All the vulnerabilites related to Microsoft - Microsoft ODBC Driver 17 for SQL Server on Linux
cve-2023-29356
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:45.671Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.2", "vendor": "Microsoft", "versions": [ { "lessThan": "17.2.23", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.15", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.11", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.4", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.33", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] } ], "datePublic": "2023-06-15T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T20:21:53.074Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29356" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-29356", "datePublished": "2023-06-16T00:44:27.384Z", "dateReserved": "2023-04-04T22:34:18.384Z", "dateUpdated": "2024-08-02T14:07:45.671Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32027
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:03:28.681Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.33", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.2", "vendor": "Microsoft", "versions": [ { "lessThan": "17.2.23", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.15", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.11", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.4", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2023-06-15T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T20:21:54.773Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32027" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-32027", "datePublished": "2023-06-16T00:44:29.549Z", "dateReserved": "2023-05-01T15:34:52.132Z", "dateUpdated": "2024-08-02T15:03:28.681Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28936
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28936", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-01T19:04:55.282290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:40.417Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:04.585Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28936", "datePublished": "2024-04-09T17:00:28.756Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:04.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28933
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.35 cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28933", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T15:37:19.711302Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:12.885Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:48.973Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28933", "datePublished": "2024-04-09T17:01:13.955Z", "dateReserved": "2024-03-13T01:26:53.034Z", "dateUpdated": "2024-10-09T01:41:48.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-38169
Vulnerability from cvelistv5
Published
2023-08-08 17:08
Modified
2024-08-02 17:30
Severity ?
EPSS score ?
Summary
Microsoft SQL OLE DB Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Version: 19.0.0 < 19.3.0001.0 cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:30:14.111Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft OLE DB Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 19 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "19.3.0001.0", "status": "affected", "version": "19.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 18 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "18.6.0006.0", "status": "affected", "version": "18.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (CU 5)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4053.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 21)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4316.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] } ], "datePublic": "2023-08-08T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft SQL OLE DB Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:T/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-05-29T01:32:54.527Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft OLE DB Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38169" } ], "title": "Microsoft SQL OLE DB Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-38169", "datePublished": "2023-08-08T17:08:44.529Z", "dateReserved": "2023-07-12T23:41:45.863Z", "dateUpdated": "2024-08-02T17:30:14.111Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28937
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28937", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T20:00:06.674591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:48.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:50.635Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28937", "datePublished": "2024-04-09T17:01:15.620Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:50.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28931
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28931", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T00:11:41.299849Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:59.642Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:03.578Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28931", "datePublished": "2024-04-09T17:00:27.649Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:03.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28943
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28943", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-06-13T13:40:54.272348Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-13T13:41:06.217Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.310Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:52.624Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28943", "datePublished": "2024-04-09T17:01:17.807Z", "dateReserved": "2024-03-13T01:26:53.039Z", "dateUpdated": "2024-10-09T01:41:52.624Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-29349
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Version: 18.0.0 < 18.6.0006.0 cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:07:45.660Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 18 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "18.6.0006.0", "status": "affected", "version": "18.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 19 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "19.3.0001.0", "status": "affected", "version": "19.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.33", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.2", "vendor": "Microsoft", "versions": [ { "lessThan": "17.2.23", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.15", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.11", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.4", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] } ], "datePublic": "2023-06-15T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T20:21:55.324Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29349" } ], "title": "Microsoft ODBC and OLE DB Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-29349", "datePublished": "2023-06-16T00:44:38.243Z", "dateReserved": "2023-04-04T22:34:18.382Z", "dateUpdated": "2024-08-02T14:07:45.660Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32026
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Version: 17.0.0.0 < 17.10.4.1 cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:03:28.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.33", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.2", "vendor": "Microsoft", "versions": [ { "lessThan": "17.2.23", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.15", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.11", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.4", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2023-06-15T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T20:21:54.201Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32026" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-32026", "datePublished": "2023-06-16T00:44:29.037Z", "dateReserved": "2023-05-01T15:34:52.131Z", "dateUpdated": "2024-08-02T15:03:28.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36785
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2024-12-10 18:20
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:01:09.589Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2104.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1105.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 22)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4326.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (CU 8)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4080.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2104.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1105.1", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4326.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4080.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2023-10-10T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-10T18:20:28.808Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36785" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-36785", "datePublished": "2023-10-10T17:08:10.995Z", "dateReserved": "2023-06-27T15:11:59.871Z", "dateUpdated": "2024-12-10T18:20:28.808Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-29043
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-29043", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T19:02:10.385885Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-05T17:29:44.612Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.751Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:06.758Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-29043", "datePublished": "2024-04-09T17:00:30.944Z", "dateReserved": "2024-03-14T23:05:27.952Z", "dateUpdated": "2024-10-09T01:41:06.758Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36730
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2024-12-10 18:19
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.089Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2104.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1105.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (CU 8)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4080.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 22)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4326.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2104.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1105.1", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4080.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4326.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2023-10-10T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-10T18:19:49.069Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36730" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-36730", "datePublished": "2023-10-10T17:07:31.809Z", "dateReserved": "2023-06-26T13:29:45.604Z", "dateUpdated": "2024-12-10T18:19:49.069Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28938
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28938", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T17:30:59.430193Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:20.638Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:51.130Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28938", "datePublished": "2024-04-09T17:01:16.170Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:51.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36728
Vulnerability from cvelistv5
Published
2023-10-10 17:07
Modified
2024-12-10 18:19
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728 | vendor-advisory |
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:52:54.388Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft SQL Server Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 22)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4326.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (CU 8)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4080.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2052.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems", "32-bit Systems" ], "product": "Microsoft SQL Server 2014 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "12.0.6179.1", "status": "affected", "version": "12.0.0", "versionType": "custom" } ] }, { "platforms": [ "32-bit Systems", "x64-based Systems" ], "product": "Microsoft SQL Server 2014 Service Pack 3 (CU 4)", "vendor": "Microsoft", "versions": [ { "lessThan": "12.0.6449.1", "status": "affected", "version": "12.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2104.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6435.1", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7029.3", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3465.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1105.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 19 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "19.3.0002.0", "status": "affected", "version": "19.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft OLE DB Driver 18 for SQL Server", "vendor": "Microsoft", "versions": [ { "lessThan": "18.6.0007.0", "status": "affected", "version": "18.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4326.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4080.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2052.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x64:*", "versionEndExcluding": "12.0.6179.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:2014:sp3:*:*:*:*:x86:*", "versionEndExcluding": "12.0.6449.1", "versionStartIncluding": "12.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2104.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6435.1", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7029.3", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3465.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1105.1", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "19.3.0002.0", "versionStartIncluding": "19.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.6.0007.0", "versionStartIncluding": "18.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2023-10-10T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft SQL Server Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-10T18:19:50.077Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft SQL Server Denial of Service Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36728" } ], "title": "Microsoft SQL Server Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-36728", "datePublished": "2023-10-10T17:07:32.864Z", "dateReserved": "2023-06-26T13:29:45.604Z", "dateUpdated": "2024-12-10T18:19:50.077Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28929
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28929", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T16:11:54.498743Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-29T20:29:04.530Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:03.086Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28929", "datePublished": "2024-04-09T17:00:27.042Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:03.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28930
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28930", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-18T15:43:31.008624Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T15:35:37.350Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:48.369Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28930", "datePublished": "2024-04-09T17:01:13.416Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:48.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28935
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28935", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T12:55:55.302963Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:37.151Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:50.105Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28935", "datePublished": "2024-04-09T17:01:15.096Z", "dateReserved": "2024-03-13T01:26:53.036Z", "dateUpdated": "2024-10-09T01:41:50.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28934
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*" ], "defaultStatus": "unknown", "product": "odbc_driver_for_sql_server", "vendor": "microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sql_server", "vendor": "microsoft", "versions": [ { "status": "affected", "version": "15.0.2000.5" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28934", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T15:04:37.242018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:16.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:49.555Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28934", "datePublished": "2024-04-09T17:01:14.516Z", "dateReserved": "2024-03-13T01:26:53.036Z", "dateUpdated": "2024-10-09T01:41:49.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28941
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.250Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-28941", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T19:52:13.543985Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-08-12T17:32:55.845Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:52.175Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28941", "datePublished": "2024-04-09T17:01:17.273Z", "dateReserved": "2024-03-13T01:26:53.038Z", "dateUpdated": "2024-10-09T01:41:52.175Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-32025
Vulnerability from cvelistv5
Published
2023-06-16 00:44
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Version: 17.0.0.0 < 17.10.4.1 cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:03:28.785Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.2.1.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.4.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.33", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.2", "vendor": "Microsoft", "versions": [ { "lessThan": "17.2.23", "status": "affected", "version": "17.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.15", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.11", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.4", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2023-06-15T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-07-19T20:21:53.646Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32025" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-32025", "datePublished": "2023-06-16T00:44:28.480Z", "dateReserved": "2023-05-01T15:34:52.131Z", "dateUpdated": "2024-08-02T15:03:28.785Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-36420
Vulnerability from cvelistv5
Published
2023-10-10 17:08
Modified
2024-12-10 18:20
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2104.1 |
||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:45:56.785Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2104.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1105.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.5.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.2.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (CU 8)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4080.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 22)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4326.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2104.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1105.1", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "17.10.5.1", "versionStartIncluding": "17.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.3.2.1", "versionStartIncluding": "18.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4080.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4326.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2023-10-10T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-415", "description": "CWE-415: Double Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-10T18:20:24.424Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36420" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2023-36420", "datePublished": "2023-10-10T17:08:06.283Z", "dateReserved": "2023-06-21T15:14:27.785Z", "dateUpdated": "2024-12-10T18:20:24.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28932
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28932", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T18:08:26.723573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T18:08:37.536Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:04.136Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28932", "datePublished": "2024-04-09T17:00:28.215Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:04.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }