84 matches found
CVE-2026-40370
CVE-2026-40370 is a SQL Server Remote Code Execution vulnerability described across multiple sources as external control of a file name or path that can allow an authorized attacker to run code over the network. Connected documents enumerate affected SQL Server components and versions (e.g., SQL ...
CVE-2024-38088
CVE-2024-38088 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. It affects Microsoft SQL Server components and is rated CVSSv3.1 8.8 (High) with network attack vector and required user interaction. The issue is being addressed via July 2024 Microsoft secur...
CVE-2024-38255
Summary (CVE-2024-38255) SQL Server Native Client Remote Code Execution Vulnerability affecting Microsoft SQL Server Native Client. Connected documents confirm this CVE is addressed by Microsoft security updates (CU/ GDR) for SQL Server 2017 and related components. Affected surface includes the N...
CVE-2024-26186
CVE-2024-26186 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. The Nessus/NVD data show exploitation requires network access with low attack complexity and low privileges, yielding high impact (C/H/I/A) per CVSS v3.1 (8.8, HIGH). Connected updates indicate affected p...
CVE-2024-37336
CVE-2024-37336 affects SQL Server Native Client OLE DB Provider. It is a remote code execution vulnerability in the OLE DB client used by SQL Server, with base score 8.8 (HIGH). Microsoft released a security update (July 2024) to fix this and related CVEs; the update package for SQL Server 2016 S...
CVE-2024-20701
CVE-2024-20701 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Publicly documented impact states that exploitation leads to arbitrary code execution on the client/server context when connecting to SQL Server. The issue is among a set of SQL Server vulnerabilitie...
CVE-2024-21303
CVE-2024-21303 is a SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The issue affects the OLE DB Provider component used by SQL Server clients, with a remote attacker able to trigger code execution by supplying malicious data during client-server interaction. The vul...
CVE-2024-38087
CVE-2024-38087 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client and server interaction via the OLE DB driver). Root cause: vulnerability in the OLE DB Provider that can allow arbitrary code exec...
CVE-2024-37323
CVE-2024-37323 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting SQL Server Native Client/OLE DB Provider usage. The CVSSv3.1 base score is 8.8 (HIGH); attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction REQUIRED, and ...
CVE-2024-37332
CVE-2024-37332 is a Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). Connected documents confirm the CVE is part of a broader set of SQL Server NCDP vulnerabilit...
CVE-2024-21332
CVE-2024-21332 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider. Underlying issue: remote code execution (CVSS v3.1: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation would require network access ...
CVE-2024-37319
CVE-2024-37319 is a Microsoft SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data confirms the flaw affects the SQL Server Native Client OLE DB Provider, with a CVSS v3.1 base score of 8.8 (High). Attack vector is NETWORK; exploitation requires user int...
CVE-2024-21449
CVE-2024-21449 is a vulnerability in the Microsoft SQL Server Native Client OLE DB Provider that enables remote code execution. Affected component: SQL Server Native Client OLE DB Provider (client/driver) used by SQL Server and clients. Root cause: improper handling of data returned by the provid...
CVE-2024-37318
CVE-2024-37318 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 base score is 8.8 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction: REQUIRED; Impact on confidentiality, integrity, and availabi...
CVE-2024-35272
CVE-2024-35272 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The NCSC advisory and Microsoft KB update confirm the issue affects Windows SQL Server components and was fixed by July 9, 2024 security updates (KB5040944). The vulnerability allows code execution i...
CVE-2024-37330
CVE-2024-37330 affects the SQL Server Native Client OLE DB Provider and is described as a Remote Code Execution vulnerability with CVSSv3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8. Connected sources confirm the issue is part of SQL Server OLE DB client/provider components and that th...
CVE-2024-37331
CVE-2024-37331 — SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The connected documents identify this CVE as affecting the SQL Server Native Client OLE DB Provider and note it is addressed by the July 2024 Microsoft SQL Server security update (KB5040944), which list...
CVE-2024-21335
CVE-2024-21335 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The connected sources confirm the flaw affects the OLE DB Provider used by SQL Server clients, enabling arbitrary code execution on a vulnerable system. Public details cite a high impact (CVSSv3 8.8)...
CVE-2024-37965
CVE-2024-37965 is a Microsoft SQL Server Elevation of Privilege vulnerability. Exploitation requires authentication and could grant elevated privileges within SQL Server. Public details are supported by Nessus/NVD/NCSC entries and the Microsoft update KB5042215 (SQL Server CU31, Sept 10 2024) whi...
CVE-2024-43462
CVE-2024-43462 is a SQL Server Native Client Remote Code Execution vulnerability. The connected material ties this CVE to Microsoft SQL Server Native Client remote code execution issues fixed via security updates in November 2024 (KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 20...
CVE-2024-37320
CVE-2024-37320 affects the SQL Server Native Client OLE DB Provider and enables remote code execution via the OLE DB client library. The vulnerability is network-facing with low attack complexity and requires user interaction, with high impact on confidentiality, integrity, and availability (CVSS...
CVE-2024-37333
CVE-2024-37333 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. It is rated CVSSv3.1 8.8 (High) with network attack vector, low attack complexity, no privileges required, but user interaction is required. The connected sources indicate this entry is part o...
CVE-2024-21308
CVE-2024-21308 affects the SQL Server Native Client OLE DB Provider. The vulnerability enables remote code execution when a vulnerable client communicates with a server presenting malicious data (attack vector: NETWORK; user interaction required). Microsoft released fixes in the July 9, 2024 secu...
CVE-2024-37322
CVE-2024-37322 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. Affected component: SQL Server Native Client OLE DB Provider used by clients to connect to SQL Server. Underlying issue: remote code execution with network access (CVSSv3.1: AV:N/AC:L/PR:N/UI:...
CVE-2024-49004
CVE-2024-49004 is a SQL Server Native Client Remote Code Execution vulnerability. The issue affects the SQL Server Native Client component and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix remote code execution via DLL p...
CVE-2024-37326
CVE-2024-37326 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The impact is high (CVSS v3.1: 8.8, Confidentiality/Integrity/Availability: High) with network attack vector, no privileges required, but user interaction is required. Affected component is the SQL S...
CVE-2024-35256
CVE-2024-35256 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The issue affects the client driver component used to connect to SQL Server and enables arbitrary code execution if a vulnerable driver is used. The advisory data shows this CVE is included in...
CVE-2024-37324
CVE-2024-37324 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The reliable sources in the provided documents confirm the affected component as the SQL Server Native Client OLE DB Provider and indicate an RCE impact. Microsoft has released up...
CVE-2024-37327
CVE-2024-37327 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, but user interaction is required. Technical details in connected d...
CVE-2024-21317
CVE-2024-21317 affects the SQL Server Native Client OLE DB Provider and is an active SQL Server Client vulnerability that enables remote code execution via the OLE DB driver. The CVE is listed among multiple SQL Server RC vulnerabilities, with a CVSSv3 base score of 8.8 (Network attack, no privil...
CVE-2024-21331
CVE-2024-21331 corresponds to a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVE is publicly listed with a CVSSv3.1 base score of 8.8 (HIGH) and a network attack vector, with user interaction required, as per the CVSS data in the initial document. The v...
CVE-2024-37329
CVE-2024-37329 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The initial documents identify the affected component as the OLE DB Provider used by SQL Server clients, with the root cause described as a remote code execution path when interacting with the...
CVE-2024-49017
CVE-2024-49017 is a SQL Server Native Client remote code execution vulnerability affecting Microsoft SQL Server Native Client components. Connected advisories indicate this CVE is addressed via Microsoft security updates (e.g., KB5046857, KB5046858) for SQL Server 2017 GDR/CU31, updating builds t...
CVE-2024-21414
CVE-2024-21414 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 score is 8.8 (NETWORK). Likely exploit involves crafted data returned by the OLE DB Provider, potentially affecting SQL Server clients connecting to vulnerable servers. Microsoft ...
CVE-2024-37328
CVE-2024-37328 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. CVSSv3.1 base score 8.8 (HIGH) with Network attack vector and user interaction required, implying exploitation via a crafted data response when the client driver is used to connect to a SQL Se...
CVE-2024-28928
CVE-2024-28928 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client/server interaction). Root cause: flaw in the OLE DB Provider enabling arbitrary code execution. Impact: remote code execution with...
CVE-2026-26115
CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...
CVE-2024-21428
CVE-2024-21428 is a remote code execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The available documents consistently describe it as an RCE issue tied to the Native Client OLE DB Provider in SQL Server. The Nessus entries enumerate this CVE as part of a broader set ...
CVE-2024-35271
CVE-2024-35271 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSS v3.1 score in the initial records is 8.8 (HIGH), with network attack vector, no privileges required, but user interaction needed, and impact on confidentiality, integrity, and availab...
CVE-2024-21415
CVE-2024-21415 covers a remote code execution flaw in the SQL Server Native Client OLE DB Provider. According to the July 2024 Patch Tuesday coverage, exploitation would allow an attacker to achieve arbitrary code execution via the client-side OLE DB driver when connecting to a SQL Server, with a...
CVE-2024-49001
CVE-2024-49001 is a vulnerability in the SQL Server Native Client described as a Remote Code Execution in the SQL Server Native Client. Connected documentation shows affected Microsoft SQL Server Native Client components and specifies fixes delivered via the November 2024 security update for SQL ...
CVE-2024-21333
CVE-2024-21333 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data indicates an RCE in the Native Client OLE DB Provider used by SQL Server clients, with a CVSSv3.1 base score of 8.8 (Network, Low attack complexity, No privileges required, user int...
CVE-2024-37321
CVE-2024-37321 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The connected data confirms affected component is the SQL Server Native Client OLE DB Provider and root cause is remote code execution via that provider. The CVSSv3.1 base score is 8.8 (HIGH), with a...
CVE-2024-37340
CVE-2024-37340 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. Connected sources confirm affected component scope relates to SQL Server with Machine Learning/Native Scoring functionality and indicate a fix was released in the September 2024 updates. Microsoft’s KB504...
CVE-2024-49014
CVE-2024-49014 is a SQL Server Native Client remote code execution vulnerability that Microsoft fixed in a 2024 November security update. The related advisories (KB5046857/KB5046858) enumerate CVE-2024-49014 among a set of SQL Native Client remote code execution bugs and document that the updates...
CVE-2024-48996
CVE-2024-48996 is a remote code execution vulnerability affecting Microsoft SQL Server Native Client. The advisory notes that the vulnerability exists in the SQL Server Native Client component and can allow total compromise of the affected system, with CVSSv3.1 base score 8.8 (Network, Low attack...
CVE-2024-49018
CVE-2024-49018 is a remote code execution vulnerability in SQL Server Native Client. The vulnerability affects Microsoft SQL Server Native Client and is linked to the SQL Server Native Client Remote Code Execution family of issues. Microsoft addressed it in security updates KB5046858 (SQL Server ...
CVE-2024-21373
CVE-2024-21373 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The affected component is the SQL Server Native Client OLE DB Provider, and the vulnerability enables code execution on the client when connecting to a vulnerable SQL Server instance, with a C...
CVE-2024-21398
CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...
CVE-2024-49000
CVE-2024-49000 is a SQL Server Native Client remote code execution vulnerability. Public details in connected KB5058718 indicate exploitation against SQL Server components and a fix provided in the July 2025 security update for SQL Server 2016 SP3 GDR (build 13.0.6460.7). Affected: SQL Server 201...