KB5033592 - Description of the security update for SQL Server 2022 CU10: January 9, 2024

KB5033592 - Description of the security update for SQL Server 2022 CU10: January 9, 2024 Summary How to obtain and install the update How to obtain or download the latest cumulative update package for Linux More information File information Information about protection and security Summary This...

KLA62825 SB vulnerability in Microsoft SQL Server

A security feature bypass vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories CVE-2024-0056 Exploitation Public exploits exist for this vulnerability. Related products Microsoft-SQL-Server CVE list...

Vulnerability fixed in Microsoft SQL Server

Microsoft has fixed a vulnerability in SQL Server. A malicious party can exploit the vulnerability to use a Man-in-the-Middle attack to intercept and decrypt, potentially gaining access to the sensitive data in that traffic. Abuse is not easily accomplished and requires the malicious party is in...

Microsoft SQL Server Security Vulnerability

Microsoft SQL Server is a large commercial database system from Microsoft that is used under Microsoft Windows. A security vulnerability exists in Microsoft SQL Server. An attacker could exploit the vulnerability to bypass certain functionality. The following products and versions are affected:...

Unprotected Storage of Credentials

Overview Affected versions of this package are vulnerable to Unprotected Storage of Credentials. An attacker can steal authentication credentials intended for the database server by performing an adversary-in-the-middle attack between the SQL client and the SQL server, even if the connection is...

Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability

Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...

Security Updates for Microsoft SQL Server (January 2024) (Remote)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

Security Updates for Microsoft Visual Studio Products (January 2024)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2023-29356, CVE-2023-32025, CVE-2023-32026, CVE-2023-32027 - NET, .NET Framework,...

Security Updates for Microsoft SQL Server (January 2024)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions...

CVE-2023-50731

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

Path traversal

MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the put method in mindsdb/mindsdb/api/http/namespaces/file.py does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which...

CVE-2023-50731

CVE-2023-50731 – MindsDB : The vulnerability arises in mindsdb/mindsdb/api/http/namespaces/file.py, where the PUT path does not validate the user-controlled name used for a temporary file. This leads to path injection, allowing arbitrary file writes via f.write(chunk) and potential write outside ...

The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

Design/Logic Flaw

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

CVE-2023-47261

Dokmee ECM 7.4.6 is affected: a response from GettingStarted/SaveSQLConnectionAsync /#/gettingstarted exposes a privileged SQL Server connection string, enabling potential enabling of xp_cmdshell and remote code execution. The incident is described across multiple sources (NVD, Red Hat, PRION, CN...

CVE-2023-47261

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync //gettingstarted request contains a connection string for privileged SQL Server database access, and xpcmdshell can be enabled...

CVE-2023-36006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-36006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...

CVE-2023-36006

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...