137 matches found
CVE-2024-37332
CVE-2024-37332 is a Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). Connected documents confirm the CVE is part of a broader set of SQL Server NCDP vulnerabilit...
CVE-2024-21332
CVE-2024-21332 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider. Underlying issue: remote code execution (CVSS v3.1: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation would require network access ...
CVE-2024-37319
CVE-2024-37319 is a Microsoft SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data confirms the flaw affects the SQL Server Native Client OLE DB Provider, with a CVSS v3.1 base score of 8.8 (High). Attack vector is NETWORK; exploitation requires user int...
CVE-2025-49717
CVE-2025-49717 is a Microsoft SQL Server remote code execution vulnerability caused by a heap-based buffer overflow in SQL Server. The impact is network-exploitable with authenticated attacker privileges (low) and no user interaction, under changed scope, per the CVSS data. Public disclosures and...
CVE-2024-35272
CVE-2024-35272 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The NCSC advisory and Microsoft KB update confirm the issue affects Windows SQL Server components and was fixed by July 9, 2024 security updates (KB5040944). The vulnerability allows code execution i...
CVE-2024-37331
CVE-2024-37331 — SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The connected documents identify this CVE as affecting the SQL Server Native Client OLE DB Provider and note it is addressed by the July 2024 Microsoft SQL Server security update (KB5040944), which list...
CVE-2024-37318
CVE-2024-37318 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 base score is 8.8 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction: REQUIRED; Impact on confidentiality, integrity, and availabi...
CVE-2024-37330
CVE-2024-37330 affects the SQL Server Native Client OLE DB Provider and is described as a Remote Code Execution vulnerability with CVSSv3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8. Connected sources confirm the issue is part of SQL Server OLE DB client/provider components and that th...
CVE-2024-49004
CVE-2024-49004 is a SQL Server Native Client Remote Code Execution vulnerability. The issue affects the SQL Server Native Client component and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix remote code execution via DLL p...
CVE-2024-37322
CVE-2024-37322 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. Affected component: SQL Server Native Client OLE DB Provider used by clients to connect to SQL Server. Underlying issue: remote code execution with network access (CVSSv3.1: AV:N/AC:L/PR:N/UI:...
CVE-2024-37333
CVE-2024-37333 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. It is rated CVSSv3.1 8.8 (High) with network attack vector, low attack complexity, no privileges required, but user interaction is required. The connected sources indicate this entry is part o...
CVE-2024-21449
CVE-2024-21449 is a vulnerability in the Microsoft SQL Server Native Client OLE DB Provider that enables remote code execution. Affected component: SQL Server Native Client OLE DB Provider (client/driver) used by SQL Server and clients. Root cause: improper handling of data returned by the provid...
CVE-2024-21308
CVE-2024-21308 affects the SQL Server Native Client OLE DB Provider. The vulnerability enables remote code execution when a vulnerable client communicates with a server presenting malicious data (attack vector: NETWORK; user interaction required). Microsoft released fixes in the July 9, 2024 secu...
CVE-2024-43462
CVE-2024-43462 is a SQL Server Native Client Remote Code Execution vulnerability. The connected material ties this CVE to Microsoft SQL Server Native Client remote code execution issues fixed via security updates in November 2024 (KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 20...
CVE-2024-35256
CVE-2024-35256 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The issue affects the client driver component used to connect to SQL Server and enables arbitrary code execution if a vulnerable driver is used. The advisory data shows this CVE is included in...
CVE-2024-37326
CVE-2024-37326 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The impact is high (CVSS v3.1: 8.8, Confidentiality/Integrity/Availability: High) with network attack vector, no privileges required, but user interaction is required. Affected component is the SQL S...
CVE-2024-37324
CVE-2024-37324 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The reliable sources in the provided documents confirm the affected component as the SQL Server Native Client OLE DB Provider and indicate an RCE impact. Microsoft has released up...
CVE-2024-21317
CVE-2024-21317 affects the SQL Server Native Client OLE DB Provider and is an active SQL Server Client vulnerability that enables remote code execution via the OLE DB driver. The CVE is listed among multiple SQL Server RC vulnerabilities, with a CVSSv3 base score of 8.8 (Network attack, no privil...
CVE-2024-37320
CVE-2024-37320 affects the SQL Server Native Client OLE DB Provider and enables remote code execution via the OLE DB client library. The vulnerability is network-facing with low attack complexity and requires user interaction, with high impact on confidentiality, integrity, and availability (CVSS...
CVE-2024-37327
CVE-2024-37327 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, but user interaction is required. Technical details in connected d...
CVE-2024-37329
CVE-2024-37329 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The initial documents identify the affected component as the OLE DB Provider used by SQL Server clients, with the root cause described as a remote code execution path when interacting with the...
CVE-2024-21335
CVE-2024-21335 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The connected sources confirm the flaw affects the OLE DB Provider used by SQL Server clients, enabling arbitrary code execution on a vulnerable system. Public details cite a high impact (CVSSv3 8.8)...
CVE-2024-43474
CVE-2024-43474 is a Microsoft SQL Server information-disclosure vulnerability. Connected sources confirm an authenticated remote access risk that could disclose sensitive database and file information. Security updates exist for multiple SQL Server branches: KB5042217 (SQL Server 2017 GDR), KB504...
CVE-2024-37328
CVE-2024-37328 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. CVSSv3.1 base score 8.8 (HIGH) with Network attack vector and user interaction required, implying exploitation via a crafted data response when the client driver is used to connect to a SQL Se...
CVE-2024-21331
CVE-2024-21331 corresponds to a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVE is publicly listed with a CVSSv3.1 base score of 8.8 (HIGH) and a network attack vector, with user interaction required, as per the CVSS data in the initial document. The v...
CVE-2024-37965
CVE-2024-37965 is a Microsoft SQL Server Elevation of Privilege vulnerability. Exploitation requires authentication and could grant elevated privileges within SQL Server. Public details are supported by Nessus/NVD/NCSC entries and the Microsoft update KB5042215 (SQL Server CU31, Sept 10 2024) whi...
CVE-2024-49017
CVE-2024-49017 is a SQL Server Native Client remote code execution vulnerability affecting Microsoft SQL Server Native Client components. Connected advisories indicate this CVE is addressed via Microsoft security updates (e.g., KB5046857, KB5046858) for SQL Server 2017 GDR/CU31, updating builds t...
CVE-2024-21414
CVE-2024-21414 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 score is 8.8 (NETWORK). Likely exploit involves crafted data returned by the OLE DB Provider, potentially affecting SQL Server clients connecting to vulnerable servers. Microsoft ...
CVE-2024-21428
CVE-2024-21428 is a remote code execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The available documents consistently describe it as an RCE issue tied to the Native Client OLE DB Provider in SQL Server. The Nessus entries enumerate this CVE as part of a broader set ...
CVE-2024-35271
CVE-2024-35271 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSS v3.1 score in the initial records is 8.8 (HIGH), with network attack vector, no privileges required, but user interaction needed, and impact on confidentiality, integrity, and availab...
CVE-2024-37980
CVE-2024-37980 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected sources confirm affected product family as Microsoft SQL Server (various editions/versions in scope). The root cause involves an Elevation of Privilege issue likely exploitable by an authenticated remote atta...
CVE-2024-21333
CVE-2024-21333 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data indicates an RCE in the Native Client OLE DB Provider used by SQL Server clients, with a CVSSv3.1 base score of 8.8 (Network, Low attack complexity, No privileges required, user int...
CVE-2024-28928
CVE-2024-28928 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client/server interaction). Root cause: flaw in the OLE DB Provider enabling arbitrary code execution. Impact: remote code execution with...
CVE-2024-37321
CVE-2024-37321 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The connected data confirms affected component is the SQL Server Native Client OLE DB Provider and root cause is remote code execution via that provider. The CVSSv3.1 base score is 8.8 (HIGH), with a...
CVE-2024-49001
CVE-2024-49001 is a vulnerability in the SQL Server Native Client described as a Remote Code Execution in the SQL Server Native Client. Connected documentation shows affected Microsoft SQL Server Native Client components and specifies fixes delivered via the November 2024 security update for SQL ...
CVE-2025-49719
CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...
CVE-2024-37340
CVE-2024-37340 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. Connected sources confirm affected component scope relates to SQL Server with Machine Learning/Native Scoring functionality and indicate a fix was released in the September 2024 updates. Microsoft’s KB504...
CVE-2024-21415
CVE-2024-21415 covers a remote code execution flaw in the SQL Server Native Client OLE DB Provider. According to the July 2024 Patch Tuesday coverage, exploitation would allow an attacker to achieve arbitrary code execution via the client-side OLE DB driver when connecting to a SQL Server, with a...
CVE-2024-21373
CVE-2024-21373 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The affected component is the SQL Server Native Client OLE DB Provider, and the vulnerability enables code execution on the client when connecting to a vulnerable SQL Server instance, with a C...
CVE-2024-48996
CVE-2024-48996 is a remote code execution vulnerability affecting Microsoft SQL Server Native Client. The advisory notes that the vulnerability exists in the SQL Server Native Client component and can allow total compromise of the affected system, with CVSSv3.1 base score 8.8 (Network, Low attack...
CVE-2024-49014
CVE-2024-49014 is a SQL Server Native Client remote code execution vulnerability that Microsoft fixed in a 2024 November security update. The related advisories (KB5046857/KB5046858) enumerate CVE-2024-49014 among a set of SQL Native Client remote code execution bugs and document that the updates...
CVE-2024-21398
CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...
CVE-2024-21425
CVE-2024-21425 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The issue enables arbitrary code execution via the client driver when connecting to SQL Server and is rated CVSSv3.1 8.8 (High) with network att...
CVE-2024-49043
CVE-2024-49043 is a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll. Connected advisories tie this CVE to SQL Server ecosystems, listing it among a pattern of SQL Server Native Client/XEvent vulnerabilities fixed by November 2024 security updates (KB5046858 for...
CVE-2024-49008
SQL Server Native Client remote code execution (CVE-2024-49008) affects SQL Server Native Client as described in Microsoft advisories. The associated security updates KB5046858 (SQL Server 2017 CU31, build 14.0.3485.1) and KB5046859 (SQL Server 2019 GDR, build 15.0.2130.3) fix this vulnerability ...
CVE-2024-49015
CVE-2024-49015 is a SQL Server Native Client remote code execution vulnerability. Microsoft fixes are provided in KB5046858 for SQL Server 2017 CU31 and KB5046859 for SQL Server 2019 GDR, addressing the SQL Native Client remote code execution family (CVE-2024-38255, CVE-2024-43459, CVE-2024-43462...
CVE-2024-48994
CVE-2024-48994 is a remote code execution vulnerability in the SQL Server Native Client. Microsoft security updates KB5046858/KB5046859 fix the issue across affected SQL Server Native Client components. For SQL Server 2017 CU31, builds include SQLServer2017-KB5046858-x64.exe (product version 14.0...
CVE-2024-48999
CVE-2024-48999 is a SQL Server Native Client remote code execution vulnerability. Connected sources confirm it affects SQL Server native client components and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix the vulnerabili...
CVE-2024-49018
CVE-2024-49018 is a remote code execution vulnerability in SQL Server Native Client. The vulnerability affects Microsoft SQL Server Native Client and is linked to the SQL Server Native Client Remote Code Execution family of issues. Microsoft addressed it in security updates KB5046858 (SQL Server ...
CVE-2024-49011
CVE-2024-49011 is a SQL Server Native Client Remote Code Execution vulnerability. Public data confirms it affects SQL Server Native Client component and is addressed by Microsoft security updates KB5046858 (SQL Server 2017 CU31) and KB5046859 (SQL Server 2019 GDR), which fix the vulnerability acr...