Search a vulnerability

cve-2024-28944

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28944",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T16:07:01.540237Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:17:03.959Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.416Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-197",
              "description": "CWE-197: Numeric Truncation Error",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:53.139Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28944",
    "datePublished": "2024-04-09T17:01:18.340Z",
    "dateReserved": "2024-03-13T01:26:53.039Z",
    "dateUpdated": "2024-10-09T01:41:53.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28941

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28941",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:52:13.543985Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:32:55.845Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:52.175Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28941",
    "datePublished": "2024-04-09T17:01:17.273Z",
    "dateReserved": "2024-03-13T01:26:53.038Z",
    "dateUpdated": "2024-10-09T01:41:52.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28938

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28938",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T17:30:59.430193Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:20.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:51.130Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28938",
    "datePublished": "2024-04-09T17:01:16.170Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:51.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28911

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28911",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:37:46.768886Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:39.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.912Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:00.064Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28911",
    "datePublished": "2024-04-09T17:00:24.222Z",
    "dateReserved": "2024-03-13T01:26:53.026Z",
    "dateUpdated": "2024-10-09T01:41:00.064Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28943

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28943",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-13T13:40:54.272348Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-13T13:41:06.217Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.310Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:52.624Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28943",
    "datePublished": "2024-04-09T17:01:17.807Z",
    "dateReserved": "2024-03-13T01:26:53.039Z",
    "dateUpdated": "2024-10-09T01:41:52.624Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28934

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "odbc_driver_for_sql_server",
            "vendor": "microsoft",
            "versions": [
              {
                "lessThan": "18.3.3.1",
                "status": "affected",
                "version": "18.0",
                "versionType": "semver"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "sql_server",
            "vendor": "microsoft",
            "versions": [
              {
                "status": "affected",
                "version": "15.0.2000.5"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28934",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:04:37.242018Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:16.066Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.518Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:49.555Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28934",
    "datePublished": "2024-04-09T17:01:14.516Z",
    "dateReserved": "2024-03-13T01:26:53.036Z",
    "dateUpdated": "2024-10-09T01:41:49.555Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28935

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28935",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T12:55:55.302963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:37.151Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:50.105Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28935",
    "datePublished": "2024-04-09T17:01:15.096Z",
    "dateReserved": "2024-03-13T01:26:53.036Z",
    "dateUpdated": "2024-10-09T01:41:50.105Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28937

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28937",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T20:00:06.674591Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:48.747Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:50.635Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28937",
    "datePublished": "2024-04-09T17:01:15.620Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:50.635Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28914

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.186Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28914",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:56:48.008163Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-12T17:37:48.819Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:01.802Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28914",
    "datePublished": "2024-04-09T17:00:25.876Z",
    "dateReserved": "2024-03-13T01:26:53.027Z",
    "dateUpdated": "2024-10-09T01:41:01.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29046

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29046",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T20:23:47.504221Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:57:04.988Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.645Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:54.416Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29046",
    "datePublished": "2024-04-09T17:01:19.418Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:54.416Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28915

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28915",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T16:21:00.629354Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:21:06.121Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:02.451Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28915",
    "datePublished": "2024-04-09T17:00:26.477Z",
    "dateReserved": "2024-03-13T01:26:53.027Z",
    "dateUpdated": "2024-10-09T01:41:02.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29985

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T15:03:54.700971Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-06T16:11:21.985Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:25:00.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:42:02.961Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29985",
    "datePublished": "2024-04-09T17:01:27.068Z",
    "dateReserved": "2024-03-22T23:12:11.046Z",
    "dateUpdated": "2024-10-09T01:42:02.961Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28909

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28909",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T14:12:20.974804Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:12.000Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.997Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:40:58.938Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28909",
    "datePublished": "2024-04-09T17:00:23.090Z",
    "dateReserved": "2024-03-13T01:26:53.026Z",
    "dateUpdated": "2024-10-09T01:40:58.938Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28927

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:46:15.048603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:04:02.462Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.225Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:47.712Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28927",
    "datePublished": "2024-04-09T17:01:12.876Z",
    "dateReserved": "2024-03-13T01:26:53.030Z",
    "dateUpdated": "2024-10-09T01:41:47.712Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28906

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28906",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T19:09:41.816330Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:55.132Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.853Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:40:57.785Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28906",
    "datePublished": "2024-04-09T17:00:22.006Z",
    "dateReserved": "2024-03-13T01:26:53.025Z",
    "dateUpdated": "2024-10-09T01:40:57.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28929

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28929",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T16:11:54.498743Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-29T20:29:04.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.116Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:03.086Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28929",
    "datePublished": "2024-04-09T17:00:27.042Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:03.086Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28931

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T00:11:41.299849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:59.642Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:03.578Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28931",
    "datePublished": "2024-04-09T17:00:27.649Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:03.578Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28933

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-22T15:37:19.711302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:12.885Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:48.973Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28933",
    "datePublished": "2024-04-09T17:01:13.955Z",
    "dateReserved": "2024-03-13T01:26:53.034Z",
    "dateUpdated": "2024-10-09T01:41:48.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28912

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28912",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-15T19:06:50.764176Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:06.013Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.810Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:00.708Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28912",
    "datePublished": "2024-04-09T17:00:24.771Z",
    "dateReserved": "2024-03-13T01:26:53.026Z",
    "dateUpdated": "2024-10-09T01:41:00.708Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28913

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28913",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:03:03.719582Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:35:50.797Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.842Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:01.214Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28913",
    "datePublished": "2024-04-09T17:00:25.350Z",
    "dateReserved": "2024-03-13T01:26:53.027Z",
    "dateUpdated": "2024-10-09T01:41:01.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28945

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28945",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:38:01.291805Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:39.305Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:06.233Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28945",
    "datePublished": "2024-04-09T17:00:30.403Z",
    "dateReserved": "2024-03-13T01:26:53.039Z",
    "dateUpdated": "2024-10-09T01:41:06.233Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29045

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29045",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T17:48:39.679827Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:57:59.578Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-121",
              "description": "CWE-121: Stack-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:07.346Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29045",
    "datePublished": "2024-04-09T17:00:31.478Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:07.346Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29047

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29047",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-20T02:03:43.599079Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:56:40.315Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.710Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:07.805Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29047",
    "datePublished": "2024-04-09T17:00:32.000Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:07.805Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28942

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T14:14:13.046600Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T14:14:18.576Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:05.696Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28942",
    "datePublished": "2024-04-09T17:00:29.841Z",
    "dateReserved": "2024-03-13T01:26:53.038Z",
    "dateUpdated": "2024-10-09T01:41:05.696Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28940

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28940",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:41:24.285678Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:22:18.517Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.980Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:51.653Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28940",
    "datePublished": "2024-04-09T17:01:16.713Z",
    "dateReserved": "2024-03-13T01:26:53.038Z",
    "dateUpdated": "2024-10-09T01:41:51.653Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29983

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-09T19:28:55.997420Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-05T17:21:35.617Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:58.699Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:42:01.102Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29983",
    "datePublished": "2024-04-09T17:01:25.929Z",
    "dateReserved": "2024-03-22T23:12:11.046Z",
    "dateUpdated": "2024-10-09T01:42:01.102Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28936

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28936",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-01T19:04:55.282290Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:40.417Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.507Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:04.585Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28936",
    "datePublished": "2024-04-09T17:00:28.756Z",
    "dateReserved": "2024-03-13T01:26:53.037Z",
    "dateUpdated": "2024-10-09T01:41:04.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28908

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28908",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-28T14:14:41.182241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-28T14:14:52.176Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:40:58.335Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28908",
    "datePublished": "2024-04-09T17:00:22.551Z",
    "dateReserved": "2024-03-13T01:26:53.026Z",
    "dateUpdated": "2024-10-09T01:40:58.335Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29982

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T16:01:10.318617Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:18:01.240Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:58.667Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:42:00.570Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29982",
    "datePublished": "2024-04-09T17:01:25.387Z",
    "dateReserved": "2024-03-22T23:12:11.046Z",
    "dateUpdated": "2024-10-09T01:42:00.570Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28930

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:43:31.008624Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:35:37.350Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-191",
              "description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:48.369Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28930",
    "datePublished": "2024-04-09T17:01:13.416Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:48.369Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28926

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-26T16:18:17.172255Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:18:25.156Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.361Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:47.189Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28926",
    "datePublished": "2024-04-09T17:01:12.323Z",
    "dateReserved": "2024-03-13T01:26:53.030Z",
    "dateUpdated": "2024-10-09T01:41:47.189Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29048

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29048",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-18T15:43:16.002515Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:34:21.629Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.628Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:54.967Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29048",
    "datePublished": "2024-04-09T17:01:19.942Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:54.967Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28910

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:40

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T19:07:39.377477Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T18:03:53.677Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:50.859Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:40:59.467Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28910",
    "datePublished": "2024-04-09T17:00:23.631Z",
    "dateReserved": "2024-03-13T01:26:53.026Z",
    "dateUpdated": "2024-10-09T01:40:59.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28939

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28939",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-12T14:44:17.065535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-26T16:20:45.403Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.254Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209: Generation of Error Message Containing Sensitive Information",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:05.106Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28939",
    "datePublished": "2024-04-09T17:00:29.317Z",
    "dateReserved": "2024-03-13T01:26:53.038Z",
    "dateUpdated": "2024-10-09T01:41:05.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29043

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29043",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:02:10.385885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-05T17:29:44.612Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.751Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416: Use After Free",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:06.758Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29043",
    "datePublished": "2024-04-09T17:00:30.944Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:06.758Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29984

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:42

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29984",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-08T15:31:18.892615Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-08T15:31:35.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:17:58.817Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:42:01.835Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29984",
    "datePublished": "2024-04-09T17:01:26.492Z",
    "dateReserved": "2024-03-22T23:12:11.046Z",
    "dateUpdated": "2024-10-09T01:42:01.835Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-29044

Vulnerability from cvelistv5

Published

2024-04-09 17:01

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft OLE DB Driver 19 for SQL Server
	Microsoft	Microsoft OLE DB Driver 18 for SQL Server

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-29044",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-10T19:40:08.656116Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:58:12.902Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 19 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "19.3.0003.0",
              "status": "affected",
              "version": "19.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft OLE DB Driver 18 for SQL Server",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.7.0002.0",
              "status": "affected",
              "version": "18.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:53.789Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044"
        }
      ],
      "title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-29044",
    "datePublished": "2024-04-09T17:01:18.882Z",
    "dateReserved": "2024-03-14T23:05:27.952Z",
    "dateUpdated": "2024-10-09T01:41:53.789Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2024-28932

Vulnerability from cvelistv5

Published

2024-04-09 17:00

Modified

2024-10-09 01:41

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Summary

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

References

▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932	vendor-advisory

Impacted products

▼	Vendor	Product
	Microsoft	Microsoft SQL Server 2022 for (CU 12)
	Microsoft	Microsoft SQL Server 2019 (CU 25)
	Microsoft	Microsoft SQL Server 2019 (GDR)
	Microsoft	Microsoft SQL Server 2022 (GDR)
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 17 for SQL Server on MacOS
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Windows
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on Linux
	Microsoft	Microsoft ODBC Driver 18 for SQL Server on MacOS
	Microsoft	Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
	Microsoft	Microsoft Visual Studio 2022 version 17.9
	Microsoft	Microsoft Visual Studio 2022 version 17.4
	Microsoft	Microsoft Visual Studio 2022 version 17.6
	Microsoft	Microsoft Visual Studio 2022 version 17.8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-28932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-11T18:08:26.723573Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-07-11T18:08:37.536Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T01:03:51.356Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 for (CU 12)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.4120.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (CU 25)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.4360.2",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2019 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "15.0.2110.4",
              "status": "affected",
              "version": "15.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Microsoft SQL Server 2022 (GDR)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.0.1115.1",
              "status": "affected",
              "version": "16.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.10.6.1",
              "status": "affected",
              "version": "17.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "18.3.3.1",
              "status": "affected",
              "version": "18.0.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "16.11.35",
              "status": "affected",
              "version": "16.11.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.9",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.9.6",
              "status": "affected",
              "version": "17.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.4.18",
              "status": "affected",
              "version": "17.4.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.6",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.6.14",
              "status": "affected",
              "version": "17.6.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "Microsoft Visual Studio 2022 version 17.8",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "17.8.9",
              "status": "affected",
              "version": "17.8.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2024-04-09T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-10-09T01:41:04.136Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
        }
      ],
      "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2024-28932",
    "datePublished": "2024-04-09T17:00:28.215Z",
    "dateReserved": "2024-03-13T01:26:53.031Z",
    "dateUpdated": "2024-10-09T01:41:04.136Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

All the vulnerabilites related to Microsoft - Microsoft SQL Server 2022 for (CU 12)

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5

Vulnerability from cvelistv5