Vulnerabilites related to microsoft - ole_db_driver_for_sql_server
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:30
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28906", lastModified: "2025-01-07T20:30:25.303", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:49.593", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:06
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28940", lastModified: "2025-01-15T19:06:25.340", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:56.030", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 18:44
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28926", lastModified: "2025-01-15T18:44:21.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:53.277", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29046", lastModified: "2025-01-15T19:07:32.210", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:57.847", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:10
Severity ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "FEE52D75-0785-47A8-A024-14A83B9732A6", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "5C5B4D78-6EA4-41E6-A403-2D018D9F0692", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "CC490F0A-842A-4590-8CAC-07BB599D8F4F", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "90718D50-D4D8-4949-ADB3-310879B2A574", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "C9BEA137-3C0A-472A-9A5B-428E00302626", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "2EDAA3E7-9DA2-4C2F-B626-60A747015FE8", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "46709C5E-BA3C-4136-9E38-102EABBFEE53", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "D8D31DC8-1397-4A5B-8BD8-2AD10A1B613D", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:*:*", matchCriteriaId: "03C65D96-44D0-4411-8B84-961973F1E4D0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2016:sp3:*:*:*:*:x64:*", matchCriteriaId: "39A3D29F-0BE0-4F78-9970-58BB355775DE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2017:*:*:*:*:*:x64:*", matchCriteriaId: "2FF9FC32-3E6E-4256-B6BD-C4EF1932CA18", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL Server Denial of Service Vulnerability", }, { lang: "es", value: "Vulnerabilidad de denegación de servicio en Microsoft SQL Server", }, ], id: "CVE-2023-36728", lastModified: "2024-11-21T08:10:28.230", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.6, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-10-10T18:15:17.030", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-125", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29045", lastModified: "2025-01-15T19:07:39.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:57.650", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-121", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:06
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28944", lastModified: "2025-01-15T19:06:42.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:56.847", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-197", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:06
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28942", lastModified: "2025-01-15T19:06:35.190", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:56.433", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:16
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29983", lastModified: "2025-01-15T19:07:16.507", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:16:01.237", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 07:56
Severity ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "5CC2AE26-7BA1-4E45-97D3-6F9EE992FA98", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "49DA289E-FD25-4CB0-9165-9E836EC93DD0", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E6185183-17DD-4A16-9E08-E1277F58829A", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:linux:*:*", matchCriteriaId: "493BBE3B-5302-4BA1-9F69-734AA10305D6", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:macos:*:*", matchCriteriaId: "848BABEE-8496-4225-9E47-3CDB40CB8A86", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:*:*:*:*:*:windows:*:*", matchCriteriaId: "E45B3703-BF64-408E-A931-1D3C1DFFFA71", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.1.1", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "14AC92FA-A1F6-4DD6-9623-A2F33F59A4F9", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "6ABD3821-C5EB-4253-9D5E-6A1E29709AE3", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota en Microsoft ODBC y OLE DB", }, ], id: "CVE-2023-29349", lastModified: "2024-11-21T07:56:54.493", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:27.847", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:11
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28911", lastModified: "2025-01-07T20:11:27.670", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:50.537", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 19:51
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28914", lastModified: "2025-01-07T19:51:53.947", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:51.150", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:20
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28909", lastModified: "2025-01-07T20:20:43.007", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:50.163", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 18:45
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28927", lastModified: "2025-01-15T18:45:39.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:53.477", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29048", lastModified: "2025-01-15T19:07:25.327", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:58.250", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:17
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28910", lastModified: "2025-01-07T20:17:51.460", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:50.350", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:16
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29982", lastModified: "2025-01-15T19:07:20.527", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:16:01.043", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:16
Modified
2025-01-15 18:43
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29985", lastModified: "2025-01-15T18:43:11.970", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:16:01.630", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:06
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28945", lastModified: "2025-01-15T19:06:51.920", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:57.053", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-191", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:07
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29044", lastModified: "2025-01-15T19:07:05.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:57.453", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-15 19:06
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28939", lastModified: "2025-01-15T19:06:06.007", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:55.807", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-209", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-09 17:15
Modified
2024-11-21 09:23
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "6E39565B-DDE3-49F9-934D-87F6427417FB", versionEndExcluding: "18.7.0004.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "9AAD846F-9D05-44ED-B701-C1685BCBD709", versionEndExcluding: "19.3.0005.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "8AE7C7AB-2B2B-4822-98BE-D1E7E53FFB4A", versionEndExcluding: "15.0.2116.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:*:*", matchCriteriaId: "AA37D611-EA4F-4D4F-A79B-FE65726DE7E1", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.4375.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "A14154AC-1DC3-42B7-B45A-916C9ACFD237", versionEndExcluding: "16.0.1121.4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:*:*", matchCriteriaId: "7391BD2B-431E-4F65-878A-1BE8D389B3FE", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.4125.3", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-37334", lastModified: "2024-11-21T09:23:38.457", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-07-09T17:15:22.730", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:03
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28913", lastModified: "2025-01-07T20:03:28.853", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:50.950", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-06-16 01:15
Modified
2024-11-21 08:02
Severity ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server | 2019 | |
| microsoft | sql_server | 2022 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "14AC92FA-A1F6-4DD6-9623-A2F33F59A4F9", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "6ABD3821-C5EB-4253-9D5E-6A1E29709AE3", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución de código remota de Microsoft OLE DB\n", }, ], id: "CVE-2023-32028", lastModified: "2024-11-21T08:02:33.753", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-06-16T01:15:28.120", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-10 18:15
Modified
2024-11-21 08:09
Severity ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server | 2019 | |
| microsoft | sql_server | 2022 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "A0867B7A-05C8-40C7-B136-D05042AEE5F3", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "16A5EBE4-0A7A-4D69-A01F-0A7BB84A454E", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código de Microsoft SQL OLE DB", }, ], id: "CVE-2023-36417", lastModified: "2024-11-21T08:09:42.800", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-10-10T18:15:12.190", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:08
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28912", lastModified: "2025-01-07T20:08:15.217", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:50.737", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-08 18:15
Modified
2024-11-21 08:13
Severity ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | Patch, Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "68D87353-7F7C-4052-99D5-94A40373B0C4", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "C6E79003-37F2-43ED-B9A4-B14446F38CA9", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.0.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "C4DA5041-801A-4A3E-A13E-9927AD73DB50", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:linux:*:*", matchCriteriaId: "6871F0BA-B074-45B9-A9B8-108FF8FF51C2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:macos:*:*", matchCriteriaId: "43237AFF-E6F5-4323-84F5-47E5C27D03B5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.3.1:*:*:*:*:windows:*:*", matchCriteriaId: "D144A950-F990-4ADE-9374-596C2022DE9B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.4.1:*:*:*:*:linux:*:*", matchCriteriaId: "7FCFB10B-AF29-4E15-A338-483284D8278B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:17.10.4.1:*:*:*:*:macos:*:*", matchCriteriaId: "9CAF68C7-18C8-4BB9-BE85-1004162615F0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "034331B2-8062-497B-A071-0EDC69E47469", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "24B7FC47-0B3A-4780-B39E-CC8841E89ADB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "E04AF938-4D86-46F0-8F6F-0EA190FB280E", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:linux:*:*", matchCriteriaId: "5A71190E-1087-47A0-9B56-B7F0420F9123", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:macos:*:*", matchCriteriaId: "F2BE108F-279C-4283-9813-D4114AF6F143", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.1.2.1:*:*:*:*:windows:*:*", matchCriteriaId: "F11D57D6-6611-4ABE-AC3B-D38149FD0DF7", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:linux:*:*", matchCriteriaId: "150A427F-B6E9-44E4-A9FF-DE8F4151C010", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:macos:*:*", matchCriteriaId: "AEE78325-9C25-4C5B-8D27-D0622D64A85D", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.2.1.1:*:*:*:*:windows:*:*", matchCriteriaId: "5A71690B-0158-4C61-9184-F5C5376A74D6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.0.2:*:*:*:*:*:*:*", matchCriteriaId: "A526EF68-6DBA-4F1A-977E-1F4FEEAF2BC0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.1.0:*:*:*:*:*:*:*", matchCriteriaId: "F101DB23-E39D-42B8-AD51-BDF79740FF73", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.1:*:*:*:*:*:*:*", matchCriteriaId: "3ACA62FD-C417-4ED4-9B79-5710D56E088B", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.2:*:*:*:*:*:*:*", matchCriteriaId: "51C9D564-6370-4104-AEFB-03CC7D29C60F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.2.3:*:*:*:*:*:*:*", matchCriteriaId: "22602E38-0AB8-40BA-AAB0-A2D77E2EDD7F", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.3.0:*:*:*:*:*:*:*", matchCriteriaId: "102CD1A2-69DC-41D1-BBFB-6666D22D11DC", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.4.0:*:*:*:*:*:*:*", matchCriteriaId: "846F1C2C-7339-424C-81EF-C670059221CE", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.5.0:*:*:*:*:*:*:*", matchCriteriaId: "67256F0F-3CC5-486C-94CD-06FE76E03012", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:18.6.0:*:*:*:*:*:*:*", matchCriteriaId: "D32E36DA-245F-48D3-80F3-E85C510FC217", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.0.0:*:*:*:*:*:*:*", matchCriteriaId: "3F731D47-67EA-4EB8-81D2-A1F425E524FB", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.1.0:*:*:*:*:*:*:*", matchCriteriaId: "0AAC07B4-34F5-4287-B294-0E526B925ED5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.2.0:*:*:*:*:*:*:*", matchCriteriaId: "8A45F508-0E06-4B32-8719-ED5BDBFB32B2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:19.3.0:*:*:*:*:*:*:*", matchCriteriaId: "7339F59F-31A7-4D03-B081-5C76C49F357A", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*", matchCriteriaId: "9144F644-A3D4-440C-8978-257E71204617", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*", matchCriteriaId: "6CB7AD22-F27B-4807-88F1-02ED420421D5", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], id: "CVE-2023-38169", lastModified: "2024-11-21T08:13:00.150", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2023-08-08T18:15:22.267", references: [ { source: "secure@microsoft.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 19:48
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28915", lastModified: "2025-01-07T19:48:07.427", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:51.343", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:16
Modified
2025-01-15 18:43
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-29984", lastModified: "2025-01-15T18:43:37.357", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:16:01.437", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-04-09 17:15
Modified
2025-01-07 20:22
Severity ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | ole_db_driver_for_sql_server | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2019 | * | |
| microsoft | sql_server_2022 | * | |
| microsoft | sql_server_2022 | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "F7E3B0B6-C0CA-4222-AF6C-DD4585FAA3C3", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.2", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_for_sql_server:*:*:*:*:*:*:*:*", matchCriteriaId: "ED5CD860-0B4C-4B0E-8336-10CA3D6B5510", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "DD9CBEE2-6BF0-45E5-8DAA-2749344ECCFE", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.2000.5", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*", matchCriteriaId: "C9C35D21-EE02-4562-8196-7A4781DECF06", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.4003.23", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "6A943249-37AA-4E3B-A074-7E87EC4CD040", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.1000.6", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*", matchCriteriaId: "2ADF9550-5FAA-4696-9F59-8D235B989541", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.4003.1", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, { lang: "es", value: "Vulnerabilidad de ejecución remota de código del controlador Microsoft OLE DB para SQL Server", }, ], id: "CVE-2024-28908", lastModified: "2025-01-07T20:22:56.653", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "secure@microsoft.com", type: "Primary", }, ], }, published: "2024-04-09T17:15:49.973", references: [ { source: "secure@microsoft.com", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, ], sourceIdentifier: "secure@microsoft.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-122", }, ], source: "secure@microsoft.com", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
CVE-2024-28913 (GCVE-0-2024-28913)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28913", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:03:03.719582Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-05T17:35:50.797Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.842Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:20.465Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28913", datePublished: "2024-04-09T17:00:25.350Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:20.465Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29982 (GCVE-0-2024-29982)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29982", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T16:01:10.318617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:18:01.240Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:16.738Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29982", datePublished: "2024-04-09T17:01:25.387Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:16.738Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29985 (GCVE-0-2024-29985)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29985", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T15:03:54.700971Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T16:11:21.985Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:25:00.548Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:18.383Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29985", datePublished: "2024-04-09T17:01:27.068Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:18.383Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28910 (GCVE-0-2024-28910)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28910", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-25T19:07:39.377477Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:53.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.859Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:18.946Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28910", datePublished: "2024-04-09T17:00:23.631Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:18.946Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36417 (GCVE-0-2023-36417)
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:45:57.103Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL ODBC Driver Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36417", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:50.389321Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:42:36.212Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:39.421Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36417", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36417", datePublished: "2023-10-10T17:08:07.327Z", dateReserved: "2023-06-21T15:14:27.784Z", dateUpdated: "2025-04-14T22:46:39.421Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-36728 (GCVE-0-2023-36728)
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2025-04-14 22:46
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | vendor-advisory |
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:52:54.388Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-36728", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:49:21.915063Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T20:44:34.088Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 22)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4326.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 8)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4080.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "14.0.2052.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", "32-bit Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6179.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "32-bit Systems", "x64-based Systems", ], product: "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", vendor: "Microsoft", versions: [ { lessThan: "12.0.6449.1", status: "affected", version: "12.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2104.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "13.0.6435.1", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", vendor: "Microsoft", versions: [ { lessThan: "13.0.7029.3", status: "affected", version: "13.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2017 (CU 31)", vendor: "Microsoft", versions: [ { lessThan: "14.0.3465.1", status: "affected", version: "14.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1105.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0002.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0007.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.5.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.3.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4326.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4080.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.2052.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", versionEndExcluding: "12.0.6179.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", versionEndExcluding: "12.0.6449.1", versionStartIncluding: "12.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2104.1", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.6435.1", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", versionEndExcluding: "13.0.7029.3", versionStartIncluding: "13.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", versionEndExcluding: "14.0.3465.1", versionStartIncluding: "14.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1105.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0002.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0007.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.5.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.3.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-10-10T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL Server Denial of Service Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125: Out-of-bounds Read", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-14T22:46:01.074Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL Server Denial of Service Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728", }, ], title: "Microsoft SQL Server Denial of Service Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-36728", datePublished: "2023-10-10T17:07:32.864Z", dateReserved: "2023-06-26T13:29:45.604Z", dateUpdated: "2025-04-14T22:46:01.074Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29045 (GCVE-0-2024-29045)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29045", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-01T17:48:39.679827Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:57:59.578Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.672Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.5, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-121", description: "CWE-121: Stack-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:25.890Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29045", datePublished: "2024-04-09T17:00:31.478Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:11:25.890Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28908 (GCVE-0-2024-28908)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28908", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:14:41.182241Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:14:52.176Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.845Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:17.864Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28908", datePublished: "2024-04-09T17:00:22.551Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:17.864Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28914 (GCVE-0-2024-28914)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.186Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2024-28914", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:56:48.008163Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-08-12T17:37:48.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:20.918Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28914", datePublished: "2024-04-09T17:00:25.876Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:20.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28945 (GCVE-0-2024-28945)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28945", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:38:01.291805Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:39.305Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.284Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:24.844Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28945", datePublished: "2024-04-09T17:00:30.403Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:11:24.844Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28939 (GCVE-0-2024-28939)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28939", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-12T14:44:17.065535Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:20:45.403Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.254Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-209", description: "CWE-209: Generation of Error Message Containing Sensitive Information", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:23.917Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28939", datePublished: "2024-04-09T17:00:29.317Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:11:23.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-29349 (GCVE-0-2023-29349)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-02-28 21:08
Severity ?
EPSS score ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Version: 18.0.0 < 18.6.0006.0 |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:07:45.660Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-29349", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-28T20:20:52.256646Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-28T21:08:36.270Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-191", description: "CWE-191: Integer Underflow (Wrap or Wraparound)", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:44.451Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349", }, ], title: "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-29349", datePublished: "2023-06-16T00:44:38.243Z", dateReserved: "2023-04-04T22:34:18.382Z", dateUpdated: "2025-02-28T21:08:36.270Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28927 (GCVE-0-2024-28927)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28927", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:46:15.048603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:04:02.462Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:04.128Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28927", datePublished: "2024-04-09T17:01:12.876Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-01-23T01:12:04.128Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29984 (GCVE-0-2024-29984)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29984", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T15:31:18.892615Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:31:35.648Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.817Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:17.863Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29984", datePublished: "2024-04-09T17:01:26.492Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:17.863Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28944 (GCVE-0-2024-28944)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28944", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T16:07:01.540237Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:17:03.959Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.416Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-197", description: "CWE-197: Numeric Truncation Error", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:09.530Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28944", datePublished: "2024-04-09T17:01:18.340Z", dateReserved: "2024-03-13T01:26:53.039Z", dateUpdated: "2025-01-23T01:12:09.530Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28940 (GCVE-0-2024-28940)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28940", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:41:24.285678Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:18.517Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.980Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:07.932Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28940", datePublished: "2024-04-09T17:01:16.713Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:12:07.932Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28926 (GCVE-0-2024-28926)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28926", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T16:18:17.172255Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:18:25.156Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.361Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:03.525Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28926", datePublished: "2024-04-09T17:01:12.323Z", dateReserved: "2024-03-13T01:26:53.030Z", dateUpdated: "2025-01-23T01:12:03.525Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28912 (GCVE-0-2024-28912)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28912", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T19:06:50.764176Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:06.013Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.810Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:19.929Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28912", datePublished: "2024-04-09T17:00:24.771Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:19.929Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28909 (GCVE-0-2024-28909)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28909", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-23T14:12:20.974804Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:12.000Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.997Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:18.420Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28909", datePublished: "2024-04-09T17:00:23.090Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:18.420Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28942 (GCVE-0-2024-28942)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28942", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T14:14:13.046600Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-28T14:14:18.576Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.838Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190: Integer Overflow or Wraparound", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:24.402Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28942", datePublished: "2024-04-09T17:00:29.841Z", dateReserved: "2024-03-13T01:26:53.038Z", dateUpdated: "2025-01-23T01:11:24.402Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-32028 (GCVE-0-2023-32028)
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2025-01-01 01:43
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028 | vendor-advisory |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Version: 19.0.0 < 19.3.0001.0 |
|||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T15:03:28.848Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", vendor: "Microsoft", versions: [ { lessThan: "16.11.33", status: "affected", version: "16.11.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.2", vendor: "Microsoft", versions: [ { lessThan: "17.2.23", status: "affected", version: "17.2.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.4", vendor: "Microsoft", versions: [ { lessThan: "17.4.15", status: "affected", version: "17.4.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.6", vendor: "Microsoft", versions: [ { lessThan: "17.6.11", status: "affected", version: "17.6.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft Visual Studio 2022 version 17.8", vendor: "Microsoft", versions: [ { lessThan: "17.8.4", status: "affected", version: "17.8.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*", versionEndExcluding: "16.11.33", versionStartIncluding: "16.11.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.2.23", versionStartIncluding: "17.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", versionEndExcluding: "17.4.15", versionStartIncluding: "17.4.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.6.11", versionStartIncluding: "17.6.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*", versionEndExcluding: "17.8.4", versionStartIncluding: "17.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-06-15T07:00:00+00:00", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:43:44.971Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32028", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-32028", datePublished: "2023-06-16T00:44:30.155Z", dateReserved: "2023-05-01T15:34:52.132Z", dateUpdated: "2025-01-01T01:43:44.971Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29046 (GCVE-0-2024-29046)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29046", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-22T20:23:47.504221Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:57:04.988Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:10.716Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29046", datePublished: "2024-04-09T17:01:19.418Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:10.716Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29044 (GCVE-0-2024-29044)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29044", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:40:08.656116Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T17:58:12.902Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.674Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:10.138Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29044", datePublished: "2024-04-09T17:01:18.882Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:10.138Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28906 (GCVE-0-2024-28906)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28906", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T19:09:41.816330Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-04T18:03:55.132Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.853Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:17.374Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28906", datePublished: "2024-04-09T17:00:22.006Z", dateReserved: "2024-03-13T01:26:53.025Z", dateUpdated: "2025-01-23T01:11:17.374Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29048 (GCVE-0-2024-29048)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29048", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-04-18T15:43:16.002515Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-08T15:34:21.629Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.628Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:11.489Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29048", datePublished: "2024-04-09T17:01:19.942Z", dateReserved: "2024-03-14T23:05:27.952Z", dateUpdated: "2025-01-23T01:12:11.489Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-29983 (GCVE-0-2024-29983)
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2025-01-23 01:12
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-29983", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-09T19:28:55.997420Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:21:35.617Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:17:58.699Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:12:17.301Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-29983", datePublished: "2024-04-09T17:01:25.929Z", dateReserved: "2024-03-22T23:12:11.046Z", dateUpdated: "2025-01-23T01:12:17.301Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28915 (GCVE-0-2024-28915)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28915", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-26T16:21:00.629354Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-26T16:21:06.121Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:51.427Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:21.442Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28915", datePublished: "2024-04-09T17:00:26.477Z", dateReserved: "2024-03-13T01:26:53.027Z", dateUpdated: "2025-01-23T01:11:21.442Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2023-38169 (GCVE-0-2023-38169)
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2025-02-27 21:07
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Version: 19.0.0 < 19.3.0001.0 |
||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:30:14.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-38169", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-02-26T21:53:47.232068Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-02-27T21:07:23.872Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0001.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.6.0006.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (CU 5)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4053.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Linux", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on MacOS", vendor: "Microsoft", versions: [ { lessThan: "18.2.1.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 21)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4316.3", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 17 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "17.10.4.1", status: "affected", version: "17.0.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft ODBC Driver 18 for SQL Server on Windows", vendor: "Microsoft", versions: [ { lessThan: "18.2.2.1", status: "affected", version: "18.0.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0001.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.6.0006.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4053.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.1.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4316.3", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "17.10.4.1", versionStartIncluding: "17.0.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.2.2.1", versionStartIncluding: "18.0.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2023-08-08T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-416", description: "CWE-416: Use After Free", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-01T01:59:01.894Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169", }, ], title: "Microsoft SQL OLE DB Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2023-38169", datePublished: "2023-08-08T17:08:44.529Z", dateReserved: "2023-07-12T23:41:45.863Z", dateUpdated: "2025-02-27T21:07:23.872Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-37334 (GCVE-0-2024-37334)
Vulnerability from cvelistv5
Published
2024-07-09 17:02
Modified
2025-03-11 16:39
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2116.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-37334", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-24T20:28:50.890496Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-24T20:29:00.352Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:50:56.150Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2116.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1121.4", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0005.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0004.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2022 for (CU 13)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4131.2", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft SQL Server 2019 for x64-based Systems (CU 27)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4382.1", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2116.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1121.4", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0005.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0004.0", versionStartIncluding: "18.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4131.2", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4382.1", versionStartIncluding: "15.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-07-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-11T16:39:55.564Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-37334", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-37334", datePublished: "2024-07-09T17:02:55.450Z", dateReserved: "2024-06-05T20:19:26.776Z", dateUpdated: "2025-03-11T16:39:55.564Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
CVE-2024-28911 (GCVE-0-2024-28911)
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2025-01-23 01:11
Severity ?
EPSS score ?
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
References
| ▼ | URL | Tags |
|---|---|---|
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911 | vendor-advisory |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-28911", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-04-10T19:37:46.768886Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-05T17:22:39.160Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T01:03:50.912Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", "x_transferred", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (CU 25)", vendor: "Microsoft", versions: [ { lessThan: "15.0.4360.2", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 for (CU 12)", vendor: "Microsoft", versions: [ { lessThan: "16.0.4120.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2019 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "15.0.2110.4", status: "affected", version: "15.0.0", versionType: "custom", }, ], }, { platforms: [ "x64-based Systems", ], product: "Microsoft SQL Server 2022 (GDR)", vendor: "Microsoft", versions: [ { lessThan: "16.0.1115.1", status: "affected", version: "16.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 19 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "19.3.0003.0", status: "affected", version: "19.0.0", versionType: "custom", }, ], }, { platforms: [ "Unknown", ], product: "Microsoft OLE DB Driver 18 for SQL Server", vendor: "Microsoft", versions: [ { lessThan: "18.7.0002.0", status: "affected", version: "18.0.0", versionType: "custom", }, ], }, ], cpeApplicability: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.4360.2", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.4120.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "15.0.2110.4", versionStartIncluding: "15.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", versionEndExcluding: "16.0.1115.1", versionStartIncluding: "16.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "19.3.0003.0", versionStartIncluding: "19.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", versionEndExcluding: "18.7.0002.0", versionStartIncluding: "18.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], datePublic: "2024-04-09T07:00:00.000Z", descriptions: [ { lang: "en-US", value: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, ], metrics: [ { cvssV3_1: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en-US", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-122", description: "CWE-122: Heap-based Buffer Overflow", lang: "en-US", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-23T01:11:19.388Z", orgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", shortName: "microsoft", }, references: [ { name: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", tags: [ "vendor-advisory", ], url: "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911", }, ], title: "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability", }, }, cveMetadata: { assignerOrgId: "f38d906d-7342-40ea-92c1-6c4a2c6478c8", assignerShortName: "microsoft", cveId: "CVE-2024-28911", datePublished: "2024-04-09T17:00:24.222Z", dateReserved: "2024-03-13T01:26:53.026Z", dateUpdated: "2025-01-23T01:11:19.388Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }