Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2024-28938: Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

An attacker could exploit the vulnerability by tricking an authenticated user (CVSS metric UI:R) into attempting to connect to a malicious SQL server via a connection driver (for example: ODBC and / or OLEDB as applicable).

Microsoft Security Response Center
#sql#vulnerability#microsoft#rce#auth#SQL Server#Security Vulnerability

Microsoft Security Response Center: Latest News

CVE-2024-11395: Chromium: CVE-2024-11395 Type Confusion in V8