Multiple vulnerabilities in Microsoft OLE DB Driver for SQL Server
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 25 |
| CVE-ID | CVE-2024-28940 CVE-2024-29047 CVE-2024-29983 CVE-2024-29985 CVE-2024-28945 CVE-2024-28942 CVE-2024-29048 CVE-2024-29046 CVE-2024-28910 CVE-2024-28927 CVE-2024-29045 CVE-2024-28911 CVE-2024-29984 CVE-2024-28906 CVE-2024-28926 CVE-2024-28908 CVE-2024-28939 CVE-2024-28914 CVE-2024-29982 CVE-2024-28944 CVE-2024-28909 CVE-2024-28912 CVE-2024-28915 CVE-2024-28913 CVE-2024-29044 |
| CWE-ID | CWE-20 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Microsoft SQL Server Server applications / Database software OLE DB Driver Universal components / Libraries / Software for developers |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 25 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU88249
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28940
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU20 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28940
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Input validation error
EUVDB-ID: #VU88277
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29047
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 CU12
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29047
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Input validation error
EUVDB-ID: #VU88276
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29983
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29983
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU88275
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29985
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29985
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Input validation error
EUVDB-ID: #VU88274
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28945
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28945
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU88273
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28942
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28942
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Input validation error
EUVDB-ID: #VU88272
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29048
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29048
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Input validation error
EUVDB-ID: #VU88271
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29046
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29046
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Input validation error
EUVDB-ID: #VU88270
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28910
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28910
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Input validation error
EUVDB-ID: #VU88269
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28927
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28927
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Input validation error
EUVDB-ID: #VU88268
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29045
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29045
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Input validation error
EUVDB-ID: #VU88267
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28911
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28911
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Input validation error
EUVDB-ID: #VU88266
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29984
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29984
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Input validation error
EUVDB-ID: #VU88265
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28906
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28906
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU88264
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28926
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28926
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Input validation error
EUVDB-ID: #VU88263
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28908
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28908
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU88262
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28939
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28939
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Input validation error
EUVDB-ID: #VU88261
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28914
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28914
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Input validation error
EUVDB-ID: #VU88260
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29982
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29982
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU88255
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28944
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU88254
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28909
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28909
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Input validation error
EUVDB-ID: #VU88253
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28912
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28912
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Input validation error
EUVDB-ID: #VU88252
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28915
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28915
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Input validation error
EUVDB-ID: #VU88251
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-28913
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can trick a victim to connect to a malicious SQL database and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU25 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-28913
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU88250
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2024-29044
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Microsoft OLE DB Driver for SQL Server. A remote attacker can pass specially crafted input to the application and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMicrosoft SQL Server: 2019 CU20 - 2022 GDR
OLE DB Driver: 18.0.0 - 19.0.0
External linkshttp://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-29044
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
