525 matches found
Heap overflow
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...
ClickHouse Security Breach
ClickHouse is ClickHouse's fastest and most resource-efficient open source database for real-time applications and analytics. A security vulnerability exists in versions prior to ClickHouse 22.9.1.2603. An attacker exploited the vulnerability to cause a process crash...
CVE-2022-44011
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...
CVE-2022-44010
An issue was discovered in ClickHouse before 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint usually listening on port 8123 by default, causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versions are...
CVE-2022-44011
Summary (CVE-2022-44011) : An issue in ClickHouse allows an authenticated user (with the ability to load data) to trigger a heap buffer overflow and crash the server by inserting a malformed CapnProto object. This affects multiple branches/versions prior to the fixes and is mitigated by upgrading...
CVE-2022-44010
CVE-2022-44010 affects ClickHouse prior to 22.9.1.2603. A crafted HTTP request to the HTTP Endpoint (default port 8123) can cause a heap-based buffer overflow, crashing the process without authentication. Fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19. Public expl...
ClickHouse Security Breach
ClickHouse is ClickHouse's fastest and most resource-efficient open source database for real-time applications and analytics. A security vulnerability exists in versions prior to ClickHouse 22.9.1.2603. An attacker exploited the vulnerability to cause the server to crash...
CVE-2022-44011
An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated user with the ability to load data could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22.3.12.19...
airflow-clickhouse-plugin (>=0.10.0 <=0.10.1), airflow-provider-ibm-db2 (=0.1.2) +4 more potentially affected by CVE-2023-35005 via apache-airflow (>=2.5.0 <=2.5.3)
apache-airflow PYPI version =2.5.0, =0.10.0, =2.3.0.dev0, =0.0.37, =0.1.2, =0.2.0, =0.2.1 Source cves: CVE-2023-35005 Source advisory: OSV:GHSA-MJFF-WV85-HMCJ...
Password Disclosure
clickhouse-client is vulnerable to Password Disclosure. The vulnerability exists when client certificate authentication is enabled with password protection in the library, leading to password disclosure in client exception messages, such as the handling of ClickHouseException or SQLException...
com.adform:stream-loader-clickhouse_2.13 (>=0.2.5 <=0.2.12), com.clickhouse:clickhouse-benchmark (>=0.3.2 <=0.3.2-test3) +30 more potentially affected by CVE-2024-23689 via com.clickhouse:clickhouse-jdbc (>=0.3.2-patch1 <=0.4.5)
com.clickhouse:clickhouse-jdbc MAVEN version =0.3.2-patch1, =0.2.5, =0.3.2, =0.0.1.2023070401.Alpha, =0.0.1.2023070401.Alpha, =0.0.1.2023061901.Alpha, =0.0.1.2023052301.Alpha, =4.0.0, =4.1.0, =4.1.1, =1.0-ds, =1.0.0.20221015, =1.6.0, =1.9.0 - io.github.artjourney:janusgraph-clickhouse =0.1.0 and...
cn.jrack:jrack-metadata-clickhouse (>=1.0.0 <=1.0.10), cn.jrack:jrack-test (>=1.0.0 <=1.0.10) +46 more potentially affected by CVE-2024-23689 via com.clickhouse:clickhouse-client (>=0.3.2-patch1 <=0.4.5)
com.clickhouse:clickhouse-client MAVEN version =0.3.2-patch1, =1.0.0, =1.0.0, =0.2.6, =2.10.6.9, =0.3.2, =0.3.2-patch11, =0.3.2, =0.3.2, =0.3.2, =0.3.2, =2.0.0, =0.0.1, =0.0.2 and more Source cves: CVE-2024-23689 Source advisory: OSV:GHSA-G8PH-74M6-8M7R...
com.github.goodforgod:micronaut-clickhouse (=5.0.0) potentially affected by CVE-2024-23689 via com.clickhouse:clickhouse-r2dbc (=0.4.4)
com.clickhouse:clickhouse-r2dbc MAVEN version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on com.clickhouse:clickhouse-r2dbc and may be impacted: - com.github.goodforgod:micronaut-clickhouse =5.0.0 Source cves: CVE-2024-23689 Source advisory:...
GHSA-G8PH-74M6-8M7R ClickHouse vulnerable to client certificate password exposure in client exception
Summary As initially reported in issue 1331, when client certificate authentication is enabled with password protection, the password referred to as the client option sslkey may be exposed in client exceptions e.g., ClickHouseException or SQLException. This vulnerability can potentially lead to...
ClickHouse vulnerable to client certificate password exposure in client exception
Summary As initially reported in issue 1331, when client certificate authentication is enabled with password protection, the password referred to as the client option sslkey may be exposed in client exceptions e.g., ClickHouseException or SQLException. This vulnerability can potentially lead to...
PT-2023-32950 · Clickhouse · Clickhouse-R2Dbc +2
Name of the Vulnerable Software and Affected Versions: clickhouse-r2dbc versions less than 0.4.6 com.clickhouse:clickhouse-jdbc versions less than 0.4.6 com.clickhouse:clickhouse-client versions less than 0.4.6 Description: The issue allows unauthorized users to gain access to client certificate...
CVE-2023-30553
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
Sql injection
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
CVE-2023-30553 Multiple SQL injections in sql_api/api_workflow.py endpoint in Archery - GHSL-2022-102
Archery is an open source SQL audit platform. The Archery project contains multiple SQL injection vulnerabilities, that may allow an attacker to query the connected databases. Affected versions are subject to multiple SQL injections in the sqlapi/apiworkflow.py endpoint ExecuteCheck. User input...
PT-2023-22780 · Archery · Archery
Name of the Vulnerable Software and Affected Versions: Archery affected versions not specified Description: The Archery project contains multiple SQL injection vulnerabilities that may allow an attacker to query the connected databases. User input coming from the db name parameter value and the...