Lucene search
+L

47 matches found

NVD
NVD
added 2026/06/30 2:16 p.m.8 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 1:56 p.m.7 views

EUVD-2026-40326

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 1:56 p.m.24 views

CVE-2026-14178

openGauss contains a heap-use-after-free in to_timestamp handling when an NLS parameter is used, triggered in the seqscan+sort path by saving nls_fmt_str in the session parser context and referencing it after the SeqScan expression context is reset. Attack requires database SQL execution permissi...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 1:56 p.m.9 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score0.00351EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 1:56 p.m.31 views

CVE-2026-14178 openGauss存在非法内存访问导致DoS漏洞

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/31 10:7 p.m.10 views

CVE-2021-47699

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS6.2AI score0.00383EPSS
Exploits0References1
NVD
NVD
added 2025/10/30 10:15 p.m.6 views

CVE-2021-47699

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.4CVSS0.00383EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/30 9:48 p.m.3 views

CVE-2021-47699 Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form

Nagios XI versions prior to 5.8.7 are vulnerable to cross-site scripting XSS via the Audit Log page’s Send to NLS form. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

5.1CVSS5.8AI score0.00383EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-0280

Malware in sbrugna...

6.8CVSS6.4AI score0.00366EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2009-0547

Malware in sbrugna...

6.8CVSS7.3AI score0.18722EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2007-5926

Malware in sbrugna...

7.2CVSS6.4AI score0.0045EPSS
Exploits0References8
OSV
OSV
added 2025/01/21 11:15 p.m.4 views

CVE-2024-49733

In reload of ServiceListing.java , there is a possible way to allow a malicious app to hide an NLS from Settings due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS5.9AI score0.0008EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2019/06/11 12:0 a.m.8 views

Update for Windows 8.1 and Windows Server 2012 R2: April 25, 2019

Update for Windows 8.1 and Windows Server 2012 R2: April 25, 2019 Summary This update includes the quality improvements from KB4493467, in addition to new Japanese Era related changes. Key changes include: Updates the NLS registry to support the new Japanese Era. Addresses an issue that causes th...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/11 12:0 a.m.9 views

Update for Windows Server 2012: April 25, 2019

Update for Windows Server 2012: April 25, 2019 Summary This update includes the quality improvements from KB4493450, in addition to new Japanese Era related changes. Key changes include: Updates the NLS registry to support the new Japanese Era. Addresses an issue that causes the Date and Time...

5.8AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/05/15 12:0 a.m.9 views

Update for Windows Server 2008 SP2: April 25, 2019

Update for Windows Server 2008 SP2: April 25, 2019 Summary This update includes the quality improvements from KB4493458, in addition to new Japanese Era related changes. Key changes include: Updates the NLS registry to support the new Japanese Era. Addresses an issue that causes the Date and Time...

7.4AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/04/25 12:0 a.m.9 views

April 25, 2019—KB4493460 (Preview of Monthly Rollup)

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/04/25 12:0 a.m.7 views

April 25, 2019—KB4493443 (Preview of Monthly Rollup)

None None...

6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/04/25 12:0 a.m.7 views

April 25, 2019—KB4493440 (OS Build 16299.1127)

None None...

6.1AI score
Exploits0
Citrix
Citrix
added 2018/09/25 12:0 a.m.7 views

Boot failure 0xc000000f: Windows failed to load because the NLS data is missing, or corrupt

You may see this when you attempt to create App Layers after importing a new non-US-English OS layer. This applies to every version of Windows from 7 onward. Below is what you get in Windows 7 when you have a missing NLS Native Language Support code-page file. You get a boot failure screen that...

7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/02/12 12:0 a.m.617 views

ProFTPD 1.3.1 SQL injection protection bypass

The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is 1.3.1x and may be affected by SQL injection protection bypass when NLS support is enabled. C Tenable Network Security, Inc. include'compat.inc'; ...

6.8CVSS7.4AI score0.18722EPSS
Exploits0References2
Rows per page
Query Builder