Lucene search
K
MicrosoftSql Server 2022

109 matches found

CVE
CVE
added 2024/07/09 5:2 p.m.147 views

CVE-2024-37332

CVE-2024-37332 is a Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) yields a base score of 8.8 (HIGH). Connected documents confirm the CVE is part of a broader set of SQL Server NCDP vulnerabilit...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.144 views

CVE-2024-21332

CVE-2024-21332 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider. Underlying issue: remote code execution (CVSS v3.1: 8.8; AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). Exploitation would require network access ...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.142 views

CVE-2024-37319

CVE-2024-37319 is a Microsoft SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data confirms the flaw affects the SQL Server Native Client OLE DB Provider, with a CVSS v3.1 base score of 8.8 (High). Attack vector is NETWORK; exploitation requires user int...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.141 views

CVE-2024-21449

CVE-2024-21449 is a vulnerability in the Microsoft SQL Server Native Client OLE DB Provider that enables remote code execution. Affected component: SQL Server Native Client OLE DB Provider (client/driver) used by SQL Server and clients. Root cause: improper handling of data returned by the provid...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.141 views

CVE-2024-35272

CVE-2024-35272 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The NCSC advisory and Microsoft KB update confirm the issue affects Windows SQL Server components and was fixed by July 9, 2024 security updates (KB5040944). The vulnerability allows code execution i...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.141 views

CVE-2024-37318

CVE-2024-37318 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 base score is 8.8 (HIGH). Attack vector: NETWORK; Attack complexity: LOW; Privileges required: NONE; User interaction: REQUIRED; Impact on confidentiality, integrity, and availabi...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.140 views

CVE-2024-37330

CVE-2024-37330 affects the SQL Server Native Client OLE DB Provider and is described as a Remote Code Execution vulnerability with CVSSv3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, base 8.8. Connected sources confirm the issue is part of SQL Server OLE DB client/provider components and that th...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.139 views

CVE-2024-37331

CVE-2024-37331 — SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability. The connected documents identify this CVE as affecting the SQL Server Native Client OLE DB Provider and note it is addressed by the July 2024 Microsoft SQL Server security update (KB5040944), which list...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.134 views

CVE-2024-21308

CVE-2024-21308 affects the SQL Server Native Client OLE DB Provider. The vulnerability enables remote code execution when a vulnerable client communicates with a server presenting malicious data (attack vector: NETWORK; user interaction required). Microsoft released fixes in the July 9, 2024 secu...

8.8CVSS9AI score0.01624EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.133 views

CVE-2024-37333

CVE-2024-37333 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. It is rated CVSSv3.1 8.8 (High) with network attack vector, low attack complexity, no privileges required, but user interaction is required. The connected sources indicate this entry is part o...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.132 views

CVE-2024-37322

CVE-2024-37322 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. Affected component: SQL Server Native Client OLE DB Provider used by clients to connect to SQL Server. Underlying issue: remote code execution with network access (CVSSv3.1: AV:N/AC:L/PR:N/UI:...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.132 views

CVE-2024-37965

CVE-2024-37965 is a Microsoft SQL Server Elevation of Privilege vulnerability. Exploitation requires authentication and could grant elevated privileges within SQL Server. Public details are supported by Nessus/NVD/NCSC entries and the Microsoft update KB5042215 (SQL Server CU31, Sept 10 2024) whi...

8.8CVSS9.1AI score0.01702EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.130 views

CVE-2024-21335

CVE-2024-21335 is a SQL Server Native Client OLE DB Provider remote code execution vulnerability. The connected sources confirm the flaw affects the OLE DB Provider used by SQL Server clients, enabling arbitrary code execution on a vulnerable system. Public details cite a high impact (CVSSv3 8.8)...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.129 views

CVE-2024-37320

CVE-2024-37320 affects the SQL Server Native Client OLE DB Provider and enables remote code execution via the OLE DB client library. The vulnerability is network-facing with low attack complexity and requires user interaction, with high impact on confidentiality, integrity, and availability (CVSS...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.129 views

CVE-2024-37326

CVE-2024-37326 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The impact is high (CVSS v3.1: 8.8, Confidentiality/Integrity/Availability: High) with network attack vector, no privileges required, but user interaction is required. Affected component is the SQL S...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.128 views

CVE-2024-35256

CVE-2024-35256 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The issue affects the client driver component used to connect to SQL Server and enables arbitrary code execution if a vulnerable driver is used. The advisory data shows this CVE is included in...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.128 views

CVE-2024-37327

CVE-2024-37327 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low attack complexity, no privileges required, but user interaction is required. Technical details in connected d...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.127 views

CVE-2024-21317

CVE-2024-21317 affects the SQL Server Native Client OLE DB Provider and is an active SQL Server Client vulnerability that enables remote code execution via the OLE DB driver. The CVE is listed among multiple SQL Server RC vulnerabilities, with a CVSSv3 base score of 8.8 (Network attack, no privil...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.127 views

CVE-2024-37324

CVE-2024-37324 is a vulnerability in the SQL Server Native Client OLE DB Provider that enables remote code execution. The reliable sources in the provided documents confirm the affected component as the SQL Server Native Client OLE DB Provider and indicate an RCE impact. Microsoft has released up...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2025/07/08 4:57 p.m.127 views

CVE-2025-49719

CVE-2025-49719 is an information-disclosure vulnerability in Microsoft SQL Server reported as an information disclosure due to improper input validation. Public sources indicate it affects SQL Server versions dating back to 2016 and is being addressed by Microsoft with security updates; specific ...

7.5CVSS6.7AI score0.1017EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.124 views

CVE-2024-37329

CVE-2024-37329 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The initial documents identify the affected component as the OLE DB Provider used by SQL Server clients, with the root cause described as a remote code execution path when interacting with the...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/09/10 4:54 p.m.124 views

CVE-2024-37980

CVE-2024-37980 is a Microsoft SQL Server Elevation of Privilege vulnerability. Connected sources confirm affected product family as Microsoft SQL Server (various editions/versions in scope). The root cause involves an Elevation of Privilege issue likely exploitable by an authenticated remote atta...

9.8CVSS9.1AI score0.01363EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.122 views

CVE-2024-21414

CVE-2024-21414 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSSv3.1 score is 8.8 (NETWORK). Likely exploit involves crafted data returned by the OLE DB Provider, potentially affecting SQL Server clients connecting to vulnerable servers. Microsoft ...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.121 views

CVE-2024-21331

CVE-2024-21331 corresponds to a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVE is publicly listed with a CVSSv3.1 base score of 8.8 (HIGH) and a network attack vector, with user interaction required, as per the CVSS data in the initial document. The v...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.121 views

CVE-2024-37328

CVE-2024-37328 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. CVSSv3.1 base score 8.8 (HIGH) with Network attack vector and user interaction required, implying exploitation via a crafted data response when the client driver is used to connect to a SQL Se...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.118 views

CVE-2024-28928

CVE-2024-28928 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. Affected component: SQL Server Native Client OLE DB Provider (client/server interaction). Root cause: flaw in the OLE DB Provider enabling arbitrary code execution. Impact: remote code execution with...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.118 views

CVE-2024-35271

CVE-2024-35271 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The CVSS v3.1 score in the initial records is 8.8 (HIGH), with network attack vector, no privileges required, but user interaction needed, and impact on confidentiality, integrity, and availab...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.117 views

CVE-2024-21428

CVE-2024-21428 is a remote code execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The available documents consistently describe it as an RCE issue tied to the Native Client OLE DB Provider in SQL Server. The Nessus entries enumerate this CVE as part of a broader set ...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.115 views

CVE-2024-21333

CVE-2024-21333 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The advisory data indicates an RCE in the Native Client OLE DB Provider used by SQL Server clients, with a CVSSv3.1 base score of 8.8 (Network, Low attack complexity, No privileges required, user int...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.115 views

CVE-2024-21415

CVE-2024-21415 covers a remote code execution flaw in the SQL Server Native Client OLE DB Provider. According to the July 2024 Patch Tuesday coverage, exploitation would allow an attacker to achieve arbitrary code execution via the client-side OLE DB driver when connecting to a SQL Server, with a...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.115 views

CVE-2024-37321

CVE-2024-37321 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability. The connected data confirms affected component is the SQL Server Native Client OLE DB Provider and root cause is remote code execution via that provider. The CVSSv3.1 base score is 8.8 (HIGH), with a...

8.8CVSS9AI score0.01554EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.115 views

CVE-2024-37340

CVE-2024-37340 is a Microsoft SQL Server Native Scoring remote code execution vulnerability. Connected sources confirm affected component scope relates to SQL Server with Machine Learning/Native Scoring functionality and indicate a fix was released in the September 2024 updates. Microsoft’s KB504...

8.8CVSS8.9AI score0.01623EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.110 views

CVE-2024-21373

CVE-2024-21373 is a remote code execution vulnerability in the SQL Server Native Client OLE DB Provider. The affected component is the SQL Server Native Client OLE DB Provider, and the vulnerability enables code execution on the client when connecting to a vulnerable SQL Server instance, with a C...

8.8CVSS9AI score0.01789EPSS
CVE
CVE
added 2024/11/12 5:53 p.m.110 views

CVE-2024-49043

CVE-2024-49043 is a remote code execution vulnerability in Microsoft.SqlServer.XEvent.Configuration.dll. Connected advisories tie this CVE to SQL Server ecosystems, listing it among a pattern of SQL Server Native Client/XEvent vulnerabilities fixed by November 2024 security updates (KB5046858 for...

7.8CVSS7.8AI score0.00589EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.109 views

CVE-2024-21398

CVE-2024-21398 is a Remote Code Execution vulnerability in the SQL Server Native Client OLE DB Provider (and related SQL Server OLE DB Driver for SQL Server). The CVSSv3.1 base score is 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The issue can be exploited remotely if a vulnerable client connects ...

8.8CVSS9AI score0.01854EPSS
CVE
CVE
added 2024/07/09 5:2 p.m.107 views

CVE-2024-21425

CVE-2024-21425 is a SQL Server Native Client OLE DB Provider Remote Code Execution vulnerability affecting the SQL Server Native Client OLE DB Provider. The issue enables arbitrary code execution via the client driver when connecting to SQL Server and is rated CVSSv3.1 8.8 (High) with network att...

8.8CVSS9AI score0.01611EPSS
CVE
CVE
added 2026/03/10 5:5 p.m.107 views

CVE-2026-26115

CVE-2026-26115: Microsoft SQL Server Elevation of Privilege due to improper validation of input. Affects Microsoft SQL Server; vulnerability is exploitable over a network by an authorized attacker with LOW privileges; CVSS v3.1 base score 8.8 (High). Connected sources also reference related bugs ...

8.8CVSS5.8AI score0.01095EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.107 views

CVE-2026-32167

CVE-2026-32167 is a SQL Server Elevation of Privilege vulnerability caused by improper neutralization of input in SQL commands. An authorized local attacker could elevate privileges. Microsoft security updates address this CVE (e.g., KB5084815/KB5084816 for SQL Server 2022/2019 CU releases; relat...

7.8CVSS5.8AI score0.00299EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.101 views

CVE-2024-37335

CVE-2024-37335 corresponds to a remote code execution vulnerability in the Microsoft SQL Server Native Scoring component. Public documentation confirms this CVE is part of a family of SQL Server Native Scoring vulnerabilities that allow an attacker who can reach the SQL Server over the network to...

8.8CVSS8.9AI score0.01623EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.99 views

CVE-2024-37339

CVE-2024-37339 corresponds to a remote code execution vulnerability in Microsoft SQL Server Native Scoring (Machine Learning Services). The flaw allows an attacker to execute arbitrary code on the vulnerable system. The base metrics show: AV:N, AC:L, PR:L, UI:N, S:U, C/H/I/A: H, with a base score...

8.8CVSS8.9AI score0.01623EPSS
CVE
CVE
added 2026/04/14 4:57 p.m.96 views

CVE-2026-33120

CVE-2026-33120 affects Microsoft SQL Server and is a remote code execution vulnerability. The entry documents a network-based exploit with low attack complexity and low privileges required, resulting in high impact to confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.8 (...

8.8CVSS6AI score0.00706EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.94 views

CVE-2024-37338

CVE-2024-37338 is a remote code execution vulnerability in Microsoft SQL Server (Machine Learning/Native Scoring components) that can be exploited over the network without user interaction. The CVSS v3.1 base score is 8.8 (HIGH) with RCE, requiring LOW privileges and network access; impact is hig...

8.8CVSS8.9AI score0.01623EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.94 views

CVE-2024-37966

CVE-2024-37966 is a Microsoft SQL Server Native Scoring information disclosure vulnerability. Public docs identify it as an information disclosure issue in the SQL Server Native Scoring component, with the vulnerability enabling an attacker to access sensitive data. The connected update reference...

7.1CVSS7.2AI score0.02193EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.94 views

CVE-2025-49758

CVE-2025-49758 affects Microsoft SQL Server (e.g., SQL Server 2017 line) and is described as an elevation-of-privilege vulnerability caused by improper neutralization of certain elements in SQL commands (SQL injection) that can be exploited by an authenticated, network-present attacker to gain el...

8.8CVSS7.8AI score0.00865EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.93 views

CVE-2024-37337

CVE-2024-37337 corresponds to a Microsoft SQL Server Native Scoring Information Disclosure vulnerability. Public references in connected documents confirm information disclosure as the impact vector, with exploitation likely via SQL Server components, and remediation via Sept 2024 security update...

7.1CVSS5.8AI score0.0166EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.90 views

CVE-2024-37342

CVE-2024-37342 is a Microsoft SQL Server information-disclosure vulnerability in the SQL Server Native Scoring/Machine Learning components. Public details across connected documents confirm: affected software includes SQL Server 2017 (GDR) and SQL Server 2022 CU14 builds; the issue is tracked as ...

7.1CVSS5.8AI score0.0166EPSS
CVE
CVE
added 2026/04/14 4:58 p.m.88 views

CVE-2026-32176

CVE-2026-32176 arises from improper neutralization of input in SQL Server, enabling an authorized local user to elevate privileges. Connected sources confirm this is one of multiple SQL Server elevation-of-privilege issues addressed in the Microsoft April 2026 security updates (e.g., KB5084815 fo...

7.8CVSS5.8AI score0.0025EPSS
CVE
CVE
added 2024/09/10 4:53 p.m.87 views

CVE-2024-26191

CVE-2024-26191 is a remote code execution vulnerability in Microsoft SQL Server Native Scoring. Exploitation could allow an attacker to execute arbitrary code by sending crafted input over the network, with no user interaction and required/low privileges. Public documents confirm this CVE is addr...

8.8CVSS8.9AI score0.01623EPSS
CVE
CVE
added 2025/09/09 5:1 p.m.87 views

CVE-2025-47997

CVE-2025-47997 is an information-disclosure vulnerability in Microsoft SQL Server caused by a race-condition during concurrent access to a shared resource. The issue could allow an authorized user to disclose data over a network. Public details in connected sources indicate Microsoft has issued s...

6.5CVSS6.8AI score0.00765EPSS
CVE
CVE
added 2025/08/12 5:9 p.m.76 views

CVE-2025-24999

CVE-2025-24999 is implicated in Microsoft SQL Server Elevation of Privilege via improper access control, enabling an authorized user to escalate privileges over a network. Public details confirm impact surface across SQL Server versions affected by the 2025 security updates; remediation is provid...

8.8CVSS7.7AI score0.01516EPSS
Total number of security vulnerabilities109