Vulnerabilites related to microsoft - odbc_driver_for_sql_server
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 08:02
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota de Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-32026", lastModified: "2024-11-21T08:02:33.503", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:28.017", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:50
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28937", lastModified: "2025-01-14T20:50:38.043", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:55.393", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:52
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28931", lastModified: "2025-01-14T20:52:05.480", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:54.097", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "FEE52D75-0785-47A8-A024-14A83B9732A6", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "5C5B4D78-6EA4-41E6-A403-2D018D9F0692", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "CC490F0A-842A-4590-8CAC-07BB599D8F4F", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "90718D50-D4D8-4949-ADB3-310879B2A574", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "C9BEA137-3C0A-472A-9A5B-428E00302626", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "46709C5E-BA3C-4136-9E38-102EABBFEE53", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D8D31DC8-1397-4A5B-8BD8-2AD10A1B613D", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:*:*", matchCriteriaId: "03C65D96-44D0-4411-8B84-961973F1E4D0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*", matchCriteriaId: "39A3D29F-0BE0-4F78-9970-58BB355775DE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2017:*:*:*:*:*:x64:*", matchCriteriaId: "2FF9FC32-3E6E-4256-B6BD-C4EF1932CA18", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Denial of Service Vulnerability", }, { lang: "es", value: "Vulnerabilidad de denegación de servicio en Microsoft SQL Server", }, ], id: "CVE-2023-36728", lastModified: "2024-11-21T08:10:28.230", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-10-10T18:15:17.030", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:09
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "16C7C708-7C4F-4DD2-A871-71ED87B1B87F", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "704C5575-DCA6-47CB-8B4B-82FE0FE09E78", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "688F5FF7-599A-4326-A242-A9D69AEA9AF3", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "90718D50-D4D8-4949-ADB3-310879B2A574", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "C9BEA137-3C0A-472A-9A5B-428E00302626", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "3194D825-8C6B-4B91-B874-6E65B2A038AD", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-36420", lastModified: "2024-11-21T08:09:43.133", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-10T18:15:12.363", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-415", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:49
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28935", lastModified: "2025-01-14T20:49:46.410", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:54.980", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-16 16:01
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-29043", lastModified: "2025-01-16T16:01:35.767", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:57.257", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:49
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28934", lastModified: "2025-01-14T20:49:24.090", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:54.697", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:47
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "71F3ADE2-848B-44E4-9B1A-447A725CBF1F", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "F0DF0DC4-29BF-42C3-8F94-E53C33E5318E", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "DC8634AD-9CB8-4996-979E-6EFC7845FE1B", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "6A058D66-C6A5-4E4A-A8C6-EC4DDF67887F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28929", lastModified: "2025-01-14T20:47:41.253", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:53.673", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:48
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28930", lastModified: "2025-01-14T20:48:06.263", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:53.887", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-16 16:01
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28943", lastModified: "2025-01-16T16:01:01.603", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:56.630", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 07:56
Severity ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "14AC92FA-A1F6-4DD6-9623-A2F33F59A4F9", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "6ABD3821-C5EB-4253-9D5E-6A1E29709AE3", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft ODBC y OLE DB", }, ], id: "CVE-2023-29349", lastModified: "2024-11-21T07:56:54.493", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:27.847", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:51
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28938", lastModified: "2025-01-14T20:51:01.370", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:55.600", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:48
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28932", lastModified: "2025-01-14T20:48:30.367", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:54.297", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "02286626-8D46-4355-A964-936A9AC033FB", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "DA91530D-D1DB-4629-8C99-2AF54E1A0F35", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "688F5FF7-599A-4326-A242-A9D69AEA9AF3", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "552E0F17-6A94-4506-8D27-3B0B41CE3A42", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "5D99C0AC-0EFA-4621-83A9-7A5ED087DD5F", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "3194D825-8C6B-4B91-B874-6E65B2A038AD", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:cumulative_update_22:*:*:*:*:*:*", matchCriteriaId: "60491E88-0654-439D-82D0-0FC61A055F9C", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:cumulative_update_8:*:*:*:*:*:*", matchCriteriaId: "20B4845B-D063-49A9-BDC4-0CE60DFA1561", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-36785", lastModified: "2024-11-21T08:10:35.350", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-10-10T18:15:17.650", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 08:02
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota de Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-32027", lastModified: "2024-11-21T08:02:33.630", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:28.067", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "FEE52D75-0785-47A8-A024-14A83B9732A6", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "5C5B4D78-6EA4-41E6-A403-2D018D9F0692", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "CC490F0A-842A-4590-8CAC-07BB599D8F4F", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "90718D50-D4D8-4949-ADB3-310879B2A574", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "C9BEA137-3C0A-472A-9A5B-428E00302626", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código en Microsoft ODBC Driver para SQL Server ", }, ], id: "CVE-2023-36730", lastModified: "2024-11-21T08:10:28.543", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-10-10T18:15:17.160", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 07:56
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota de Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-29356", lastModified: "2024-11-21T07:56:55.277", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:27.910", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:48
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28933", lastModified: "2025-01-14T20:48:53.627", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:54.503", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:50
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "B69AEE86-A505-42EA-ADD3-FB0F6346C2FA", versionEndExcluding: "16.11.35", versionStartIncluding: "16.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "8133E65A-AE80-4266-A445-265908DD8E21", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "35FAD418-A4C1-40C3-8F08-A08CA1190BB0", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "39E176F7-8E26-4175-98FE-99288ADD2DA3", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "F2188B97-2B2C-445A-B667-2C3269B94959", versionEndExcluding: "17.9.6", versionStartIncluding: "17.9.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28936", lastModified: "2025-01-14T20:50:19.147", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:55.193", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-14 20:51
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "453652D6-37A7-49BC-8660-330EADA8CCDD", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "422283AD-E25A-4779-BB9A-0E496BFAC524", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "9BDD3D5D-70D5-4767-95DC-25873774B536", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "C8B405E1-CC25-4883-A26D-4A4237E43FB0", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "7236DD21-703E-4359-88AD-E68C3B1D33FE", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "948FC47B-E7FE-404A-A747-18DA61D35A3F", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador ODBC de Microsoft para SQL Server", }, ], id: "CVE-2024-28941", lastModified: "2025-01-14T20:51:28.040", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:56.233", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:13
Severity ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "68D87353-7F7C-4052-99D5-94A40373B0C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "C6E79003-37F2-43ED-B9A4-B14446F38CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "C4DA5041-801A-4A3E-A13E-9927AD73DB50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:linux:*:*", matchCriteriaId: "6871F0BA-B074-45B9-A9B8-108FF8FF51C2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:macos:*:*", matchCriteriaId: "43237AFF-E6F5-4323-84F5-47E5C27D03B5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:windows:*:*", matchCriteriaId: "D144A950-F990-4ADE-9374-596C2022DE9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.4.1:*:*:*:*:linux:*:*", matchCriteriaId: "7FCFB10B-AF29-4E15-A338-483284D8278B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.4.1:*:*:*:*:macos:*:*", matchCriteriaId: "9CAF68C7-18C8-4BB9-BE85-1004162615F0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "034331B2-8062-497B-A071-0EDC69E47469", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "24B7FC47-0B3A-4780-B39E-CC8841E89ADB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "E04AF938-4D86-46F0-8F6F-0EA190FB280E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:linux:*:*", matchCriteriaId: "5A71190E-1087-47A0-9B56-B7F0420F9123", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:macos:*:*", matchCriteriaId: "F2BE108F-279C-4283-9813-D4114AF6F143", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:windows:*:*", matchCriteriaId: "F11D57D6-6611-4ABE-AC3B-D38149FD0DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "150A427F-B6E9-44E4-A9FF-DE8F4151C010", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "AEE78325-9C25-4C5B-8D27-D0622D64A85D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "5A71690B-0158-4C61-9184-F5C5376A74D6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A526EF68-6DBA-4F1A-977E-1F4FEEAF2BC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F101DB23-E39D-42B8-AD51-BDF79740FF73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3ACA62FD-C417-4ED4-9B79-5710D56E088B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.2:*:*:*:*:*:*:*", matchCriteriaId: "51C9D564-6370-4104-AEFB-03CC7D29C60F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.3:*:*:*:*:*:*:*", matchCriteriaId: "22602E38-0AB8-40BA-AAB0-A2D77E2EDD7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.3.0:*:*:*:*:*:*:*", matchCriteriaId: "102CD1A2-69DC-41D1-BBFB-6666D22D11DC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.4.0:*:*:*:*:*:*:*", matchCriteriaId: "846F1C2C-7339-424C-81EF-C670059221CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.5.0:*:*:*:*:*:*:*", matchCriteriaId: "67256F0F-3CC5-486C-94CD-06FE76E03012", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D32E36DA-245F-48D3-80F3-E85C510FC217", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F731D47-67EA-4EB8-81D2-A1F425E524FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0AAC07B4-34F5-4287-B294-0E526B925ED5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8A45F508-0E06-4B32-8719-ED5BDBFB32B2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7339F59F-31A7-4D03-B081-5C76C49F357A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], id: "CVE-2023-38169", lastModified: "2024-11-21T08:13:00.150", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-08-08T18:15:22.267", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 08:02
Severity ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota de Microsoft ODBC Driver para SQL Server", }, ], id: "CVE-2023-32025", lastModified: "2024-11-21T08:02:33.380", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:27.967", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2024-28938 (GCVE-0-2024-28938)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 | vendor-advisory |
Impacted products
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28938", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T17:30:59.430193Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:20.638Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.355Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:07.412Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28938", datePublished: "2024-04-09T17:01:16.170Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:07.412Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-29356 (GCVE-0-2023-29356)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:09
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.671Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29356", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:02.994154Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:09:01.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:42.064Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-29356", datePublished: "2023-06-16T00:44:27.384Z", dateReserved: "2023-04-04T22:34:18.384Z", dateUpdated: "2025-02-28T21:09:01.066Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28934 (GCVE-0-2024-28934)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*", ], defaultStatus: "unknown", product: "odbc_driver_for_sql_server", vendor: "microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0", versionType: "semver", }, ], }, { cpes: [ "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sql_server", vendor: "microsoft", versions: [ { status: "affected", version: "15.0.2000.5", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-28934", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T15:04:37.242018Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:16.066Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.878Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28934", datePublished: "2024-04-09T17:01:14.516Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:05.878Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36728 (GCVE-0-2023-36728)
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 22) |
Version: 15.0.0 < 15.0.4326.1 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36728", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:21.915063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:34.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2052.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6179.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6449.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6435.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7029.3", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3465.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2052.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6179.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6449.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6435.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7029.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3465.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:01.074Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "Microsoft SQL Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36728", datePublished: "2023-10-10T17:07:32.864Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-04-14T22:46:01.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28931 (GCVE-0-2024-28931)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28931", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T00:11:41.299849Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:59.642Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.172Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.456Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28931", datePublished: "2024-04-09T17:00:27.649Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.456Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32027 (GCVE-0-2023-32027)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.681Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32027", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:54.895772Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:42.415Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:43.911Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32027", datePublished: "2023-06-16T00:44:29.549Z", dateReserved: "2023-05-01T15:34:52.132Z", dateUpdated: "2025-02-28T21:08:42.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-29349 (GCVE-0-2023-29349)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Version: 18.0.0 < 18.6.0006.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29349", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:52.256646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:36.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:44.451Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-29349", datePublished: "2023-06-16T00:44:38.243Z", dateReserved: "2023-04-04T22:34:18.382Z", dateUpdated: "2025-02-28T21:08:36.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28933 (GCVE-0-2024-28933)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.35 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28933", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T15:37:19.711302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:12.885Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:05.350Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28933", datePublished: "2024-04-09T17:01:13.955Z", dateReserved: "2024-03-13T01:26:53.034Z", dateUpdated: "2025-01-23T01:12:05.350Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36785 (GCVE-0-2023-36785)
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:01:09.589Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36785", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:49.237869Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:30.756Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:42.673Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36785", datePublished: "2023-10-10T17:08:10.995Z", dateReserved: "2023-06-27T15:11:59.871Z", dateUpdated: "2025-04-14T22:46:42.673Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28937 (GCVE-0-2024-28937)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28937", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T20:00:06.674591Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:48.747Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.267Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.910Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28937", datePublished: "2024-04-09T17:01:15.620Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:12:06.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28929 (GCVE-0-2024-28929)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28929", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T16:11:54.498743Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T20:29:04.530Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.116Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:21.949Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28929", datePublished: "2024-04-09T17:00:27.042Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:21.949Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28932 (GCVE-0-2024-28932)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28932", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T18:08:26.723573Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T18:08:37.536Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.356Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:22.905Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28932", datePublished: "2024-04-09T17:00:28.215Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:11:22.905Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28941 (GCVE-0-2024-28941)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.250Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-28941", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:52:13.543985Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-12T17:32:55.845Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:08.467Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28941", datePublished: "2024-04-09T17:01:17.273Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:12:08.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36420 (GCVE-0-2023-36420)
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:56.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36420", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:51.647284Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:43.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-415", description: "CWE-415: Double Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:38.312Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36420", datePublished: "2023-10-10T17:08:06.283Z", dateReserved: "2023-06-21T15:14:27.785Z", dateUpdated: "2025-04-14T22:46:38.312Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28936 (GCVE-0-2024-28936)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28936", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T19:04:55.282290Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:40.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.507Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:23.421Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28936", datePublished: "2024-04-09T17:00:28.756Z", dateReserved: "2024-03-13T01:26:53.037Z", dateUpdated: "2025-01-23T01:11:23.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36730 (GCVE-0-2023-36730)
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-04-14 22:45
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.089Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36730", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:50:10.793075Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:39.623Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:45:59.713Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36730", datePublished: "2023-10-10T17:07:31.809Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-04-14T22:45:59.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28943 (GCVE-0-2024-28943)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28943", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-13T13:40:54.272348Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-13T13:41:06.217Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.310Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:09.012Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28943", datePublished: "2024-04-09T17:01:17.807Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:12:09.012Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28930 (GCVE-0-2024-28930)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28930", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:43:31.008624Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:35:37.350Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.397Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:04.726Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28930", datePublished: "2024-04-09T17:01:13.416Z", dateReserved: "2024-03-13T01:26:53.031Z", dateUpdated: "2025-01-23T01:12:04.726Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32025 (GCVE-0-2023-32025)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.785Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32025", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:21:00.289520Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:54.117Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:42.899Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32025", datePublished: "2023-06-16T00:44:28.480Z", dateReserved: "2023-05-01T15:34:52.131Z", dateUpdated: "2025-02-28T21:08:54.117Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38169 (GCVE-0-2023-38169)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Version: 19.0.0 < 19.3.0001.0 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:47.232068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:23.872Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 5)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4053.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 21)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4316.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4053.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4316.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:01.894Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38169", datePublished: "2023-08-08T17:08:44.529Z", dateReserved: "2023-07-12T23:41:45.863Z", dateUpdated: "2025-02-27T21:07:23.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28935 (GCVE-0-2024-28935)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28935", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T12:55:55.302963Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:37.151Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.452Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.35", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.9", vendor: "Microsoft", versions: [ { lessThan: "17.9.6", status: "affected", version: "17.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.18", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.14", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.9", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.35", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.9.6", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.18", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.14", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.9", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:06.415Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28935", datePublished: "2024-04-09T17:01:15.096Z", dateReserved: "2024-03-13T01:26:53.036Z", dateUpdated: "2025-01-23T01:12:06.415Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32026 (GCVE-0-2023-32026)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Version: 17.0.0.0 < 17.10.4.1 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-32026", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:57.572834Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:48.193Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:43.432Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32026", datePublished: "2023-06-16T00:44:29.037Z", dateReserved: "2023-05-01T15:34:52.131Z", dateUpdated: "2025-02-28T21:08:48.193Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29043 (GCVE-0-2024-29043)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29043", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:02:10.385885Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T17:29:44.612Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.751Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.6.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.3.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.6.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.3.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:25.448Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043", }, ], title: "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29043", datePublished: "2024-04-09T17:00:30.944Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:11:25.448Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }