12 matches found
CVE-2024-29045
CVE-2024-29045 is a remote code execution vulnerability in the Microsoft OLE DB Driver for SQL Server. Exploitation is network-based with no privileges required and user interaction needed (per CVSS: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue affects the OLE DB Driver for SQL Server and is a...
CVE-2024-49021
CVE-2024-49021 is a Microsoft SQL Server Remote Code Execution vulnerability. Public documents identify the affected component as SQL Server (server-side) with the CVE labeled as a remote code execution issue. The vulnerability is described with a high impact on confidentiality, integrity, and av...
CVE-2025-49719
CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...
CVE-2024-43474
CVE-2024-43474 is a Microsoft SQL Server information-disclosure vulnerability. Connected sources confirm an authenticated remote access risk that could disclose sensitive database and file information. Security updates exist for multiple SQL Server branches: KB5042217 (SQL Server 2017 GDR), KB504...
CVE-2026-32167
CVE-2026-32167 is a SQL Server Elevation of Privilege vulnerability caused by improper neutralization of input in SQL commands. An authorized local attacker could elevate privileges. Microsoft security updates address this CVE (e.g., KB5084815/KB5084816 for SQL Server 2022/2019 CU releases; relat...
CVE-2024-49043
CVE-2024-49043 is a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll. Connected advisories tie this CVE to SQL Server ecosystems, listing it among a pattern of SQL Server Native Client/XEvent vulnerabilities fixed by November 2024 security updates (KB5046858 for...
CVE-2026-32176
CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...
CVE-2024-37337
CVE-2024-37337 corresponds to a Microsoft SQL Server Native Scoring Information Disclosure vulnerability. Public references in connected documents confirm information disclosure as the impact vector, with exploitation likely via SQL Server components, and remediation via Sept 2024 security update...
CVE-2024-37342
CVE-2024-37342 is a Microsoft SQL Server information-disclosure vulnerability in the SQL Server Native Scoring/Machine Learning components. Public details across connected documents confirm: affected software includes SQL Server 2017 (GDR) and SQL Server 2022 CU14 builds; the issue is tracked as ...
CVE-2024-37966
CVE-2024-37966 is a Microsoft SQL Server Native Scoring information disclosure vulnerability. Public docs identify it as an information disclosure issue in the SQL Server Native Scoring component, with the vulnerability enabling an attacker to access sensitive data. The connected update reference...
CVE-2025-49718
CVE-2025-49718 is a Microsoft SQL Server information-disclosure vulnerability described as “Use of uninitialized resource in SQL Server” that could allow an attacker to disclose information over the network. Connected sources confirm this CVE is addressed by Microsoft security updates and fixes i...
CVE-2026-47296
CVE-2026-47296 is an elevation-of-privilege vulnerability in Microsoft SQL Server caused by improper neutralization of special elements used in a SQL command (SQL injection). An authorized attacker operating locally with low privileges and no user interaction can escalate privileges (impacting co...