94 matches found
CVE-2024-21398
CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...
CVE-2024-21425
CVE-2024-21425 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The issue enables arbitrary code execution via the client driver when connecting to SQL Server and is rated CVSSv3.1 8.8 (High) with network att...
CVE-2024-49043
CVE-2024-49043 is a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll. Connected advisories tie this CVE to SQL Server ecosystems, listing it among a pattern of SQL Server Native Client/XEvent vulnerabilities fixed by November 2024 security updates (KB5046858 for...
CVE-2024-49008
SQL Server Native Client remote code execution (CVE-2024-49008) affects SQL Server Native Client as described in Microsoft advisories. The associated security updates KB5046858 (SQL Server 2017 CU31, build 14.0.3485.1) and KB5046859 (SQL Server 2019 GDR, build 15.0.2130.3) fix this vulnerability ...
CVE-2024-49015
CVE-2024-49015 is a SQL Server Native Client remote code execution vulnerability. Microsoft fixes are provided in KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 2019 GDR, addressing the SQL Native Client remote code execution family (CVE-2024-38255, CVE-2024-43459, CVE-2024-43462...
CVE-2024-48994
CVE-2024-48994 is a remote code execution vulnerability in the SQL Server Native Client. Microsoft security updates KB5046858/KB5046859 fix the issue across affected SQL Server Native Client components. For SQL Server 2017 CU31, builds include SQLServer2017-KB5046858-x64.exe (product version 14.0...
CVE-2024-48999
CVE-2024-48999 is a SQL Server Native Client remote code execution vulnerability. Connected sources confirm it affects SQL Server native client components and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix the vulnerabili...
CVE-2024-49018
CVE-2024-49018 is a remote code execution vulnerability in SQL Server Native Client. The vulnerability affects Microsoft SQL Server Native Client and is linked to the SQL Server Native Client Remote Code Execution family of issues. Microsoft addressed it in security updates KB5046858 (SQL Server ...
CVE-2024-49011
CVE-2024-49011 is a SQL Server Native Client Remote Code Execution vulnerability. Public data confirms it affects SQL Server Native Client component and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix the vulnerability acr...
CVE-2024-49000
CVE-2024-49000 is a SQL Server Native Client remote code execution vulnerability. Public details in connected KB5058718 indicate exploitation against SQL Server components and a fix provided in the July 2025 security update for SQL Server 2016 SP3 GDR (build 13.0.6460.7). Affected: SQL Server 201...
CVE-2024-49005
CVE-2024-49005: SQL Server Native Client Remote Code Execution Vulnerability. Exploitation is associated with the SQL Server Native Client component and is addressed by Microsoft security updates. The related advisories show multiple CVEs (including CVE-2024-49005) fixed in SQL Server Native Clie...
CVE-2024-37335
CVE-2024-37335 corresponds to a remote code execution vulnerability in the Microsoft SQL Server Native Scoring component. Public documentation confirms this CVE is part of a family of SQL Server Native Scoring vulnerabilities that allow an attacker who can reach the SQL Server over the network to...
CVE-2024-37339
CVE-2024-37339 corresponds to a remote code execution vulnerability in Microsoft SQL Server Native Scoring (Machine Learning Services). The flaw allows an attacker to execute arbitrary code on the vulnerable system. The base metrics show: AV:N, AC:L, PR:L, UI:N, S:U, C/H/I/A: H, with a base score...
CVE-2024-49002
CVE-2024-49002 is a SQL Server Native Client Remote Code Execution vulnerability. Connected documents confirm this vulnerability affects Microsoft SQL Server Native Client components and is addressed by November 2024 security updates. The MSKB KB5046858 (for SQL Server 2017 CU31) and KB5046859 (f...
CVE-2024-49009
CVE-2024-49009 is a SQL Server Native Client remote code execution vulnerability. Connected sources indicate this CVE is part of Microsoft’s November 2024 SQL Server security updates for SQL Server 2017 (GDR) and SQL Server 2017 CU31, addressing a family of vulnerabilities in the SQL Server Nativ...
CVE-2024-37338
CVE-2024-37338 is a remote code execution vulnerability in Microsoft SQL Server (Machine Learning/Native Scoring components) that can be exploited over the network without user interaction. The CVSS v3.1 base score is 8.8 (HIGH) with RCE, requiring LOW privileges and network access; impact is hig...
CVE-2024-48997
Summary (CVE-2024-48997) : A remote code execution vulnerability in SQL Server Native Client has been fixed. The CVE is listed among vulnerabilities addressed by Microsoft SQL Server updates (KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 2019 GDR) and is also included in the Nov...
CVE-2024-37337
CVE-2024-37337 corresponds to a Microsoft SQL Server Native Scoring Information Disclosure vulnerability. Public references in connected documents confirm information disclosure as the impact vector, with exploitation likely via SQL Server components, and remediation via Sept 2024 security update...
CVE-2024-37342
CVE-2024-37342 is a Microsoft SQL Server information-disclosure vulnerability in the SQL Server Native Scoring/Machine Learning components. Public details across connected documents confirm: affected software includes SQL Server 2017 (GDR) and SQL Server 2022 CU14 builds; the issue is tracked as ...
CVE-2026-32167
CVE-2026-32167 is a SQL Server Elevation of Privilege vulnerability caused by improper neutralization of input in SQL commands. An authorized local attacker could elevate privileges. Microsoft security updates address this CVE (e.g., KB5084815/KB5084816 for SQL Server 2022/2019 CU releases; relat...
CVE-2024-48998
CVE-2024-48998 affects SQL Server Native Client and is a remote code execution vulnerability. The vulnerability exists in the SQL Server Native Client component and can be triggered when a client connects to a malicious server, allowing an attacker to execute arbitrary code on the target host. Th...
CVE-2024-49007
CVE-2024-49007 is a SQL Server Native Client remote code execution vulnerability. The CVE is tied to SQL Server Native Client components used by Microsoft SQL Server. Connected documents indicate this issue is addressed in Microsoft security updates (KB5046857 and KB5046858) for SQL Server 2017 G...
CVE-2024-48993
CVE-2024-48993 is a vulnerability in the SQL Server Native Client that enables Remote Code Execution over the network. The connected documents identify the affected surface as the SQL Server Native Client component used by SQL Server (and related clients), with a root vulnerability that allows an...
CVE-2024-49012
CVE-2024-49012 is a Microsoft SQL Server Native Client remote code‑execution vulnerability. Public docs indicate the issue resides in the Native Client component and can allow an attacker to execute code on the server when a client connects to a rogue SQL Server, with exploitation requiring user ...
CVE-2024-26191
CVE-2024-26191 is a remote code execution vulnerability in Microsoft SQL Server Native Scoring. Exploitation could allow an attacker to execute arbitrary code by sending crafted input over the network, with no user interaction and required/low privileges. Public documents confirm this CVE is addr...
CVE-2024-49003
CVE-2024-49003 is a remote code execution vulnerability in the SQL Server Native Client affecting Microsoft SQL Server components. The issue is described as a SQL Server Native Client Remote Code Execution Vulnerability (noted in the related advisories) with a CVSSv3.1 base score of 8.8 (HIGH), n...
CVE-2025-49758
CVE-2025-49758 affects Microsoft SQL Server (e.g., SQL Server 2017 line) and is described as an elevation-of-privilege vulnerability caused by improper neutralization of certain elements in SQL commands (SQL injection) that can be exploited by an authenticated, network-present attacker to gain el...
CVE-2024-49006
CVE-2024-49006 is a SQL Server Native Client Remote Code Execution vulnerability. Public details in connected docs confirm the affected software is SQL Server Native Client (Native Client libraries used by SQL Server clients) and cite exploitation via remote code execution. The CVSS 3.1 score is ...
CVE-2024-49016
CVE-2024-49016 is a SQL Server Native Client Remote Code Execution vulnerability affecting the SQL Server Native Client component. The advisory context indicates this is addressed by security updates in KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix remote code ex...
CVE-2024-43459
CVE-2024-43459 is a Remote Code Execution hole in Microsoft SQL Server Native Client. Public docs note it affects SQL Server Native Client components and was addressed in security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), with builds indicating patched versions...
CVE-2024-49010
CVE-2024-49010 is a SQL Server Native Client Remote Code Execution vulnerability. Public references indicate it concerns SQL Server Native Client components and is fixed as part of Microsoft security updates (e.g., KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 2019 GDR). The CVE...
CVE-2024-49013
CVE-2024-49013 is a SQL Server Native Client Remote Code Execution vulnerability. The connected sources identify the flaw as affecting the SQL Server Native Client component and describe that successful exploitation could allow remote code execution via a vulnerable client—leading to compromise o...
CVE-2024-48995
CVE-2024-48995 is a SQL Server Native Client remote code execution vulnerability. The Nessus/NVD entries corroborate it as a SQL Server Native Client RCE and link to Microsoft security updates. Microsoft KB5046858 (SQL Server 2017 CU31, November 12, 2024) and KB5046859 (SQL Server 2019 GDR, Novem...
CVE-2025-47997
CVE-2025-47997 is an information-disclosure vulnerability in Microsoft SQL Server caused by a race-condition during concurrent access to a shared resource. The issue could allow an authorized user to disclose data over a network. Public details in connected sources indicate Microsoft has issued s...
CVE-2025-24999
CVE-2025-24999 is implicated in Microsoft SQL Server Elevation of Privilege via improper access control, enabling an authorized user to escalate privileges over a network. Public details confirm impact surface across SQL Server versions affected by the 2025 security updates; remediation is provid...
CVE-2026-33120
CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...
CVE-2025-59499
CVE-2025-59499 is a Microsoft SQL Server Elevation of Privilege vulnerability caused by improper neutralization of special elements in SQL commands (SQL injection). Exploitation could allow an authenticated attacker to elevate privileges over the network without user interaction. The CVE is addre...
CVE-2026-26115
CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...
CVE-2026-21262
CVE-2026-21262 affects Microsoft SQL Server and is a privilege-escalation vulnerability caused by improper access control. An authorized, network-present attacker with low privileges can elevate to sysadmin, potentially reading/changing data, creating accounts, or altering configurations, as desc...
CVE-2026-32176
CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...
CVE-2025-53727
CVE-2025-53727 is an Elevation of Privilege vulnerability in Microsoft SQL Server tied to improper neutralization of SQL elements (SQL injection). Publicly referenced fixes are included in SQL Server 2017 CU31 (build 14.0.3500.1) per KB5063759 and related security updates, and in SQL Server 2017 ...
CVE-2025-55227
CVE-2025-55227 is an Elevation of Privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements in a command (command injection). The CVE entry notes that an authenticated, network-connected attacker can leverage this to elevate privileges. Microsoft adviso...
CVE-2026-26116
CVE-2026-26116 is a SQL Server Elevation of Privilege vulnerability due to improper neutralization of special elements in SQL commands. Affected product: Microsoft SQL Server (SQL Server 2025 GDR) with potential network‑based exploitation and high impact (CVE-2026-26116). The issue is mitigated b...
CVE-2025-49759
CVE-2025-49759 is a Microsoft SQL Server Elevation of Privilege vulnerability arising from improper neutralization of input used in SQL commands (SQL injection) in system procedures. An authenticated attacker could exploit this over a network to elevate privileges within the affected SQL Server d...