95 matches found
CVE-2024-37341
CVE-2024-37341 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected docs confirm the issue affects SQL Server components and was patched via KB5046062 (security update for SQL Server 2016 SP3 Azure Connect Feature Pack). The update lists SQL Server builds such as SQLServer201...
CVE-2024-38088
CVE-2024-38088 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. It affects Microsoft SQL Server components and is rated CVSSv3.1 8.8 (High) with network attack vector and required user interaction. The issue is being addressed via July 2024 Microsoft secur...
CVE-2024-38255
Summary (CVE-2024-38255) SQL Server Native Client Remote Code Execution Vulnerability affecting Microsoft SQL Server Native Client. Connected documents confirm this CVE is addressed by Microsoft security updates (CU/ GDR) for SQL Server 2017 and related components. Affected surface includes the N...
CVE-2024-26186
CVE-2024-26186 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. The Nessus/NVD data show exploitation requires network access with low attack complexity and low privileges, yielding high impact (C/H/I/A) per CVSS v3.1 (8.8, HIGH). Connected updates indicate affected p...
CVE-2024-20701
CVE-2024-20701 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Publicly documented impact states that exploitation leads to arbitrary code execution on the client/server context when connecting to SQL Server. The issue is among a set of SQL Server vulnerabilitie...
CVE-2024-21303
CVE-2024-21303 is a SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The issue affects the OLE DB Provider component used by SQL Server clients, with a remote attacker able to trigger code execution by supplying malicious data during client-server interaction. The vul...
CVE-2024-37336
CVE-2024-37336 affects SQL Server Native Client OLE DB Provider. It is a remote code execution vulnerability in the OLE DB client used by SQL Server, with base score 8.8 (HIGH). Microsoft released a security update (July 2024) to fix this and related CVEs; the update package for SQL Server 2016 S...
CVE-2024-38087
CVE-2024-38087 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client and server interaction via the OLE DB driver). Root cause: vulnerability in the OLE DB Provider that can allow arbitrary code exec...
CVE-2024-49021
CVE-2024-49021 is a Microsoft SQL Server Remote Code Execution vulnerability. Public documents identify the affected component as SQL Server (server-side) with the CVE labeled as a remote code execution issue. The vulnerability is described with a high impact on confidentiality, integrity, and av...
CVE-2024-37323
CVE-2024-37323 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting SQL Server Native Client/OLE DB Provider usage. The CVSSv3.1 base score is 8.8 (HIGH); attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction REQUIRED, and ...
CVE-2024-37332
CVE-2024-37332 is a Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). Connected documents confirm the CVE is part of a broader set of SQL Server NCDP vulnerabilit...
CVE-2024-21332
CVE-2024-21332 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider. Underlying issue: remote code execution (CVSS v3.1: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation would require network access ...
CVE-2024-35272
CVE-2024-35272 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The NCSC advisory and Microsoft KB update confirm the issue affects Windows SQL Server components and was fixed by July 9, 2024 security updates (KB5040944). The vulnerability allows code execution i...
CVE-2024-37331
CVE-2024-37331 โ SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The connected documents identify this CVE as affecting the SQL Server Native Client OLE DB Provider and note it is addressed by the July 2024 Microsoft SQL Server security update (KB5040944), which list...
CVE-2024-37319
CVE-2024-37319 is a Microsoft SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data confirms the flaw affects the SQL Server Native Client OLE DB Provider, with a CVSS v3.1 base score of 8.8 (High). Attack vector is NETWORK; exploitation requires user int...
CVE-2024-37330
CVE-2024-37330 affects the SQL Server Native Client OLE DB Provider and is described as a Remote Code Execution vulnerability with CVSSv3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8. Connected sources confirm the issue is part of SQL Server OLE DB client/provider components and that th...
CVE-2024-37318
CVE-2024-37318 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 base score is 8.8 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction: REQUIRED; Impact on confidentiality, integrity, and availabi...
CVE-2024-37322
CVE-2024-37322 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. Affected component: SQL Server Native Client OLE DB Provider used by clients to connect to SQL Server. Underlying issue: remote code execution with network access (CVSSv3.1: AV:N/AC:L/PR:N/UI:...
CVE-2024-49004
CVE-2024-49004 is a SQL Server Native Client Remote Code Execution vulnerability. The issue affects the SQL Server Native Client component and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix remote code execution via DLL p...
CVE-2024-21308
CVE-2024-21308 affects the SQL Server Native Client OLE DB Provider. The vulnerability enables remote code execution when a vulnerable client communicates with a server presenting malicious data (attack vector: NETWORK; user interaction required). Microsoft released fixes in the July 9, 2024 secu...
CVE-2024-37333
CVE-2024-37333 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. It is rated CVSSv3.1 8.8 (High) with network attack vector, low attack complexity, no privileges required, but user interaction is required. The connected sources indicate this entry is part o...
CVE-2024-43462
CVE-2024-43462 is a SQL Server Native Client Remote Code Execution vulnerability. The connected material ties this CVE to Microsoft SQL Server Native Client remote code execution issues fixed via security updates in November 2024 (KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 20...
CVE-2024-21449
CVE-2024-21449 is a vulnerability in the Microsoft SQL Server Native Client OLE DB Provider that enables remote code execution. Affected component: SQL Server Native Client OLE DB Provider (client/driver) used by SQL Server and clients. Root cause: improper handling of data returned by the provid...
CVE-2024-37326
CVE-2024-37326 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The impact is high (CVSS v3.1: 8.8, Confidentiality/Integrity/Availability: High) with network attack vector, no privileges required, but user interaction is required. Affected component is the SQL S...
CVE-2024-37324
CVE-2024-37324 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The reliable sources in the provided documents confirm the affected component as the SQL Server Native Client OLE DB Provider and indicate an RCE impact. Microsoft has released up...
CVE-2024-21317
CVE-2024-21317 affects the SQL Server Native Client OLE DB Provider and is an active SQL Server Client vulnerability that enables remote code execution via the OLE DB driver. The CVE is listed among multiple SQL Server RC vulnerabilities, with a CVSSv3 base score of 8.8 (Network attack, no privil...
CVE-2024-37327
CVE-2024-37327 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, but user interaction is required. Technical details in connected d...
CVE-2024-35256
CVE-2024-35256 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The issue affects the client driver component used to connect to SQL Server and enables arbitrary code execution if a vulnerable driver is used. The advisory data shows this CVE is included in...
CVE-2024-21335
CVE-2024-21335 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The connected sources confirm the flaw affects the OLE DB Provider used by SQL Server clients, enabling arbitrary code execution on a vulnerable system. Public details cite a high impact (CVSSv3 8.8)...
CVE-2024-37329
CVE-2024-37329 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The initial documents identify the affected component as the OLE DB Provider used by SQL Server clients, with the root cause described as a remote code execution path when interacting with the...
CVE-2024-37320
CVE-2024-37320 affects the SQL Server Native Client OLE DB Provider and enables remote code execution via the OLE DB client library. The vulnerability is network-facing with low attack complexity and requires user interaction, with high impact on confidentiality, integrity, and availability (CVSS...
CVE-2024-37328
CVE-2024-37328 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. CVSSv3.1 base score 8.8 (HIGH) with Network attack vector and user interaction required, implying exploitation via a crafted data response when the client driver is used to connect to a SQL Se...
CVE-2024-43474
CVE-2024-43474 is a Microsoft SQL Server information-disclosure vulnerability. Connected sources confirm an authenticated remote access risk that could disclose sensitive database and file information. Security updates exist for multiple SQL Server branches: KB5042217 (SQL Server 2017 GDR), KB504...
CVE-2024-49017
CVE-2024-49017 is a SQL Server Native Client remote code execution vulnerability affecting Microsoft SQL Server Native Client components. Connected advisories indicate this CVE is addressed via Microsoft security updates (e.g., KB5046857, KB5046858) for SQL Server 2017 GDR/CU31, updating builds t...
CVE-2024-21331
CVE-2024-21331 corresponds to a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVE is publicly listed with a CVSSv3.1 base score of 8.8 (HIGH) and a network attack vector, with user interaction required, as per the CVSS data in the initial document. The v...
CVE-2024-37980
CVE-2024-37980 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected sources confirm affected product family as Microsoft SQL Server (various editions/versions in scope). The root cause involves an Elevation of Privilege issue likely exploitable by an authenticated remote atta...
CVE-2024-21333
CVE-2024-21333 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data indicates an RCE in the Native Client OLE DB Provider used by SQL Server clients, with a CVSSv3.1 base score of 8.8 (Network, Low attack complexity, No privileges required, user int...
CVE-2024-37965
CVE-2024-37965 is a Microsoft SQL Server Elevation of Privilege vulnerability. Exploitation requires authentication and could grant elevated privileges within SQL Server. Public details are supported by Nessus/NVD/NCSC entries and the Microsoft update KB5042215 (SQL Server CU31, Sept 10 2024) whi...
CVE-2024-21414
CVE-2024-21414 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 score is 8.8 (NETWORK). Likely exploit involves crafted data returned by the OLE DB Provider, potentially affecting SQL Server clients connecting to vulnerable servers. Microsoft ...
CVE-2024-21428
CVE-2024-21428 is a remote code execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The available documents consistently describe it as an RCE issue tied to the Native Client OLE DB Provider in SQL Server. The Nessus entries enumerate this CVE as part of a broader set ...
CVE-2024-28928
CVE-2024-28928 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client/server interaction). Root cause: flaw in the OLE DB Provider enabling arbitrary code execution. Impact: remote code execution with...
CVE-2024-35271
CVE-2024-35271 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSS v3.1 score in the initial records is 8.8 (HIGH), with network attack vector, no privileges required, but user interaction needed, and impact on confidentiality, integrity, and availab...
CVE-2024-37321
CVE-2024-37321 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The connected data confirms affected component is the SQL Server Native Client OLE DB Provider and root cause is remote code execution via that provider. The CVSSv3.1 base score is 8.8 (HIGH), with a...
CVE-2024-21373
CVE-2024-21373 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The affected component is the SQL Server Native Client OLE DB Provider, and the vulnerability enables code execution on the client when connecting to a vulnerable SQL Server instance, with a C...
CVE-2024-21415
CVE-2024-21415 covers a remote code execution flaw in the SQL Server Native Client OLE DB Provider. According to the July 2024 Patch Tuesday coverage, exploitation would allow an attacker to achieve arbitrary code execution via the client-side OLE DB driver when connecting to a SQL Server, with a...
CVE-2024-48996
CVE-2024-48996 is a remote code execution vulnerability affecting Microsoft SQL Server Native Client. The advisory notes that the vulnerability exists in the SQL Server Native Client component and can allow total compromise of the affected system, with CVSSv3.1 base score 8.8 (Network, Low attack...
CVE-2024-49001
CVE-2024-49001 is a vulnerability in the SQL Server Native Client described as a Remote Code Execution in the SQL Server Native Client. Connected documentation shows affected Microsoft SQL Server Native Client components and specifies fixes delivered via the November 2024 security update for SQL ...
CVE-2024-37340
CVE-2024-37340 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. Connected sources confirm affected component scope relates to SQL Server with Machine Learning/Native Scoring functionality and indicate a fix was released in the September 2024 updates. Microsoftโs KB504...
CVE-2025-49719
CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...
CVE-2024-21398
CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...