109 matches found
CVE-2024-37332
CVE-2024-37332 is a Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). Connected documents confirm the CVE is part of a broader set of SQL Server NCDP vulnerabilit...
CVE-2024-21332
CVE-2024-21332 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider. Underlying issue: remote code execution (CVSS v3.1: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation would require network access ...
CVE-2024-37319
CVE-2024-37319 is a Microsoft SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data confirms the flaw affects the SQL Server Native Client OLE DB Provider, with a CVSS v3.1 base score of 8.8 (High). Attack vector is NETWORK; exploitation requires user int...
CVE-2024-21449
CVE-2024-21449 is a vulnerability in the Microsoft SQL Server Native Client OLE DB Provider that enables remote code execution. Affected component: SQL Server Native Client OLE DB Provider (client/driver) used by SQL Server and clients. Root cause: improper handling of data returned by the provid...
CVE-2024-35272
CVE-2024-35272 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The NCSC advisory and Microsoft KB update confirm the issue affects Windows SQL Server components and was fixed by July 9, 2024 security updates (KB5040944). The vulnerability allows code execution i...
CVE-2024-37318
CVE-2024-37318 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 base score is 8.8 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction: REQUIRED; Impact on confidentiality, integrity, and availabi...
CVE-2024-37330
CVE-2024-37330 affects the SQL Server Native Client OLE DB Provider and is described as a Remote Code Execution vulnerability with CVSSv3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8. Connected sources confirm the issue is part of SQL Server OLE DB client/provider components and that th...
CVE-2024-37331
CVE-2024-37331 — SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The connected documents identify this CVE as affecting the SQL Server Native Client OLE DB Provider and note it is addressed by the July 2024 Microsoft SQL Server security update (KB5040944), which list...
CVE-2024-21308
CVE-2024-21308 affects the SQL Server Native Client OLE DB Provider. The vulnerability enables remote code execution when a vulnerable client communicates with a server presenting malicious data (attack vector: NETWORK; user interaction required). Microsoft released fixes in the July 9, 2024 secu...
CVE-2024-37333
CVE-2024-37333 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. It is rated CVSSv3.1 8.8 (High) with network attack vector, low attack complexity, no privileges required, but user interaction is required. The connected sources indicate this entry is part o...
CVE-2024-37322
CVE-2024-37322 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. Affected component: SQL Server Native Client OLE DB Provider used by clients to connect to SQL Server. Underlying issue: remote code execution with network access (CVSSv3.1: AV:N/AC:L/PR:N/UI:...
CVE-2024-37965
CVE-2024-37965 is a Microsoft SQL Server Elevation of Privilege vulnerability. Exploitation requires authentication and could grant elevated privileges within SQL Server. Public details are supported by Nessus/NVD/NCSC entries and the Microsoft update KB5042215 (SQL Server CU31, Sept 10 2024) whi...
CVE-2024-21335
CVE-2024-21335 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The connected sources confirm the flaw affects the OLE DB Provider used by SQL Server clients, enabling arbitrary code execution on a vulnerable system. Public details cite a high impact (CVSSv3 8.8)...
CVE-2024-37320
CVE-2024-37320 affects the SQL Server Native Client OLE DB Provider and enables remote code execution via the OLE DB client library. The vulnerability is network-facing with low attack complexity and requires user interaction, with high impact on confidentiality, integrity, and availability (CVSS...
CVE-2024-37326
CVE-2024-37326 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The impact is high (CVSS v3.1: 8.8, Confidentiality/Integrity/Availability: High) with network attack vector, no privileges required, but user interaction is required. Affected component is the SQL S...
CVE-2024-35256
CVE-2024-35256 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The issue affects the client driver component used to connect to SQL Server and enables arbitrary code execution if a vulnerable driver is used. The advisory data shows this CVE is included in...
CVE-2024-37327
CVE-2024-37327 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, but user interaction is required. Technical details in connected d...
CVE-2024-21317
CVE-2024-21317 affects the SQL Server Native Client OLE DB Provider and is an active SQL Server Client vulnerability that enables remote code execution via the OLE DB driver. The CVE is listed among multiple SQL Server RC vulnerabilities, with a CVSSv3 base score of 8.8 (Network attack, no privil...
CVE-2024-37324
CVE-2024-37324 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The reliable sources in the provided documents confirm the affected component as the SQL Server Native Client OLE DB Provider and indicate an RCE impact. Microsoft has released up...
CVE-2025-49719
CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...
CVE-2024-37329
CVE-2024-37329 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The initial documents identify the affected component as the OLE DB Provider used by SQL Server clients, with the root cause described as a remote code execution path when interacting with the...
CVE-2024-37980
CVE-2024-37980 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected sources confirm affected product family as Microsoft SQL Server (various editions/versions in scope). The root cause involves an Elevation of Privilege issue likely exploitable by an authenticated remote atta...
CVE-2024-21414
CVE-2024-21414 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 score is 8.8 (NETWORK). Likely exploit involves crafted data returned by the OLE DB Provider, potentially affecting SQL Server clients connecting to vulnerable servers. Microsoft ...
CVE-2024-21331
CVE-2024-21331 corresponds to a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVE is publicly listed with a CVSSv3.1 base score of 8.8 (HIGH) and a network attack vector, with user interaction required, as per the CVSS data in the initial document. The v...
CVE-2024-37328
CVE-2024-37328 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. CVSSv3.1 base score 8.8 (HIGH) with Network attack vector and user interaction required, implying exploitation via a crafted data response when the client driver is used to connect to a SQL Se...
CVE-2024-28928
CVE-2024-28928 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client/server interaction). Root cause: flaw in the OLE DB Provider enabling arbitrary code execution. Impact: remote code execution with...
CVE-2024-35271
CVE-2024-35271 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSS v3.1 score in the initial records is 8.8 (HIGH), with network attack vector, no privileges required, but user interaction needed, and impact on confidentiality, integrity, and availab...
CVE-2024-21428
CVE-2024-21428 is a remote code execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The available documents consistently describe it as an RCE issue tied to the Native Client OLE DB Provider in SQL Server. The Nessus entries enumerate this CVE as part of a broader set ...
CVE-2024-21333
CVE-2024-21333 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data indicates an RCE in the Native Client OLE DB Provider used by SQL Server clients, with a CVSSv3.1 base score of 8.8 (Network, Low attack complexity, No privileges required, user int...
CVE-2024-21415
CVE-2024-21415 covers a remote code execution flaw in the SQL Server Native Client OLE DB Provider. According to the July 2024 Patch Tuesday coverage, exploitation would allow an attacker to achieve arbitrary code execution via the client-side OLE DB driver when connecting to a SQL Server, with a...
CVE-2024-37321
CVE-2024-37321 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The connected data confirms affected component is the SQL Server Native Client OLE DB Provider and root cause is remote code execution via that provider. The CVSSv3.1 base score is 8.8 (HIGH), with a...
CVE-2024-37340
CVE-2024-37340 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. Connected sources confirm affected component scope relates to SQL Server with Machine Learning/Native Scoring functionality and indicate a fix was released in the September 2024 updates. Microsoft’s KB504...
CVE-2024-21373
CVE-2024-21373 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The affected component is the SQL Server Native Client OLE DB Provider, and the vulnerability enables code execution on the client when connecting to a vulnerable SQL Server instance, with a C...
CVE-2024-49043
CVE-2024-49043 is a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll. Connected advisories tie this CVE to SQL Server ecosystems, listing it among a pattern of SQL Server Native Client/XEvent vulnerabilities fixed by November 2024 security updates (KB5046858 for...
CVE-2024-21398
CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...
CVE-2024-21425
CVE-2024-21425 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The issue enables arbitrary code execution via the client driver when connecting to SQL Server and is rated CVSSv3.1 8.8 (High) with network att...
CVE-2026-26115
CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...
CVE-2026-32167
CVE-2026-32167 is a SQL Server Elevation of Privilege vulnerability caused by improper neutralization of input in SQL commands. An authorized local attacker could elevate privileges. Microsoft security updates address this CVE (e.g., KB5084815/KB5084816 for SQL Server 2022/2019 CU releases; relat...
CVE-2024-37335
CVE-2024-37335 corresponds to a remote code execution vulnerability in the Microsoft SQL Server Native Scoring component. Public documentation confirms this CVE is part of a family of SQL Server Native Scoring vulnerabilities that allow an attacker who can reach the SQL Server over the network to...
CVE-2024-37339
CVE-2024-37339 corresponds to a remote code execution vulnerability in Microsoft SQL Server Native Scoring (Machine Learning Services). The flaw allows an attacker to execute arbitrary code on the vulnerable system. The base metrics show: AV:N, AC:L, PR:L, UI:N, S:U, C/H/I/A: H, with a base score...
CVE-2026-33120
CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...
CVE-2024-37338
CVE-2024-37338 is a remote code execution vulnerability in Microsoft SQL Server (Machine Learning/Native Scoring components) that can be exploited over the network without user interaction. The CVSS v3.1 base score is 8.8 (HIGH) with RCE, requiring LOW privileges and network access; impact is hig...
CVE-2024-37966
CVE-2024-37966 is a Microsoft SQL Server Native Scoring information disclosure vulnerability. Public docs identify it as an information disclosure issue in the SQL Server Native Scoring component, with the vulnerability enabling an attacker to access sensitive data. The connected update reference...
CVE-2025-49758
CVE-2025-49758 affects Microsoft SQL Server (e.g., SQL Server 2017 line) and is described as an elevation-of-privilege vulnerability caused by improper neutralization of certain elements in SQL commands (SQL injection) that can be exploited by an authenticated, network-present attacker to gain el...
CVE-2024-37337
CVE-2024-37337 corresponds to a Microsoft SQL Server Native Scoring Information Disclosure vulnerability. Public references in connected documents confirm information disclosure as the impact vector, with exploitation likely via SQL Server components, and remediation via Sept 2024 security update...
CVE-2024-37342
CVE-2024-37342 is a Microsoft SQL Server information-disclosure vulnerability in the SQL Server Native Scoring/Machine Learning components. Public details across connected documents confirm: affected software includes SQL Server 2017 (GDR) and SQL Server 2022 CU14 builds; the issue is tracked as ...
CVE-2026-32176
CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...
CVE-2024-26191
CVE-2024-26191 is a remote code execution vulnerability in Microsoft SQL Server Native Scoring. Exploitation could allow an attacker to execute arbitrary code by sending crafted input over the network, with no user interaction and required/low privileges. Public documents confirm this CVE is addr...
CVE-2025-47997
CVE-2025-47997 is an information-disclosure vulnerability in Microsoft SQL Server caused by a race-condition during concurrent access to a shared resource. The issue could allow an authorized user to disclose data over a network. Public details in connected sources indicate Microsoft has issued s...
CVE-2025-24999
CVE-2025-24999 is implicated in Microsoft SQL Server Elevation of Privilege via improper access control, enabling an authorized user to escalate privileges over a network. Public details confirm impact surface across SQL Server versions affected by the 2025 security updates; remediation is provid...