525 matches found
ClickHouse < 1.1.54390
The version of ClickHouse installed on the remote host is prior to 1.1.54390. It is, therefore, affected by an arbitrary file read vulnerability. ClickHouse MySQL client before versions 1.1.54390 had LOAD DATA LOCAL INFILE functionality enabled that allowed a malicious MySQL database read arbitra...
ClickHouse < 19.14
The version of ClickHouse installed on the remote host is prior to 19.14. It is, therefore, affected by a remote code execution vulnerability. In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via...
ClickHouse < 18.10.3
The version of ClickHouse installed on the remote host is prior to 18.10.3. It is, therefore, affected by a remote code execution vulnerability. In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability...
ClickHouse < 1.1.54131
The version of ClickHouse installed on the remote host is prior to 1.1.54131. It is, therefore, affected by an access control vulnerability. An Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. Note that Nessus has not tested for...
ClickHouse < 1.1.54388
The version of ClickHouse installed on the remote host is prior to 1.1.54388. It is, therefore, affected by a Cross Protocol Request Forgery vulnerability. In ClickHouse before 1.1.54388, remote table function allowed arbitrary symbols in user, password and defaultdatabase fields which led to Cro...
ClickHouse < 18.12.13
The version of ClickHouse installed on the remote host is prior to 18.12.13. It is, therefore, affected by an arbitrary file read vulnerability, In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. Note tha...
ClickHouse Detection
Binary data clickhousewebdetect.nbin...
CVE-2022-39267
Bifrost is a heterogeneous middleware that synchronizes MySQL, MariaDB to Redis, MongoDB, ClickHouse, MySQL and other services for production environments. Versions prior to 1.8.8-release are subject to authentication bypass in the admin and monitor user groups by deleting the X-Requested-With:...
CVE-2024-6873
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time o...
CVE-2024-31441
DataEase is an open source data visualization analysis tool. Due to the lack of restrictions on the connection parameters for the ClickHouse data source, it is possible to exploit certain malicious parameters to achieve arbitrary file reading. The vulnerability has been fixed in v1.18.19...
DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked
Buzzy Chinese artificial intelligence AI startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data. The ClickHouse database "allows full control over...
Fixed in ClickHouse v25.1.5.5, 2025-01-05
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
CVE-2025-1385
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined with the ClickHouse table engine functionality that permits...
aglow (>=0.1.0rc3 <=0.1.0rc4), ai-flow (>=0.1.0 <=0.3.1) +5 more potentially affected by CVE-2024-50378 via apache-airflow (>=2.0.0 <=2.0.2)
apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.3.12, =11.8.0, =13.7.0 - gps-building-blocks =1.2.2 - neuro-airflow-plugin =0.0.1 Source cves: CVE-2024-50378 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-8366329...
CVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...
DEBIAN-CVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...
CVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...
UBUNTU-CVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...
CVE-2024-41436
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl...
ClickHouse 安全漏洞
ClickHouse is a ClickHouse open source one of the fastest and most resource efficient open source databases for real-time applications and analytics. A security vulnerability exists in ClickHouse version v24.3.3.102, which stems from a buffer overflow issue in the DB::evaluateConstantExpressionIm...