19 matches found
CVE-2023-23384
CVE-2023-23384 is described in the connected documents as a Microsoft SQL Server remote code execution vulnerability reachable over the network. Nessus plugin entries for April 2023 (SMB_NT_MS23_APR_MSSQL_REMOTE.NASL and SMB_NT_MS23_APR_MSSQL.NASL) confirm a remote code execution issue, with self...
CVE-2023-38169
CVE-2023-38169 is a Microsoft SQL OLE DB Remote Code Execution vulnerability. Public sources confirm the issue affects Microsoft SQL OLE DB/ODBC components (e.g., OLE DB Driver for SQL Server and SQL Server client libraries) and can be exploited remotely via a network to run code with high impact...
CVE-2023-21713
CVE-2023-21713 is a Microsoft SQL Server remote code execution vulnerability. The CVE is addressed in the February 2023 security updates for SQL Server 2019/GDR (KB5021125) and related KBs, which list CVE-2023-21713 among addressed issues. The vulnerability affects SQL Server components and is mi...
CVE-2023-36785
Technical details about CVE-2023-36785 are not publicly provided in the supplied documents; monitor for updates from official advisories and vendor feeds.
CVE-2023-21705
CVE-2023-21705 is a Microsoft SQL Server remote code execution vulnerability. Public documents indicate the issue is addressed in security updates for SQL Server 2019 GDR (KB5021125) which fixes multiple CVEs including CVE-2023-21705; the update targets SQL Server 2019 and brings the product to b...
CVE-2023-21528
CVE-2023-21528 is a Microsoft SQL Server Remote Code Execution vulnerability. In SQL Server 2008 R2 SP3 GDR, updates described in KB5021112 fix CVE-2023-21528 (builds including SQLServer2008R2-KB5021112-x64.exe, version 10.50.6785.2). In SQL Server 2019, fixes are included in KB5021125 (build: SQ...
CVE-2023-36728
CVE-2023-36728 is a Denial-of-Service vulnerability impacting Microsoft SQL Server components. Public references in the supplied documents describe DoS impact from a malformed TDS packet/login handling that can lead to unavailability or undefined behavior, as cited in the October 2023 security up...
CVE-2024-0056
CVE-2024-0056 affects Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider security feature bypass. CVSS v3.1 base score 8.7 (NETWORK, HIGH impact on confidentiality and integrity, no availability impact) per Microsoft, with CVSS v4 score 8.8 indicating high impact. Descriptions i...
CVE-2023-21718
Technical details for CVE-2023-21718 are not provided in the supplied documents; no specific affected products, versions, impact, or fixes are listed here. Monitor for updates.
CVE-2023-36417
CVE-2023-36417 is a Remote Code Execution vulnerability affecting the Microsoft SQL Server OLE DB Driver. The Nessus entries and Microsoft advisories indicate an RCE in the SQL OLE DB component that can enable authentication bypass and arbitrary command execution. The issue has been addressed in ...
CVE-2023-21704
CVE-2023-21704 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Microsoft’s security update KB5021126 addresses CVE-2023-21704 as part of a CU/patch bundle, updating the ODBC driver component used by SQL Server connectivity. The documented impact ...
CVE-2023-36730
CVE-2023-36730 affects the Microsoft SQL Server ODBC Driver. The vulnerability is described as a Remote Code Execution issue in the ODBC Driver component; root cause details are not explicitly provided in the documents beyond the vulnerability family. Microsoft’s October 2023 security updates (KB...
CVE-2023-29349
CVE-2023-29349 concerns Microsoft ODBC and OLE DB components (SQL Server ODBC Driver and OLE DB Driver) enabling remote code execution. The vulnerability arises from improper handling in the ODBC/OLE DB stack, with an attack vector described as LOCAL and requiring user interaction, resulting in h...
CVE-2023-32027
CVE-2023-32027 is a vulnerability in the Microsoft ODBC Driver for SQL Server that enables remote code execution. Public sources describe exploitation that requires the attacker to lure the victim via a rogue SQL server, with the driver client on the affected workstation executing code. The vulne...
CVE-2023-36420
CVE-2023-36420 is an in-scope vulnerability affecting the Microsoft SQL Server ODBC Driver, described in connected sources as a Remote Code Execution vulnerability. Public details confirm the affected component is the ODBC Driver for SQL Server and that the issue is addressed by Microsoft securit...
CVE-2023-32028
CVE-2023-32028 – Microsoft SQL OLE DB Remote Code Execution Vulnerability affects the Microsoft OLE DB Driver for SQL Server (OLE DB Driver 19 for SQL Server, 18 for SQL Server) and related SQL Server OLE DB components. The root cause enables remote code execution, with exploitation described as ...
CVE-2023-32025
CVE-2023-32025 concerns the Microsoft ODBC Driver for SQL Server. Connected sources indicate a remote code execution vulnerability in the ODBC driver, with exploitation described as requiring the attacker to lure the victim to connect to a rogue SQL server. The NCSC advisory confirms the issue wa...
CVE-2023-32026
The CVE-2023-32026 entry concerns the Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability. Public sources describe the vulnerable component as the ODBC Driver for SQL Server, with exploitation enabling remote code execution. The NCSC advisory clarifies that exploitation requi...
CVE-2023-29356
CVE-2023-29356 concerns a Remote Code Execution vulnerability in the Microsoft ODBC Driver for SQL Server. Affected component: Microsoft ODBC Driver for SQL Server. Underlying issue is exploited when a user connects to a rogue SQL server via ODBC; exploitation requires the attacker to lure the us...