525 matches found
CVE-2024-22412
When toggling between user roles while using ClickHouse with query cache enabled, there is a risk of obtaining inaccurate data. ClickHouse advises users with vulnerable versions of ClickHouse not to use the query cache when their application dynamically switches between various roles. Fix has bee...
abi-ds-utils (=1.0.1), airflow-add-ons (=0.2.9b1) +14 more potentially affected by CVE-2023-51702 via apache-airflow (>=2.3.2 <=2.5.3)
apache-airflow PYPI version =2.3.2, =0.8.2, =0.1.0, =0.1.20, =2.3.0.dev0, =0.0.37, =0.1.0, =0.1.2, =2.4.3, =0.1.0, =0.10.0.1 and more Source cves: CVE-2023-51702 Source advisory: OSV:GHSA-MG2X-MGGJ-6955...
GHSA-3P77-WG4C-QM24 Duplicate Advisory: Exposure of sensitive information in ClickHouse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8ph-74m6-8m7r. This link is maintained to preserve external references. Original Description Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and...
Duplicate Advisory: Exposure of sensitive information in ClickHouse
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-g8ph-74m6-8m7r. This link is maintained to preserve external references. Original Description Exposure of sensitive information in exceptions in ClickHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and...
CVE-2024-23689
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
CVE-2024-23689
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
Code injection
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
CVE-2024-23689
Summary: CVE-2024-23689 affects ClickHouse Java libraries (clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-client) with versions
CVE-2024-23689 ClickHouse Client Certificate Password Exposure
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
CVE-2024-23689 ClickHouse Client Certificate Password Exposure
Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when...
ClickHouse Security Breach
ClickHouse is ClickHouse's fastest and most resource efficient open source database for real-time applications and analytics. A security vulnerability exists in ClickHouse. An attacker exploited the vulnerability to gain access to client certificate passwords via client-side exception logs...
SUSE CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
UBUNTU-CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
Heap overflow
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704
The CVE-2023-48704 issue affects ClickHouse server and is caused by a heap buffer overflow in the Gorilla codec decompression logic. An unauthenticated attacker can send a crafted payload to the native interface (default port 9000/tcp) to crash the ClickHouse server. Public details in connected s...
CVE-2023-48704 Unauthenticated heap buffer overflow in Gorrila codec decompression
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704 Unauthenticated heap buffer overflow in Gorrila codec decompression
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue was discovered in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by default on...