53 matches found
CVE-2019-15024
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...
CVE-2018-14668
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...
CVE-2018-14672
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages...
CVE-2019-16536
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...
DEBIAN-CVE-2019-16536
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...
CVE-2019-16536 Stack overflow leading to DoS can be triggered by a malicious authenticated client.
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...
CVE-2019-16536
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...
CVE-2019-16536 Stack overflow leading to DoS can be triggered by a malicious authenticated client.
Stack overflow leading to DoS can be triggered by a malicious authenticated client in Clickhouse before 19.14.3.3...
CVE-2019-16536
CVE-2019-16536 : A stack overflow causing DoS can be triggered by a malicious authenticated client in ClickHouse prior to 19.14.3.3. The available sources consistently describe a DoS outcome from a stack overflow, but do not provide exploit details, affected versions beyond the stated range, or c...
ClickHouse 安全漏洞
ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse versions prior to 19.14.3.3 that originates from a malicious authenticated client that could trigger ...
CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...
ClickHouse < 1.1.54388
The version of ClickHouse installed on the remote host is prior to 1.1.54388. It is, therefore, affected by a Cross Protocol Request Forgery vulnerability. In ClickHouse before 1.1.54388, remote table function allowed arbitrary symbols in user, password and defaultdatabase fields which led to Cro...
ClickHouse < 19.14.3
The version of ClickHouse installed on the remote host is prior to 19.14.3. It is, therefore, affected by a arbitrary file write vulnerability. In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the...
ClickHouse < 19.14
The version of ClickHouse installed on the remote host is prior to 19.14. It is, therefore, affected by a remote code execution vulnerability. In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via...
ClickHouse < 18.10.3
The version of ClickHouse installed on the remote host is prior to 18.10.3. It is, therefore, affected by a remote code execution vulnerability. In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability...
ClickHouse < 19.13.5.44
The version of ClickHouse installed on the remote host is prior to 19.13.5.44. It is, therefore, affected by a HTTP header injection vulnerability via the url table function. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
ClickHouse < 1.1.54390
The version of ClickHouse installed on the remote host is prior to 1.1.54390. It is, therefore, affected by an arbitrary file read vulnerability. ClickHouse MySQL client before versions 1.1.54390 had LOAD DATA LOCAL INFILE functionality enabled that allowed a malicious MySQL database read arbitra...
CVE-2022-39267
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...
ClickHouse 安全漏洞
ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse that stems from the ability of an attacker to send a specially crafted request that crashes a server...
CVE-2023-47118
A heap buffer overflow vulnerability affecting the native interface running by default on port 9000/tcp. An attacker, by triggering a bug in the T64 compression codec, can cause the ClickHouse server process to crash. This vulnerability can be exploited without the need to authenticate. Fix has...