All the vulnerabilites related to Microsoft - Microsoft Visual Studio 2022 version 17.9
cve-2024-28929
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28929", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T16:11:54.498743Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-29T20:29:04.530Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.116Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:03.086Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28929", "datePublished": "2024-04-09T17:00:27.042Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:03.086Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-30046
Vulnerability from cvelistv5
Published
2024-05-14 16:57
Modified
2024-08-02 01:25
Severity ?
EPSS score ?
Summary
Visual Studio Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | .NET 7.0 |
Version: 7.0.0 < 7.0.19 cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:* |
||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-30046", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T16:43:57.442813Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:38:33.988Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:25:02.716Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Visual Studio Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "7.0.19", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 8.0", "vendor": "Microsoft", "versions": [ { "lessThan": "8.0.5", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.7", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.19", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.15", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.10", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-05-14T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Visual Studio Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 5.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-362", "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-19T20:58:49.314Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Visual Studio Denial of Service Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30046" } ], "title": "Visual Studio Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-30046", "datePublished": "2024-05-14T16:57:30.222Z", "dateReserved": "2024-03-22T23:12:13.409Z", "dateUpdated": "2024-08-02T01:25:02.716Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28930
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28930", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-18T15:43:31.008624Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-08T15:35:37.350Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.397Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:48.369Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28930", "datePublished": "2024-04-09T17:01:13.416Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:48.369Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21392
Vulnerability from cvelistv5
Published
2024-03-12 16:57
Modified
2024-08-01 22:20
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Version: 17.0 < 17.9.3 cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21392", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-12T19:02:46.047938Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T18:27:30.599Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:20:40.420Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": ".NET and Visual Studio Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.3", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.3", "vendor": "Microsoft", "versions": [ { "lessThan": "7.3.12", "status": "affected", "version": "7.3.0", "versionType": "custom" } ] }, { "cpes": [], "platforms": [ "Unknown" ], "product": "PowerShell 7.4", "vendor": "Microsoft", "versions": [ { "status": "affected", "version": "N/A" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 8.0", "vendor": "Microsoft", "versions": [ { "lessThan": "8.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.13", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.17", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.8", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-03-12T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET and Visual Studio Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T15:09:29.487Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": ".NET and Visual Studio Denial of Service Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392" } ], "title": ".NET and Visual Studio Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-21392", "datePublished": "2024-03-12T16:57:42.012Z", "dateReserved": "2023-12-08T22:45:20.454Z", "dateUpdated": "2024-08-01T22:20:40.420Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-21409
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:40
Severity ?
EPSS score ?
Summary
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Version: 17.0 < 17.9.6 cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-21409", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T00:14:54.668309Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:37:59.942Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T22:20:40.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.3", "vendor": "Microsoft", "versions": [ { "lessThan": "7.3.12", "status": "affected", "version": "7.3.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.4", "vendor": "Microsoft", "versions": [ { "lessThan": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.2:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.2", "vendor": "Microsoft", "versions": [ { "lessThan": "7.2.19", "status": "affected", "version": "7.2.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:6.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 6.0", "vendor": "Microsoft", "versions": [ { "lessThan": "6.0.29", "status": "affected", "version": "6.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "7.0.18", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 8.0", "vendor": "Microsoft", "versions": [ { "lessThan": "8.0.4", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*" ], "platforms": [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)" ], "product": "Microsoft .NET Framework 4.8", "vendor": "Microsoft", "versions": [ { "lessThan": "4.8.4718.0", "status": "affected", "version": "4.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.8:*:*:*:*:*:*:*" ], "platforms": [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)" ], "product": "Microsoft .NET Framework 3.5 AND 4.8", "vendor": "Microsoft", "versions": [ { "lessThan": "4.8.4718.0", "status": "affected", "version": "4.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*" ], "platforms": [ "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)" ], "product": "Microsoft .NET Framework 3.5 AND 4.7.2", "vendor": "Microsoft", "versions": [ { "lessThan": "4.7.4092.0", "status": "affected", "version": "4.7.0", "versionType": "custom" }, { "lessThan": "10.0.14393.6897", "status": "affected", "version": "4.7.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.7.2:*:*:*:*:*:*:*" ], "platforms": [ "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)" ], "product": "Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2", "vendor": "Microsoft", "versions": [ { "lessThan": "4.7.4092.0", "status": "affected", "version": "4.7.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.8.1:*:*:*:*:*:*:*" ], "platforms": [ "Windows Server 2022", "Windows Server 2022 (Server Core installation)", "Windows 11 version 21H2 for x64-based Systems", "Windows 11 version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for 32-bit Systems", "Windows 10 Version 21H2 for ARM64-based Systems", "Windows 10 Version 21H2 for x64-based Systems", "Windows 11 Version 22H2 for ARM64-based Systems", "Windows 11 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for x64-based Systems", "Windows 10 Version 22H2 for ARM64-based Systems", "Windows 10 Version 22H2 for 32-bit Systems", "Windows 11 Version 23H2 for ARM64-based Systems", "Windows 11 Version 23H2 for x64-based Systems" ], "product": "Microsoft .NET Framework 3.5 AND 4.8.1", "vendor": "Microsoft", "versions": [ { "lessThan": "4.8.9236.0", "status": "affected", "version": "4.8.1", "versionType": "custom" }, { "lessThan": "4.8.9206.0", "status": "affected", "version": "4.8.1", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:4.6.2:*:*:*:*:*:*:*" ], "platforms": [ "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 for x64-based Systems Service Pack 2", "Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)" ], "product": "Microsoft .NET Framework 4.6.2", "vendor": "Microsoft", "versions": [ { "lessThan": "4.7.4092.0", "status": "affected", "version": "4.7.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-416", "description": "CWE-416: Use After Free", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:40:43.466Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409" } ], "title": ".NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-21409", "datePublished": "2024-04-09T17:00:08.248Z", "dateReserved": "2023-12-08T22:45:21.299Z", "dateUpdated": "2024-10-09T01:40:43.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28936
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28936", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-05-01T19:04:55.282290Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:40.417Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.507Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:04.585Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28936", "datePublished": "2024-04-09T17:00:28.756Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:04.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28935
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (CU 25) |
Version: 15.0.0 < 15.0.4360.2 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28935", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-12T12:55:55.302963Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:37.151Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.452Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:50.105Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28935", "datePublished": "2024-04-09T17:01:15.096Z", "dateReserved": "2024-03-13T01:26:53.036Z", "dateUpdated": "2024-10-09T01:41:50.105Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28937
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2019 (GDR) |
Version: 15.0.0 < 15.0.2110.4 cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28937", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T20:00:06.674591Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:48.747Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.267Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:50.635Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28937", "datePublished": "2024-04-09T17:01:15.620Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:50.635Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28933
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Version: 16.11.0 < 16.11.35 cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28933", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-22T15:37:19.711302Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:12.885Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.181Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-191", "description": "CWE-191: Integer Underflow (Wrap or Wraparound)", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:48.973Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28933", "datePublished": "2024-04-09T17:01:13.955Z", "dateReserved": "2024-03-13T01:26:53.034Z", "dateUpdated": "2024-10-09T01:41:48.973Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28934
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*" ], "defaultStatus": "unknown", "product": "odbc_driver_for_sql_server", "vendor": "microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0", "versionType": "semver" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sql_server", "vendor": "microsoft", "versions": [ { "status": "affected", "version": "15.0.2000.5" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-28934", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-23T15:04:37.242018Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:16.066Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-121", "description": "CWE-121: Stack-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:49.555Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28934", "datePublished": "2024-04-09T17:01:14.516Z", "dateReserved": "2024-03-13T01:26:53.036Z", "dateUpdated": "2024-10-09T01:41:49.555Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28938
Vulnerability from cvelistv5
Published
2024-04-09 17:01
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28938", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-10T17:30:59.430193Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:20.638Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.355Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:51.130Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28938", "datePublished": "2024-04-09T17:01:16.170Z", "dateReserved": "2024-03-13T01:26:53.037Z", "dateUpdated": "2024-10-09T01:41:51.130Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-30045
Vulnerability from cvelistv5
Published
2024-05-14 16:57
Modified
2024-11-22 12:04
Severity ?
EPSS score ?
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | .NET 8.0 |
Version: 1.0.0 < 8.0.5 cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:* |
||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-30045", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-05-15T17:32:06.325446Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T17:39:36.245Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-11-22T12:04:49.715Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045" }, { "url": "https://security.netapp.com/advisory/ntap-20241122-0001/" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 8.0", "vendor": "Microsoft", "versions": [ { "lessThan": "8.0.5", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "7.0.19", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.7", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.19", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.15", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.10", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.4", "vendor": "Microsoft", "versions": [ { "lessThan": "7.4.3", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] } ], "datePublic": "2024-05-14T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": ".NET and Visual Studio Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-19T20:58:48.805Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": ".NET and Visual Studio Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30045" } ], "title": ".NET and Visual Studio Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-30045", "datePublished": "2024-05-14T16:57:29.676Z", "dateReserved": "2024-03-22T23:12:13.408Z", "dateUpdated": "2024-11-22T12:04:49.715Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28932
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28932", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T18:08:26.723573Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T18:08:37.536Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.356Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:04.136Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28932", "datePublished": "2024-04-09T17:00:28.215Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:04.136Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-26190
Vulnerability from cvelistv5
Published
2024-03-12 16:57
Modified
2024-08-01 23:59
Severity ?
EPSS score ?
Summary
Microsoft QUIC Denial of Service Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Version: 17.0 < 17.9.3 cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-26190", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-03-12T18:40:23.257976Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-12T18:20:58.065Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T23:59:32.659Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft QUIC Denial of Service Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.3", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2340:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2333:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Windows Server 2022", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.20348.2340", "status": "affected", "version": "10.0.0", "versionType": "custom" }, { "lessThan": "10.0.20348.2333", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2836:*:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_11_21H2:10.0.22000.2836:*:*:*:*:*:arm64:*" ], "platforms": [ "x64-based Systems", "ARM64-based Systems" ], "product": "Windows 11 version 21H2", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.22000.2836", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3296:*:*:*:*:*:arm64:*", "cpe:2.3:o:microsoft:windows_11_22H2:10.0.22621.3296:*:*:*:*:*:x64:*" ], "platforms": [ "ARM64-based Systems", "x64-based Systems" ], "product": "Windows 11 version 22H2", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.22621.3296", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3296:*:*:*:*:*:arm64:*" ], "platforms": [ "ARM64-based Systems" ], "product": "Windows 11 version 22H3", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.22631.3296", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_11_23H2:10.0.22631.3296:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Windows 11 Version 23H2", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.22631.3296", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:microsoft:windows_server_23h2:10.0.25398.763:*:*:*:*:*:*:*" ], "platforms": [ "x64-based Systems" ], "product": "Windows Server 2022, 23H2 Edition (Server Core installation)", "vendor": "Microsoft", "versions": [ { "lessThan": "10.0.25398.763", "status": "affected", "version": "10.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.3:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.3", "vendor": "Microsoft", "versions": [ { "lessThan": "7.3.12", "status": "affected", "version": "7.3.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "PowerShell 7.4", "vendor": "Microsoft", "versions": [ { "lessThan": "7.4.2", "status": "affected", "version": "7.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.17", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.13", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.8", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:7.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 7.0", "vendor": "Microsoft", "versions": [ { "lessThan": "7.0.17", "status": "affected", "version": "7.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:.net:8.0.0:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": ".NET 8.0", "vendor": "Microsoft", "versions": [ { "lessThan": "8.0.3", "status": "affected", "version": "1.0.0", "versionType": "custom" } ] } ], "datePublic": "2024-03-12T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft QUIC Denial of Service Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-06-11T15:09:45.928Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft QUIC Denial of Service Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190" } ], "title": "Microsoft QUIC Denial of Service Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-26190", "datePublished": "2024-03-12T16:57:52.923Z", "dateReserved": "2024-02-14T22:23:54.099Z", "dateUpdated": "2024-08-01T23:59:32.659Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-28931
Vulnerability from cvelistv5
Published
2024-04-09 17:00
Modified
2024-10-09 01:41
Severity ?
EPSS score ?
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
References
▼ | URL | Tags |
---|---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931 | vendor-advisory |
Impacted products
Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
▼ | Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Version: 16.0.0 < 16.0.4120.1 cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-28931", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-04-25T00:11:41.299849Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-04T18:03:59.642Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-02T01:03:51.172Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 for (CU 12)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.4120.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (CU 25)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.4360.2", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2019:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2019 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "15.0.2110.4", "status": "affected", "version": "15.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:sql_server:2022:*:*:*:*:*:x64:*" ], "platforms": [ "x64-based Systems" ], "product": "Microsoft SQL Server 2022 (GDR)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.0.1115.1", "status": "affected", "version": "16.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 17 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "17.10.6.1", "status": "affected", "version": "17.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Windows", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on Linux", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:-:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft ODBC Driver 18 for SQL Server on MacOS", "vendor": "Microsoft", "versions": [ { "lessThan": "18.3.3.1", "status": "affected", "version": "18.0.0.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)", "vendor": "Microsoft", "versions": [ { "lessThan": "16.11.35", "status": "affected", "version": "16.11.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.9", "vendor": "Microsoft", "versions": [ { "lessThan": "17.9.6", "status": "affected", "version": "17.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio_2022:17.4:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.4", "vendor": "Microsoft", "versions": [ { "lessThan": "17.4.18", "status": "affected", "version": "17.4.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.6", "vendor": "Microsoft", "versions": [ { "lessThan": "17.6.14", "status": "affected", "version": "17.6.0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:a:microsoft:visual_studio:2022:*:*:*:*:*:*:*" ], "platforms": [ "Unknown" ], "product": "Microsoft Visual Studio 2022 version 17.8", "vendor": "Microsoft", "versions": [ { "lessThan": "17.8.9", "status": "affected", "version": "17.8.0", "versionType": "custom" } ] } ], "datePublic": "2024-04-09T07:00:00+00:00", "descriptions": [ { "lang": "en-US", "value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } ], "metrics": [ { "cvssV3_1": { "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en-US", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound", "lang": "en-US", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-09T01:41:03.578Z", "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft" }, "references": [ { "name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability", "tags": [ "vendor-advisory" ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931" } ], "title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability" } }, "cveMetadata": { "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2024-28931", "datePublished": "2024-04-09T17:00:27.649Z", "dateReserved": "2024-03-13T01:26:53.031Z", "dateUpdated": "2024-10-09T01:41:03.578Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }