Lucene search
K

67 matches found

NVD
NVD
added yesterday6 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday4 views

CVE-2026-14178

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-14178

openGauss contains a heap-use-after-free in to_timestamp handling when an NLS parameter is used, triggered in the seqscan+sort path by saving nls_fmt_str in the session parser context and referencing it after the SeqScan expression context is reset. Attack requires database SQL execution permissi...

5.9CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40326

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS5.8AI score
Exploits0References1
Cvelist
Cvelist
added yesterday8 views

CVE-2026-14178 openGauss存在非法内存访问导致DoS漏洞

openGauss 在处理带 NLS 参数的 totimestamp 调用时,totimestampwithfmtnls 会将 nlsfmtstr 保存到 usess-parsercxt.nlsfmtstr。在 seqscan + sort 执行路径下,该字符串原本被分配在 SeqScan 的表达式上下文中;当 SeqScan 完成后,该内存上下文会被 reset,但后续结果输出阶段 timestampout 仍会通过 CheckNlsFormat 访问 usess-parsercxt.nlsfmtstr,导致访问已释放内存。攻击者在具备数据库 SQL 执行权限的情况下,可构造特定...

5.9CVSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.13 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

6.5CVSS6.6AI score0.00106EPSS
Exploits0
CNVD
CNVD
added 2024/07/25 12:0 a.m.3 views

Huawei Technologies has an unspecified vulnerability

Huawei openGauss is China's Huawei Huawei company an open source relational database management system . A security vulnerability exists in Huawei openGauss, which can be exploited by an attacker to cause a denial of service by modifying table properties...

6.5CVSS5.9AI score0.00106EPSS
Exploits0References1
OSV
OSV
added 2024/07/24 4:15 p.m.5 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2
NVD
NVD
added 2024/07/24 4:15 p.m.27 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

6.5CVSS0.00106EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/24 12:0 a.m.16 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

6.3AI score0.00106EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/07/24 12:0 a.m.3 views

Huawei openGauss 安全漏洞

Huawei openGauss is an open source relational database management system from Huawei China. A security vulnerability exists in Huawei openGauss version 5.0.0, which originates from a vulnerability that could allow a local attacker to cause a denial of service by modifying table properties...

6.5CVSS6.2AI score0.00106EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/07/24 12:0 a.m.30 views

CVE-2024-40575

An issue in Huawei Technologies opengauss openGauss 5.0.0 build v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes...

0.00106EPSS
Exploits0References2
CVE
CVE
added 2024/07/24 12:0 a.m.67 views

CVE-2024-40575

CVE-2024-40575 affects Huawei openGauss (openGauss 5.0.0 build) with v7.3.0. The issue allows a local attacker to cause a denial of service by modifying table attributes. Root cause is described as a modification of table attributes, leading to DoS. Some sources (e.g., Red Hat CVE page) reiterate...

6.5CVSS6.3AI score0.00106EPSS
Exploits0References2Affected Software1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.8 views

openGauss: Ensuring the Existence of the server.crt File

The best solution to prevent TCP server spoofing is to use the SSL certificate and ensure that the server certificate is verified on the client. Therefore, the server must be configured to use only the hostssl connection, and the server.key key and server.crt certificate files using the SSL must ...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.7 views

openGauss: Restricting the Permission for the ${GAUSSHOME}/bin Directory

The $GAUSSHOME/bin directory stores database binary files. To prevent them from being tampered or damaged and protect customer information from security threats, this directory must be protected and deny unauthorized user access. Copyright C 2020 Greenbone Networks GmbH Some text descriptions mig...

7AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.7 views

openGauss: Configuring Kerberos Authentication in openGauss

Use gsom to enable and disable Kerberos authentication in openGauss. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

7.5AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.10 views

openGauss: Restricting the Permission for the Database Home Directory

$GAUSSHOME is the installation directory of openGauss. To prevent the installation package from being tampered or damaged and protect customer network from security threats, this directory must be protected and deny unauthorized user access. Copyright C 2020 Greenbone Networks GmbH Some text...

7.4AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.6 views

openGauss: Restricting the Permission for the data Directory

The best solution to prevent TCP server spoofing is to use the SSL certificate and ensure that the server certificate is verified on the client. Therefore, the server must be configured to use only the hostssl connection, and the server.key key and server.crt certificate files using the SSL must ...

7.2AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.11 views

openGauss: Restricting the Permission for the pg_hba.conf File

The configuration file pghba.conf stores the configuration information about database connections. To prevent the parameters in the file from being tampered and protect customer information from security threats, this file directory must be protected and deny unauthorized user access. Copyright C...

7.1AI score
Exploits0References1
OpenVAS
OpenVAS
added 2020/11/23 12:0 a.m.7 views

openGauss: Restricting the Permission for the postgresql.conf File

The configuration file postgresql.conf stores the default database configuration. To prevent the parameters in the file from being tampered and protect customer information from security threats, this file directory must be protected and deny unauthorized user access. Copyright C 2020 Greenbone...

7.3AI score
Exploits0References1
Rows per page
Query Builder