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49001
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49001", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:20:34.213571Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:20:45.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:14.548Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49001", datePublished: "2024-11-12T17:54:09.822Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:14.548Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21428
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21428", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T20:05:22.691324Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T16:56:14.796Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.885Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:15.226Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21428", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21428", datePublished: "2024-07-09T17:02:16.498Z", dateReserved: "2023-12-08T22:45:21.302Z", dateUpdated: "2025-03-11T16:39:15.226Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28914
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-28914", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:56:48.008163Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-12T17:37:48.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:20.918Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28914", datePublished: "2024-04-09T17:00:25.876Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:20.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36420
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-02-27 20:42
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36420", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:51.647284Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:43.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:11:23.821Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36420", datePublished: "2023-10-10T17:08:06.283Z", dateReserved: "2023-06-21T15:14:27.785Z", dateUpdated: "2025-02-27T20:42:43.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28938
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28938", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T17:30:59.430193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:20.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.355Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:07.412Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28938", datePublished: "2024-04-09T17:01:16.170Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:07.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28936
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T19:04:55.282290Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:40.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:23.421Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28936", datePublished: "2024-04-09T17:00:28.756Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:11:23.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49012
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49012", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:57:56.487351Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:58:12.995Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:20.832Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49012", datePublished: "2024-11-12T17:54:15.790Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:20.832Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37332
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37332", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:57:34.152293Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:58:13.627Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.191Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:16.308Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37332", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37332", datePublished: "2024-07-09T17:02:17.679Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:16.308Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49016
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49016", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:54:13.049035Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:54:30.184Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:22.992Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49016", datePublished: "2024-11-12T17:54:17.858Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:22.992Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-43474
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-43474", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:51:43.144331Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:51:53.564Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.6, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-170", description: "CWE-170: Improper Null Termination", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:58.174Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43474", }, ], title: "Microsoft SQL Server Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-43474", datePublished: "2024-09-10T16:53:51.348Z", dateReserved: "2024-08-14T01:08:33.517Z", dateUpdated: "2024-12-31T23:02:58.174Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-29143
Vulnerability from cvelistv5
Published
2022-06-15 21:51
Modified
2025-01-02 19:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2042.3 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T06:10:59.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-29143", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2042.3", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6169.19", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.5108.50", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6439.10", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2095.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 16)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4236.7", status: "affected", version: "15.0.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2017 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3445.2", status: "affected", version: "14.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 2 (CU 17)", vendor: "Microsoft", versions: [ { lessThan: "13.0.5893.48", status: "affected", version: "13.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6419.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7016.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2042.3", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6169.19", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp2:*:*:*:*:x64:*", versionEndExcluding: "13.0.5108.50", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6439.10", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2095.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4236.7", versionStartIncluding: "15.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3445.2", versionStartIncluding: "14.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp2:*:*:*:*:x64:*", versionEndExcluding: "13.0.5893.48", versionStartIncluding: "13.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6419.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7016.1", versionStartIncluding: "13.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2022-06-14T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-02T19:03:12.592Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-29143", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2022-29143", datePublished: "2022-06-15T21:51:15", dateReserved: "2022-04-12T00:00:00", dateUpdated: "2025-01-02T19:03:12.592Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37980
Vulnerability from cvelistv5
Published
2024-09-10 16:54
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37980", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T17:57:23.171718Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T17:57:37.411Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6445.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7040.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6445.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7040.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269: Improper Privilege Management", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:29.495Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37980", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37980", datePublished: "2024-09-10T16:54:22.310Z", dateReserved: "2024-06-10T21:22:19.230Z", dateUpdated: "2024-12-31T23:03:29.495Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49010
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49010", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:59:23.030068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:59:35.898Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:19.760Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49010", datePublished: "2024-11-12T17:54:14.740Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:19.760Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28932
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28932", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T18:08:26.723573Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T18:08:37.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.905Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28932", datePublished: "2024-04-09T17:00:28.215Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49006
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49006", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:28:16.455818Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:54.067Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:17.791Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49006", datePublished: "2024-11-12T17:54:13.138Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:17.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28937
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28937", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T20:00:06.674591Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:48.747Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28937", datePublished: "2024-04-09T17:01:15.620Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:06.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38088
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38088", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:59:36.443059Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T13:59:56.241Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:04:25.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:09.323Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38088", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38088", datePublished: "2024-07-09T17:02:11.365Z", dateReserved: "2024-06-11T22:36:08.183Z", dateUpdated: "2025-03-11T16:39:09.323Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37322
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37322", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:29:48.432280Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:29:57.984Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.234Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:50.066Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37322", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37322", datePublished: "2024-07-09T17:02:50.332Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:50.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48998
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48998", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:26:41.129592Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.439Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:12.840Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48998", datePublished: "2024-11-12T17:54:08.341Z", dateReserved: "2024-10-11T20:57:49.176Z", dateUpdated: "2025-01-30T00:10:12.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37342
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 28) |
Version: 15.0.0 < 15.0.4390.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37342", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:09:10.821219Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:09:20.150Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:40.376Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37342", }, ], title: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37342", datePublished: "2024-09-10T16:53:39.717Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:40.376Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21303
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 13) |
Version: 16.0.0 < 16.0.4131.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21303", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:01:12.899513Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:01:25.042Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:45.680Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21303", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21303", datePublished: "2024-07-09T17:02:45.781Z", dateReserved: "2023-12-08T22:45:19.365Z", dateUpdated: "2025-03-11T16:39:45.680Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35272
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Version: 15.9.0 < 15.9.66 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35272", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:38:18.225584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:38:24.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.938Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)", vendor: "Microsoft", versions: [ { lessThan: "15.9.66", status: "affected", version: "15.9.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.40", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.19", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.14", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.10", vendor: "Microsoft", versions: [ { lessThan: "17.10.7", status: "affected", version: "17.10", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.11", vendor: "Microsoft", versions: [ { lessThan: "17.11.3", status: "affected", version: "17.11", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*", versionEndExcluding: "15.9.66", versionStartIncluding: "15.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.40", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.19", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.14", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.7", versionStartIncluding: "17.10", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.11.3", versionStartIncluding: "17.11", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:44.335Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35272", datePublished: "2024-07-09T17:02:44.609Z", dateReserved: "2024-05-14T20:14:47.415Z", dateUpdated: "2025-03-11T16:39:44.335Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21449
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21449", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:10:28.135926Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T16:34:53.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.790Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:51.881Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21449", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21449", datePublished: "2024-07-09T17:02:52.050Z", dateReserved: "2023-12-08T22:45:21.306Z", dateUpdated: "2025-03-11T16:39:51.881Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37324
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 13) |
Version: 16.0.0 < 16.0.4131.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37324", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:37:39.875809Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:37:51.450Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.007Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:51.334Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37324", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37324", datePublished: "2024-07-09T17:02:51.484Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:51.334Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28933
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.35 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28933", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T15:37:19.711302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:12.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.350Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28933", datePublished: "2024-04-09T17:01:13.955Z", dateReserved: "2024-03-13T01:26:53.034Z", dateUpdated: "2025-01-23T01:12:05.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35256
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-35256", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:17:58.606084Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:18:09.971Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.925Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:57.617Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35256", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-35256", datePublished: "2024-07-09T17:02:57.698Z", dateReserved: "2024-05-14T20:14:47.411Z", dateUpdated: "2025-03-11T16:39:57.617Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28910
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28910", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T19:07:39.377477Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:53.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:18.946Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28910", datePublished: "2024-04-09T17:00:23.631Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:18.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49002
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49002", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:20:04.985529Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:20:13.129Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:15.096Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49002", datePublished: "2024-11-12T17:54:10.396Z", dateReserved: "2024-10-11T20:57:49.177Z", dateUpdated: "2025-01-30T00:10:15.096Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28944
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28944", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T16:07:01.540237Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:17:03.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.416Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:09.530Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28944", datePublished: "2024-04-09T17:01:18.340Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:12:09.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29044
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:40:08.656116Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:58:12.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:10.138Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29044", datePublished: "2024-04-09T17:01:18.882Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:10.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29045
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29045", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T17:48:39.679827Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:57:59.578Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:25.890Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29045", datePublished: "2024-04-09T17:00:31.478Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:11:25.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37320
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37320", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:26:16.936355Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:26:47.310Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:48.950Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37320", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37320", datePublished: "2024-07-09T17:02:49.195Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:48.950Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37323
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37323", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T19:00:36.632042Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-23T19:00:56.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.126Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:50.692Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37323", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37323", datePublished: "2024-07-09T17:02:50.926Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:50.692Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49018
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49018", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:53:03.702999Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:53:17.084Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:24.191Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49018", datePublished: "2024-11-12T17:54:18.954Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:24.191Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28931
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28931", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T00:11:41.299849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:59.642Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.456Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28931", datePublished: "2024-04-09T17:00:27.649Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49043
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:22:55.414283Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:52.409Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1135.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4155.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1135.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4155.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-426", description: "CWE-426: Untrusted Search Path", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:57.150Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043", }, ], title: "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49043", datePublished: "2024-11-12T17:53:55.260Z", dateReserved: "2024-10-11T20:57:49.186Z", dateUpdated: "2025-01-30T00:09:57.150Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28912
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28912", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T19:06:50.764176Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:06.013Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.810Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:19.929Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28912", datePublished: "2024-04-09T17:00:24.771Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:19.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37331
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37331", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:00:31.907649Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:00:37.721Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.119Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:16.921Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37331", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37331", datePublished: "2024-07-09T17:02:18.217Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:16.921Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-20701
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-20701", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:30:21.406949Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:30:29.424Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:59:42.923Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:45.007Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20701", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-20701", datePublished: "2024-07-09T17:02:45.206Z", dateReserved: "2023-12-01T00:38:27.975Z", dateUpdated: "2025-03-11T16:39:45.007Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29043
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:02:10.385885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T17:29:44.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.751Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:25.448Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29043", datePublished: "2024-04-09T17:00:30.944Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:11:25.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37326
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37326", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:05:17.997441Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:05:24.164Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:52.434Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37326", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37326", datePublished: "2024-07-09T17:02:52.612Z", dateReserved: "2024-06-05T20:19:26.774Z", dateUpdated: "2025-03-11T16:39:52.434Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37965
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37965 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37965", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:55:57.491489Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:56:22.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6445.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7040.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6445.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7040.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-20", description: "CWE-20: Improper Input Validation", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:01.160Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37965", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37965", datePublished: "2024-09-10T16:53:53.704Z", dateReserved: "2024-06-10T21:22:19.228Z", dateUpdated: "2024-12-31T23:03:01.160Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21308
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21308", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:37:02.111007Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:37:23.726Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:13:42.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:46.169Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21308", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21308", datePublished: "2024-07-09T17:02:46.353Z", dateReserved: "2023-12-08T22:45:19.366Z", dateUpdated: "2025-03-11T16:39:46.169Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37336
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37336", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-12T16:12:15.861051Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-12T21:12:20.976Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.159Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:56.609Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37336", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37336", datePublished: "2024-07-09T17:02:56.556Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:56.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-26191
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-26191", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:07:59.603855Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:08:11.315Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:46.893Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26191", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-26191", datePublished: "2024-09-10T16:53:40.880Z", dateReserved: "2024-02-14T22:23:54.099Z", dateUpdated: "2024-12-31T23:02:46.893Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29984
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29984", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T15:31:18.892615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:31:35.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:17.863Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29984", datePublished: "2024-04-09T17:01:26.492Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:17.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37328
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37328", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:08:37.128740Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T16:34:39.559Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.769Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:53.837Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37328", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37328", datePublished: "2024-07-09T17:02:53.736Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:53.837Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21704
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2047.8 |
|||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.190Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:45.364Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21704", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21704", datePublished: "2023-02-14T19:32:42.272Z", dateReserved: "2022-12-13T18:08:03.489Z", dateUpdated: "2025-01-01T00:40:45.364Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49014
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49014", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:56:18.275465Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:56:32.731Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:21.952Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49014", datePublished: "2024-11-12T17:54:16.810Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:21.952Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21415
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21415", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T18:08:01.568139Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T18:08:18.079Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.534Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:14.753Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21415", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21415", datePublished: "2024-07-09T17:02:15.928Z", dateReserved: "2023-12-08T22:45:21.300Z", dateUpdated: "2025-03-11T16:39:14.753Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37329
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37329", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:20:05.117932Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:14:09.364Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.124Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:54.389Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37329", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37329", datePublished: "2024-07-09T17:02:54.322Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:54.389Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28906
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28906", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T19:09:41.816330Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:55.132Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:17.374Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28906", datePublished: "2024-04-09T17:00:22.006Z", dateReserved: "2024-03-13T01:26:53.025Z", dateUpdated: "2025-01-23T01:11:17.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49007
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49007", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:27:51.906795Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.847Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:17.200Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49007", datePublished: "2024-11-12T17:54:12.607Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:17.200Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-23384
Vulnerability from cvelistv5
Published
2023-04-11 19:13
Modified
2025-01-23 01:04
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2008 Service Pack 4 (QFE) |
Version: 10.0.0 < 10.0.6814.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T10:28:40.757Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x86:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-04-11T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:04:30.377Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23384", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-23384", datePublished: "2023-04-11T19:13:12.381Z", dateReserved: "2023-01-11T22:08:03.134Z", dateUpdated: "2025-01-23T01:04:30.377Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28913
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28913", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:03:03.719582Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T17:35:50.797Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:20.465Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28913", datePublished: "2024-04-09T17:00:25.350Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:20.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37341
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:03
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2065.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37341", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T18:55:22.879757Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T18:55:33.965Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2065.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2125.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6450.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7045.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3480.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1130.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4150.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4395.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2065.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2125.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6450.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7045.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3480.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1130.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4150.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4395.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284: Improper Access Control", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:03:01.646Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37341", }, ], title: "Microsoft SQL Server Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37341", datePublished: "2024-09-10T16:53:54.263Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:03:01.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49017
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49017", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:53:39.445537Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:53:55.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:23.649Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49017", datePublished: "2024-11-12T17:54:18.405Z", dateReserved: "2024-10-11T20:57:49.181Z", dateUpdated: "2025-01-30T00:10:23.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21398
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21398", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:32:36.942140Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:32:47.489Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.738Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:13.687Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21398", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21398", datePublished: "2024-07-09T17:02:14.812Z", dateReserved: "2023-12-08T22:45:20.455Z", dateUpdated: "2025-03-11T16:39:13.687Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28928
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28928", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:23:45.493220Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T14:46:25.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:57.075Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28928", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28928", datePublished: "2024-07-09T17:02:57.132Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-03-11T16:39:57.075Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48993
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48993", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:25:38.907728Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.104Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:11.865Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48993", datePublished: "2024-11-12T17:54:07.146Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:10:11.865Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28915
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28915", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T16:21:00.629354Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:21:06.121Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:21.442Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28915", datePublished: "2024-04-09T17:00:26.477Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:21.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37337
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Information Disclosure Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37337", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:05:21.985207Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:05:31.207Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:38.609Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37337", }, ], title: "Microsoft SQL Server Native Scoring Information Disclosure Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37337", datePublished: "2024-09-10T16:53:39.088Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:38.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49008
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49008", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:28:43.125108Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:54.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:18.439Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49008", datePublished: "2024-11-12T17:54:13.676Z", dateReserved: "2024-10-11T20:57:49.179Z", dateUpdated: "2025-01-30T00:10:18.439Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-29983
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29983", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T19:28:55.997420Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:35.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:17.301Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29983", datePublished: "2024-04-09T17:01:25.929Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:17.301Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21317
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21317", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:21:17.926476Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T21:14:36.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:39.958Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:46.717Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21317", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21317", datePublished: "2024-07-09T17:02:46.929Z", dateReserved: "2023-12-08T22:45:19.366Z", dateUpdated: "2025-03-11T16:39:46.717Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49003
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49003", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T14:19:03.668048Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T14:19:15.287Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:15.576Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49003", datePublished: "2024-11-12T17:54:10.996Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:15.576Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37334
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2116.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37334", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:28:50.890496Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:29:00.352Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0005.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0004.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0005.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0004.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:55.564Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37334", datePublished: "2024-07-09T17:02:55.450Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:55.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37330
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37330", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T14:51:22.813524Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-10T14:51:31.277Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.232Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:54.937Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37330", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37330", datePublished: "2024-07-09T17:02:54.896Z", dateReserved: "2024-06-05T20:19:26.775Z", dateUpdated: "2025-03-11T16:39:54.937Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-1636
Vulnerability from cvelistv5
Published
2021-01-12 19:41
Modified
2024-10-08 16:17
Severity ?
EPSS score ?
Summary
Microsoft SQL Elevation of Privilege Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Version: 11.0.0 < publication cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T16:18:10.906Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1636", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { cpes: [ "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*", ], platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2012:sp4:*:*:*:*:*:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", ], platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*", ], platforms: [ "Unknown", ], product: "Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", ], platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2017:-:*:*:*:*:x64:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2016:sp2:*:*:*:*:x64:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 2 (CU 15)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", ], platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "publication", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], datePublic: "2021-01-12T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Elevation of Privilege Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "Elevation of Privilege", lang: "en-US", type: "Impact", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-08T16:17:34.725Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Elevation of Privilege Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1636", }, ], title: "Microsoft SQL Elevation of Privilege Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2021-1636", datePublished: "2021-01-12T19:41:55", dateReserved: "2020-12-02T00:00:00", dateUpdated: "2024-10-08T16:17:34.725Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36785
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-02-27 20:42
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36785", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:49.237869Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:30.756Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:11:28.365Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36785", datePublished: "2023-10-10T17:08:10.995Z", dateReserved: "2023-06-27T15:11:59.871Z", dateUpdated: "2025-02-27T20:42:30.756Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-36417
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-02-27 20:42
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.103Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36417", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:50.389321Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:36.212Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T02:11:24.918Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36417", datePublished: "2023-10-10T17:08:07.327Z", dateReserved: "2023-06-21T15:14:27.784Z", dateUpdated: "2025-02-27T20:42:36.212Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21705
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2012 Service Pack 4 (QFE) |
Version: 11.0.0 < 11.0.7512.11 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:02.069Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-321", description: "CWE-321: Use of Hard-coded Cryptographic Key", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:45.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21705", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21705", datePublished: "2023-02-14T19:32:43.252Z", dateReserved: "2022-12-13T18:08:03.490Z", dateUpdated: "2025-01-01T00:40:45.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37339
Vulnerability from cvelistv5
Published
2024-09-10 16:53
Modified
2024-12-31 23:02
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2060.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37339", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-10T19:05:51.585468Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-10T19:06:00.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2060.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2120.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3475.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1125.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 14)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4140.3", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 28)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4390.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2060.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2120.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3475.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1125.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4140.3", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4390.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-09-10T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-822", description: "CWE-822: Untrusted Pointer Dereference", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-31T23:02:37.918Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37339", }, ], title: "Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37339", datePublished: "2024-09-10T16:53:38.546Z", dateReserved: "2024-06-05T20:19:26.777Z", dateUpdated: "2024-12-31T23:02:37.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-37318
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 for x64-based Systems (CU 27) |
Version: 15.0.0 < 15.0.4382.1 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37318", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T15:01:13.007611Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T15:01:32.769Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:55.955Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:15.691Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37318", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37318", datePublished: "2024-07-09T17:02:17.073Z", dateReserved: "2024-06-05T20:19:26.773Z", dateUpdated: "2025-03-11T16:39:15.691Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-48994
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-48994", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:10:35.588953Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:10:57.844Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:54.399Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-48994", datePublished: "2024-11-12T17:53:52.545Z", dateReserved: "2024-10-11T20:57:49.175Z", dateUpdated: "2025-01-30T00:09:54.399Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28929
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28929", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T16:11:54.498743Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T20:29:04.530Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:21.949Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28929", datePublished: "2024-04-09T17:00:27.042Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:21.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-21373
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2056.2 |
||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-21373", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:03:17.435150Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-09T19:03:32.481Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T22:20:40.477Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2056.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6441.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7037.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3471.2", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2056.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6441.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7037.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3471.2", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:13.108Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21373", }, ], title: "SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-21373", datePublished: "2024-07-09T17:02:14.227Z", dateReserved: "2023-12-08T22:45:20.450Z", dateUpdated: "2025-03-11T16:39:13.108Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49011
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49011", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T15:58:49.412044Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T15:59:02.101Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:20.306Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49011", datePublished: "2024-11-12T17:54:15.302Z", dateReserved: "2024-10-11T20:57:49.180Z", dateUpdated: "2025-01-30T00:10:20.306Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28926
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28926", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T16:18:17.172255Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:18:25.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:03.525Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28926", datePublished: "2024-04-09T17:01:12.323Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-01-23T01:12:03.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28934
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*", ], defaultStatus: "unknown", product: "odbc_driver_for_sql_server", vendor: "microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sql_server", vendor: "microsoft", versions: [ { status: "affected", version: "15.0.2000.5", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-28934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T15:04:37.242018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:16.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.878Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28934", datePublished: "2024-04-09T17:01:14.516Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:05.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-28911
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28911", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:37:46.768886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:39.160Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:19.388Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28911", datePublished: "2024-04-09T17:00:24.222Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:19.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21528
Vulnerability from cvelistv5
Published
2023-02-14 19:32
Modified
2025-01-01 00:40
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack |
Version: 13.0.0 < 13.0.7024.30 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7024.30", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2101.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6430.49", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6444.4", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6174.8", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", ], product: "Microsoft SQL Server 2012 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2047.8", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2012 for x64-based Systems Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "11.0.7512.11", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3460.9", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 18)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4280.7", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2008 Service Pack 4 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.0.6814.4", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2008 R2 Service Pack 3 (QFE)", vendor: "Microsoft", versions: [ { lessThan: "10.50.6785.2", status: "affected", version: "10.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1050.5", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7024.30", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2101.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6430.49", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6444.4", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6174.8", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2047.8", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:*:*", versionEndExcluding: "11.0.7512.11", versionStartIncluding: "11.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3460.9", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4280.7", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp4:*:*:*:*:x64:*", versionEndExcluding: "10.0.6814.4", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:r2_sp2:x86:*:*:*:*:*", versionEndExcluding: "10.50.6785.2", versionStartIncluding: "10.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1050.5", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-02-14T08:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T00:40:48.257Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21528", }, ], title: "Microsoft SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-21528", datePublished: "2023-02-14T19:32:35.030Z", dateReserved: "2022-12-01T14:00:11.197Z", dateUpdated: "2025-01-01T00:40:48.257Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-38255
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2025-01-30 00:09
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-38255", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T16:13:40.138397Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T16:13:51.477Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:09:52.287Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-38255", datePublished: "2024-11-12T17:53:50.155Z", dateReserved: "2024-06-11T22:36:08.234Z", dateUpdated: "2025-01-30T00:09:52.287Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-49005
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2025-01-30 00:10
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-49005", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-11-13T17:27:24.319562Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-13T17:29:53.705Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2070.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2130.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6455.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7050.2", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3485.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 (CU 29)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4410.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2070.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2130.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6455.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7050.2", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3485.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4410.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-11-12T08:00:00.000Z", descriptions: [ { lang: "en-US", value: "SQL Server Native Client Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-30T00:10:16.630Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "SQL Server Native Client Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005", }, ], title: "SQL Server Native Client Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-49005", datePublished: "2024-11-12T17:54:12.029Z", dateReserved: "2024-10-11T20:57:49.178Z", dateUpdated: "2025-01-30T00:10:16.630Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }