Lucene search
+L

53 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.7 views

CVE-2019-15024

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

6.5CVSS6.9AI score0.00949EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:33 a.m.14 views

CVE-2018-14668

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

8.8CVSS6.9AI score0.00716EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:40 a.m.10 views

CVE-2018-14672

In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...

5.3CVSS7AI score0.01741EPSS
Exploits0References1
NVD
NVD
added 2025/05/21 8:15 a.m.8 views

CVE-2019-16536

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.8CVSS0.00749EPSS
Exploits0References1
OSV
OSV
added 2025/05/21 8:15 a.m.4 views

DEBIAN-CVE-2019-16536

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.8CVSS5.3AI score0.00749EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/21 7:13 a.m.6 views

CVE-2019-16536 Stack overflow leading to DoS can be triggered by a malicious authenticated client.

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.2CVSS7AI score0.00749EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/05/21 7:13 a.m.9 views

CVE-2019-16536

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.8CVSS5.3AI score0.00749EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/21 7:13 a.m.18 views

CVE-2019-16536 Stack overflow leading to DoS can be triggered by a malicious authenticated client.

Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...

8.2CVSS0.00749EPSS
Exploits0References1
CVE
CVE
added 2025/05/21 7:13 a.m.155 views

CVE-2019-16536

CVE-2019-16536 : A stack overflow causing DoS can be triggered by a malicious authenticated client in ClickHouse prior to 19.14.3.3. The available sources consistently describe a DoS outcome from a stack overflow, but do not provide exploit details, affected versions beyond the stated range, or c...

8.8CVSS6.6AI score0.00749EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/05/21 12:0 a.m.6 views

ClickHouse 安全漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse versions prior to 19.14.3.3 that originates from a malicious authenticated client that could trigger ...

8.8CVSS6.2AI score0.00749EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/23 4:45 p.m.46 views

CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

7.1CVSS0.00466EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.8 views

ClickHouse < 1.1.54388

The version of ClickHouse installed on the remote host is prior to 1.1.54388. It is, therefore, affected by a Cross Protocol Request Forgery vulnerability. In ClickHouse before 1.1.54388, remote table function allowed arbitrary symbols in user, password and defaultdatabase fields which led to Cro...

8.8CVSS7.9AI score0.00716EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.75 views

ClickHouse < 19.14.3

The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...

6.5CVSS6.8AI score0.00949EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.9 views

ClickHouse < 19.14

The version of ClickHouse installed on the remote host is prior to 19.14. It is, therefore, affected by a remote code execution vulnerability. In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via...

9.8CVSS8.8AI score0.01695EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.8 views

ClickHouse < 18.10.3

The version of ClickHouse installed on the remote host is prior to 18.10.3. It is, therefore, affected by a remote code execution vulnerability. In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability...

9.8CVSS9.2AI score0.03422EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.9 views

ClickHouse < 19.13.5.44

The version of ClickHouse installed on the remote host is prior to 19.13.5.44. It is, therefore, affected by a HTTP header injection vulnerability via the url table function. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...

5.3CVSS5.8AI score0.01466EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/02/24 12:0 a.m.13 views

ClickHouse < 1.1.54390

The version of ClickHouse installed on the remote host is prior to 1.1.54390. It is, therefore, affected by an arbitrary file read vulnerability. ClickHouse MySQL client before versions 1.1.54390 had LOAD DATA LOCAL INFILE functionality enabled that allowed a malicious MySQL database read arbitra...

7.5CVSS7.5AI score0.01711EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 7:37 p.m.10 views

CVE-2022-39267

Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...

8.8CVSS6.9AI score0.00727EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/08/01 12:0 a.m.9 views

ClickHouse 安全漏洞

ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that stems from the ability of an attacker to send a specially crafted request that crashes a server...

8.1CVSS6.7AI score0.00721EPSS
Exploits0References2
ClickHouse
ClickHouse
added 2023/11/26 12:0 a.m.15 views

CVE-2023-47118

A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has...

9.8CVSS5.8AI score0.00462EPSS
Exploits0
Rows per page
Query Builder