Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2024-AVI-0292
Vulnerability from certfr_avis - Published: 2024-04-10 - Updated: 2024-04-10
De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une usurpation d'identité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.4 versions antérieures à 17.4.18 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (GDR) versions antérieures à 15.0.2110.4 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur Linux versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.9 versions antérieures à 17.9.6 | ||
| Microsoft | N/A | Microsoft SQL Server 2019 pour systèmes x64 (CU 25) versions antérieures à 15.0.4360.2 | ||
| Microsoft | N/A | Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions antérieures à 17.10.6.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 à 16.10) versions antérieures à 16.11.35 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 18 pour SQL Server versions antérieures à 18.7.0002.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2019 versions antérieures à 16.0.10409.20027 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (CU 12) versions antérieures à 16.0.4120.1 | ||
| Microsoft | N/A | Microsoft SharePoint Server Subscription Edition versions antérieures à 16.0.17328.20246 | ||
| Microsoft | N/A | Microsoft OLE DB Driver 19 pour SQL Server versions antérieures à 19.3.0003.0 | ||
| Microsoft | N/A | Microsoft SharePoint Server 2016 versions antérieures à 16.0.5443.1000 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft SQL Server 2022 pour systèmes x64 (GDR) versions antérieures à 16.0.1115.1 | ||
| Microsoft | N/A | Microsoft ODBC Driver 18 pour SQL Server sur Linux versions antérieures à 18.3.3.1 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.6 versions antérieures à 17.6.14 | ||
| Microsoft | N/A | Microsoft Defender pour IoT versions antérieures à 24.1.3 | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.8 versions antérieures à 17.8.9 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Visual Studio 2022 version 17.4 versions ant\u00e9rieures \u00e0 17.4.18",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 15.0.2110.4",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.9 versions ant\u00e9rieures \u00e0 17.9.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2019 pour syst\u00e8mes x64 (CU 25) versions ant\u00e9rieures \u00e0 15.0.4360.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 17 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 17.10.6.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (inclut les versions 16.0 \u00e0 16.10) versions ant\u00e9rieures \u00e0 16.11.35",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 18 pour SQL Server versions ant\u00e9rieures \u00e0 18.7.0002.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2019 versions ant\u00e9rieures \u00e0 16.0.10409.20027",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (CU 12) versions ant\u00e9rieures \u00e0 16.0.4120.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server Subscription Edition versions ant\u00e9rieures \u00e0 16.0.17328.20246",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft OLE DB Driver 19 pour SQL Server versions ant\u00e9rieures \u00e0 19.3.0003.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SharePoint Server 2016 versions ant\u00e9rieures \u00e0 16.0.5443.1000",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur MacOS versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft SQL Server 2022 pour syst\u00e8mes x64 (GDR) versions ant\u00e9rieures \u00e0 16.0.1115.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft ODBC Driver 18 pour SQL Server sur Linux versions ant\u00e9rieures \u00e0 18.3.3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.6 versions ant\u00e9rieures \u00e0 17.6.14",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT versions ant\u00e9rieures \u00e0 24.1.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.8 versions ant\u00e9rieures \u00e0 17.8.9",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-29053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29053"
},
{
"name": "CVE-2024-29983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29983"
},
{
"name": "CVE-2024-28906",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28906"
},
{
"name": "CVE-2024-28914",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28914"
},
{
"name": "CVE-2024-28908",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28908"
},
{
"name": "CVE-2024-28933",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28933"
},
{
"name": "CVE-2024-28941",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28941"
},
{
"name": "CVE-2024-29046",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29046"
},
{
"name": "CVE-2024-28944",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28944"
},
{
"name": "CVE-2024-29054",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29054"
},
{
"name": "CVE-2024-28915",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28915"
},
{
"name": "CVE-2024-21324",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21324"
},
{
"name": "CVE-2024-28932",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28932"
},
{
"name": "CVE-2024-29048",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29048"
},
{
"name": "CVE-2024-29044",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29044"
},
{
"name": "CVE-2024-29055",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29055"
},
{
"name": "CVE-2024-29043",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29043"
},
{
"name": "CVE-2024-29985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29985"
},
{
"name": "CVE-2024-28935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28935"
},
{
"name": "CVE-2024-28939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28939"
},
{
"name": "CVE-2024-28930",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28930"
},
{
"name": "CVE-2024-28911",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28911"
},
{
"name": "CVE-2024-28943",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28943"
},
{
"name": "CVE-2024-29047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29047"
},
{
"name": "CVE-2024-28934",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28934"
},
{
"name": "CVE-2024-28940",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28940"
},
{
"name": "CVE-2024-28942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28942"
},
{
"name": "CVE-2024-28936",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28936"
},
{
"name": "CVE-2024-28913",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28913"
},
{
"name": "CVE-2024-21323",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21323"
},
{
"name": "CVE-2024-28909",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28909"
},
{
"name": "CVE-2024-28938",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28938"
},
{
"name": "CVE-2024-28929",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28929"
},
{
"name": "CVE-2024-28926",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28926"
},
{
"name": "CVE-2024-21322",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21322"
},
{
"name": "CVE-2024-28931",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28931"
},
{
"name": "CVE-2024-29984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29984"
},
{
"name": "CVE-2024-29045",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29045"
},
{
"name": "CVE-2024-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-21409"
},
{
"name": "CVE-2024-28927",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28927"
},
{
"name": "CVE-2024-28910",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28910"
},
{
"name": "CVE-2024-28912",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28912"
},
{
"name": "CVE-2024-28937",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28937"
},
{
"name": "CVE-2024-26251",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26251"
},
{
"name": "CVE-2024-28945",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28945"
},
{
"name": "CVE-2024-29982",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29982"
}
],
"initial_release_date": "2024-04-10T00:00:00",
"last_revision_date": "2024-04-10T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28936 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28941 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29054 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29054"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28945 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28945"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29047 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29047"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28942 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28940 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28929 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21324 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21324"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-26251 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26251"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28930 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28908 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28908"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28912 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28912"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21323 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21323"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28937 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28932 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28915 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28915"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29046 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29046"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29985 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29985"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28938 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28910 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28910"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29055 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29055"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29044 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29044"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28939 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28933 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21322 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21322"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28909 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28909"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29983 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29983"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29984 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29984"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29045 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29045"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29053 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29053"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28911 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28911"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28913 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28913"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28906 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28906"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28934 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-21409 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28931 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28944 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28944"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28914 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28914"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28943 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28943"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29982 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29982"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29043 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29043"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28935 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28927 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-28926 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28926"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2024-29048 du 09 avril 2024",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29048"
}
],
"reference": "CERTFR-2024-AVI-0292",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-04-10T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft les produits Microsoft du 09 avril 2024",
"url": null
}
]
}
CVE-2024-28933 (GCVE-0-2024-28933)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-191 - Integer Underflow (Wrap or Wraparound)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28933",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T15:37:19.711302Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:12.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.181Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-191",
"description": "CWE-191: Integer Underflow (Wrap or Wraparound)",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:14.815Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28933",
"datePublished": "2024-04-09T17:01:13.955Z",
"dateReserved": "2024-03-13T01:26:53.034Z",
"dateUpdated": "2025-05-03T00:40:14.815Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28934 (GCVE-0-2024-28934)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
17 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
|
| microsoft | odbc_driver_for_sql_server |
Affected:
18.0 , < 18.3.3.1
(semver)
cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:* |
|
| microsoft | sql_server |
Affected:
15.0.2000.5
cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:* |
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:microsoft:odbc_driver_for_sql_server:18.0:*:*:*:*:linux:*:*"
],
"defaultStatus": "unknown",
"product": "odbc_driver_for_sql_server",
"vendor": "microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:microsoft:sql_server:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sql_server",
"vendor": "microsoft",
"versions": [
{
"status": "affected",
"version": "15.0.2000.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-23T15:04:37.242018Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:16.066Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121: Stack-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:15.457Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28934",
"datePublished": "2024-04-09T17:01:14.516Z",
"dateReserved": "2024-03-13T01:26:53.036Z",
"dateUpdated": "2025-05-03T00:40:15.457Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28935 (GCVE-0-2024-28935)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28935",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T12:55:55.302963Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:37.151Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:16.151Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28935",
"datePublished": "2024-04-09T17:01:15.096Z",
"dateReserved": "2024-03-13T01:26:53.036Z",
"dateUpdated": "2025-05-03T00:40:16.151Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28936 (GCVE-0-2024-28936)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28936",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-01T19:04:55.282290Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:40.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:39:29.796Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28936",
"datePublished": "2024-04-09T17:00:28.756Z",
"dateReserved": "2024-03-13T01:26:53.037Z",
"dateUpdated": "2025-05-03T00:39:29.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28937 (GCVE-0-2024-28937)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28937",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-22T20:00:06.674591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:48.747Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:16.730Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28937",
"datePublished": "2024-04-09T17:01:15.620Z",
"dateReserved": "2024-03-13T01:26:53.037Z",
"dateUpdated": "2025-05-03T00:40:16.730Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28938 (GCVE-0-2024-28938)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) |
Affected:
16.11.0 , < 16.11.35
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.9 |
Affected:
17.0 , < 17.9.6
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.4 |
Affected:
17.4.0 , < 17.4.18
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.6 |
Affected:
17.6.0 , < 17.6.14
(custom)
|
|
| Microsoft | Microsoft Visual Studio 2022 version 17.8 |
Affected:
17.8.0 , < 17.8.9
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28938",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T17:30:59.430193Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:03:20.638Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.35",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.9",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.9.6",
"status": "affected",
"version": "17.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.4",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.4.18",
"status": "affected",
"version": "17.4.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.6",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.6.14",
"status": "affected",
"version": "17.6.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.8",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.8.9",
"status": "affected",
"version": "17.8.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.35",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.9.6",
"versionStartIncluding": "17.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.4.18",
"versionStartIncluding": "17.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6.14",
"versionStartIncluding": "17.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.8.9",
"versionStartIncluding": "17.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:17.382Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28938",
"datePublished": "2024-04-09T17:01:16.170Z",
"dateReserved": "2024-03-13T01:26:53.037Z",
"dateUpdated": "2025-05-03T00:40:17.382Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28939 (GCVE-0-2024-28939)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39
VLAI
EPSS
Title
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Affected:
19.0.0 , < 19.3.0003.0
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Affected:
18.0.0 , < 18.7.0002.0
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T14:44:17.065535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-26T16:20:45.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0003.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.7.0002.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.0003.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.7.0002.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209: Generation of Error Message Containing Sensitive Information",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:39:30.246Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28939"
}
],
"title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28939",
"datePublished": "2024-04-09T17:00:29.317Z",
"dateReserved": "2024-03-13T01:26:53.038Z",
"dateUpdated": "2025-05-03T00:39:30.246Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28940 (GCVE-0-2024-28940)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Affected:
19.0.0 , < 19.3.0003.0
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Affected:
18.0.0 , < 18.7.0002.0
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:41:24.285678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-05T17:22:18.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0003.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.7.0002.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.0003.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.7.0002.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:18.217Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28940"
}
],
"title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28940",
"datePublished": "2024-04-09T17:01:16.713Z",
"dateReserved": "2024-03-13T01:26:53.038Z",
"dateUpdated": "2025-05-03T00:40:18.217Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28941 (GCVE-0-2024-28941)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:01 – Updated: 2025-05-03 00:40
VLAI
EPSS
Title
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
10 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Windows |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on Linux |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 17 for SQL Server on MacOS |
Affected:
17.0.0.0 , < 17.10.6.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Windows |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on Linux |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft ODBC Driver 18 for SQL Server on MacOS |
Affected:
18.0.0.0 , < 18.3.3.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:51.250Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-10T19:52:13.543985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T17:32:55.845Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 17 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.10.6.1",
"status": "affected",
"version": "17.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Windows",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on Linux",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft ODBC Driver 18 for SQL Server on MacOS",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.3.3.1",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_17_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.10.6.1",
"versionStartIncluding": "17.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:odbc_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.3.1",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:40:18.764Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28941"
}
],
"title": "Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28941",
"datePublished": "2024-04-09T17:01:17.273Z",
"dateReserved": "2024-03-13T01:26:53.038Z",
"dateUpdated": "2025-05-03T00:40:18.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28942 (GCVE-0-2024-28942)
Vulnerability from cvelistv5 – Published: 2024-04-09 17:00 – Updated: 2025-05-03 00:39
VLAI
EPSS
Title
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Summary
Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://msrc.microsoft.com/update-guide/vulnerabi… | vendor-advisory |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Microsoft SQL Server 2022 for (CU 12) |
Affected:
16.0.0 , < 16.0.4120.1
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (CU 25) |
Affected:
15.0.0 , < 15.0.4360.2
(custom)
|
|
| Microsoft | Microsoft SQL Server 2019 (GDR) |
Affected:
15.0.0 , < 15.0.2110.4
(custom)
|
|
| Microsoft | Microsoft SQL Server 2022 (GDR) |
Affected:
16.0.0 , < 16.0.1115.1
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 19 for SQL Server |
Affected:
19.0.0 , < 19.3.0003.0
(custom)
|
|
| Microsoft | Microsoft OLE DB Driver 18 for SQL Server |
Affected:
18.0.0 , < 18.7.0002.0
(custom)
|
Date Public
2024-04-09 07:00
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-28942",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-28T14:14:13.046600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-28T14:14:18.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:03:50.838Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 for (CU 12)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.4120.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (CU 25)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.4360.2",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2019 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "15.0.2110.4",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"x64-based Systems"
],
"product": "Microsoft SQL Server 2022 (GDR)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.0.1115.1",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 19 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "19.3.0003.0",
"status": "affected",
"version": "19.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft OLE DB Driver 18 for SQL Server",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "18.7.0002.0",
"status": "affected",
"version": "18.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.4120.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.4360.2",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "15.0.2110.4",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:sql_server:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "16.0.1115.1",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_19_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.3.0003.0",
"versionStartIncluding": "19.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:ole_db_driver_18_for_sql_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.7.0002.0",
"versionStartIncluding": "18.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2024-04-09T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190: Integer Overflow or Wraparound",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-03T00:39:30.792Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28942"
}
],
"title": "Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2024-28942",
"datePublished": "2024-04-09T17:00:29.841Z",
"dateReserved": "2024-03-13T01:26:53.038Z",
"dateUpdated": "2025-05-03T00:39:30.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…