All the vulnerabilites related to Microsoft - Microsoft SQL Server 2019 (CU 29)
cve-2024-48993
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48993", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:25:38.907728Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.104Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:02.052Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48993", "datePublished": "2024-11-12T17:54:07.146Z", "dateReserved": "2024-10-11T20:57:49.175Z", "dateUpdated": "2024-12-13T00:50:02.052Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49012
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49012", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:57:56.487351Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:58:12.995Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:10.923Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49012", "datePublished": "2024-11-12T17:54:15.790Z", "dateReserved": "2024-10-11T20:57:49.180Z", "dateUpdated": "2024-12-13T00:50:10.923Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-38255
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-38255", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T16:13:40.138397Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T16:13:51.477Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:42.357Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-38255", "datePublished": "2024-11-12T17:53:50.155Z", "dateReserved": "2024-06-11T22:36:08.234Z", "dateUpdated": "2024-12-13T00:49:42.357Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-43459
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-43459", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T16:11:56.141537Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T16:12:16.803Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:43.398Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-43459", "datePublished": "2024-11-12T17:53:51.317Z", "dateReserved": "2024-08-14T01:08:33.515Z", "dateUpdated": "2024-12-13T00:49:43.398Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49006
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49006", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:28:16.455818Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:54.067Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:08.042Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49006", "datePublished": "2024-11-12T17:54:13.138Z", "dateReserved": "2024-10-11T20:57:49.179Z", "dateUpdated": "2024-12-13T00:50:08.042Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49015
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49015", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:55:26.685728Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:55:54.691Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:12.459Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49015", "datePublished": "2024-11-12T17:54:17.295Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:12.459Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49010
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49010", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:59:23.030068Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:59:35.898Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:09.809Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49010", "datePublished": "2024-11-12T17:54:14.740Z", "dateReserved": "2024-10-11T20:57:49.180Z", "dateUpdated": "2024-12-13T00:50:09.809Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49017
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49017", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:53:39.445537Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:53:55.283Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:13.424Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49017", "datePublished": "2024-11-12T17:54:18.405Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:13.424Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49018
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49018", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:53:03.702999Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:53:17.084Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-197", "description": "CWE-197: Numeric Truncation Error", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:14.067Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49018", "datePublished": "2024-11-12T17:54:18.954Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:14.067Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48999
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48999", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:26:59.959387Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:03.799Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48999", "datePublished": "2024-11-12T17:54:08.821Z", "dateReserved": "2024-10-11T20:57:49.177Z", "dateUpdated": "2024-12-13T00:50:03.799Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49001
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49001", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T14:20:34.213571Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T14:20:45.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:04.872Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49001", "datePublished": "2024-11-12T17:54:09.822Z", "dateReserved": "2024-10-11T20:57:49.177Z", "dateUpdated": "2024-12-13T00:50:04.872Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49005
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49005", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:27:24.319562Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.705Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:07.060Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49005", "datePublished": "2024-11-12T17:54:12.029Z", "dateReserved": "2024-10-11T20:57:49.178Z", "dateUpdated": "2024-12-13T00:50:07.060Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49021
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
Microsoft SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49021", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T18:52:04.039266Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T18:55:04.099Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1135.2", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 15)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4155.4", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1135.2", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4155.4", "versionStartIncluding": "16.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:15.224Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021" } ], "title": "Microsoft SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49021", "datePublished": "2024-11-12T17:54:20.153Z", "dateReserved": "2024-10-11T20:57:49.182Z", "dateUpdated": "2024-12-13T00:50:15.224Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48996
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48996", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:24:23.597063Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:52.643Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:45.833Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48996", "datePublished": "2024-11-12T17:53:53.952Z", "dateReserved": "2024-10-11T20:57:49.175Z", "dateUpdated": "2024-12-13T00:49:45.833Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49003
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49003", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T14:19:03.668048Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T14:19:15.287Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:05.891Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49003", "datePublished": "2024-11-12T17:54:10.996Z", "dateReserved": "2024-10-11T20:57:49.178Z", "dateUpdated": "2024-12-13T00:50:05.891Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49011
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49011", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:58:49.412044Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:59:02.101Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:10.348Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49011", "datePublished": "2024-11-12T17:54:15.302Z", "dateReserved": "2024-10-11T20:57:49.180Z", "dateUpdated": "2024-12-13T00:50:10.348Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48997
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48997", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:26:16.048172Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.319Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:02.631Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48997", "datePublished": "2024-11-12T17:54:07.706Z", "dateReserved": "2024-10-11T20:57:49.176Z", "dateUpdated": "2024-12-13T00:50:02.631Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49000
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49000", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T21:46:00.514102Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T21:46:08.489Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:04.314Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49000", "datePublished": "2024-11-12T17:54:09.288Z", "dateReserved": "2024-10-11T20:57:49.177Z", "dateUpdated": "2024-12-13T00:50:04.314Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48998
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48998", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:26:41.129592Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.439Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:03.208Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48998", "datePublished": "2024-11-12T17:54:08.341Z", "dateReserved": "2024-10-11T20:57:49.176Z", "dateUpdated": "2024-12-13T00:50:03.208Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49002
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49002", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T14:20:04.985529Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T14:20:13.129Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:05.386Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49002", "datePublished": "2024-11-12T17:54:10.396Z", "dateReserved": "2024-10-11T20:57:49.177Z", "dateUpdated": "2024-12-13T00:50:05.386Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-43462
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 29) |
Version: 15.0.0 < 15.0.4410.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-43462", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T16:11:17.162885Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T16:11:29.437Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:44.055Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-43462", "datePublished": "2024-11-12T17:53:51.958Z", "dateReserved": "2024-08-14T01:08:33.516Z", "dateUpdated": "2024-12-13T00:49:44.055Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49007
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49007", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:27:51.906795Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:53.847Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:07.512Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49007", "datePublished": "2024-11-12T17:54:12.607Z", "dateReserved": "2024-10-11T20:57:49.179Z", "dateUpdated": "2024-12-13T00:50:07.512Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49013
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49013", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:56:52.055888Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:57:31.039Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:11.443Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49013", "datePublished": "2024-11-12T17:54:16.266Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:11.443Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49014
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49014", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:56:18.275465Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:56:32.731Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-415", "description": "CWE-415: Double Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:11.989Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49014", "datePublished": "2024-11-12T17:54:16.810Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:11.989Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49008
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49008", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:28:43.125108Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:54.536Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:08.633Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49008", "datePublished": "2024-11-12T17:54:13.676Z", "dateReserved": "2024-10-11T20:57:49.179Z", "dateUpdated": "2024-12-13T00:50:08.633Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48994
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48994", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T16:10:35.588953Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T16:10:57.844Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:44.673Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48994", "datePublished": "2024-11-12T17:53:52.545Z", "dateReserved": "2024-10-11T20:57:49.175Z", "dateUpdated": "2024-12-13T00:49:44.673Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-48995
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-48995", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:24:49.066225Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:52.759Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:45.315Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-48995", "datePublished": "2024-11-12T17:53:53.162Z", "dateReserved": "2024-10-11T20:57:49.175Z", "dateUpdated": "2024-12-13T00:49:45.315Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49043
Vulnerability from cvelistv5
Published
2024-11-12 17:53
Modified
2024-12-13 00:49
Severity ?
EPSS score ?
Summary
Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49043", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T17:22:55.414283Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:29:52.409Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1135.2", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 15)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4155.4", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.1135.2", "versionStartIncluding": "16.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "16.0.4155.4", "versionStartIncluding": "16.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-426", "description": "CWE-426: Untrusted Search Path", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:49:47.463Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043" } ], "title": "Microsoft.SqlServer.XEvent.Configuration.dll Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49043", "datePublished": "2024-11-12T17:53:55.260Z", "dateReserved": "2024-10-11T20:57:49.186Z", "dateUpdated": "2024-12-13T00:49:47.463Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49004
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49004", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-12T21:40:07.585174Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-12T21:40:24.045Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:06.481Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49004", "datePublished": "2024-11-12T17:54:11.537Z", "dateReserved": "2024-10-11T20:57:49.178Z", "dateUpdated": "2024-12-13T00:50:06.481Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49009
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49009", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T16:00:20.386817Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T16:00:39.426Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:09.150Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49009", "datePublished": "2024-11-12T17:54:14.252Z", "dateReserved": "2024-10-11T20:57:49.180Z", "dateUpdated": "2024-12-13T00:50:09.150Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-49016
Vulnerability from cvelistv5
Published
2024-11-12 17:54
Modified
2024-12-13 00:50
Severity ?
EPSS score ?
Summary
SQL Server Native Client Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2017 (GDR) |
Version: 14.0.0 < 14.0.2070.1 |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-49016", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-13T15:54:13.049035Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T15:54:30.184Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.2070.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2130.3", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.6455.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature Pack", "vendor": "Microsoft", "versions": [ { "lessThan": "13.0.7050.2", "status": "affected", "version": "13.0.0", "versionType": "custom" } ] }, { "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2017 (CU 31)", "vendor": "Microsoft", "versions": [ { "lessThan": "14.0.3485.1", "status": "affected", "version": "14.0.0", "versionType": "custom" } ] }, { "platforms": [ "Unknown" ], "product": "Microsoft SQL Server 2019 (CU 29)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4410.1", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] } ], "cpeApplicability": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.2070.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.2130.3", "versionStartIncluding": "15.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.6455.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:sp3:*:*:*:*:x64:*", "versionEndExcluding": "13.0.7050.2", "versionStartIncluding": "13.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:-:*:*:*:*:x64:*", "versionEndExcluding": "14.0.3485.1", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*", "versionEndExcluding": "15.0.4410.1", "versionStartIncluding": "15.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "datePublic": "2024-11-12T08:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "SQL Server Native Client Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-12-13T00:50:12.973Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "SQL Server Native Client Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016" } ], "title": "SQL Server Native Client Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-49016", "datePublished": "2024-11-12T17:54:17.858Z", "dateReserved": "2024-10-11T20:57:49.181Z", "dateUpdated": "2024-12-13T00:50:12.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }