CVE-2020-26759

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow...

Mymarilyn Clickhouse Driver Security Vulnerability

Mymarilyn Clickhouse Driver is a software from the Russian company Mymarilyn for supporting Python communication with ClickHouse servers. A security vulnerability exists in clickhouse-driver versions prior to 0.1.5, which is caused by a buffer overflow that triggers a crash or execution of...

PT-2021-11268 · Unknown +1 · Clickhouse-Driver +1

Name of the Vulnerable Software and Affected Versions: clickhouse-driver versions prior to 0.1.5 Description: The issue allows a malicious clickhouse server to trigger a crash or execute arbitrary code on a database client via a crafted server response, due to a buffer overflow. Recommendations:...

Mail.ru: SQL injection delivery-club.ru (ClickHouse)

Some requests to clickhouse in delivery-club.ru were externally available potentially allowing SQL-like requests execution...

ClickHouse has an unauthorized access vulnerability

ClickHouse is an open source columnar database. ClickHouse has an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...

Unspecified Vulnerability in Yandex ClickHouse

Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. A security vulnerability exists in Yandex ClickHouse versions prior to 19.14. An attacker can exploit the vulnerability to execute code or cause a denial of service...

Yandex ClickHouse Arbitrary File Write Vulnerability

Yandex ClickHouse is a set of open source columnar databases for online analytical processing of the Russian company Yandex. A security vulnerability exists in Yandex ClickHouse versions prior to 19.14.3. An attacker can exploit this vulnerability to cause clickhouse-server to perform a write...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

CVE-2019-15024

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

CVE-2019-15024

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

Integer overflow

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

Design/Logic Flaw

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

CVE-2019-15024

CVE-2019-15024 affects ClickHouse before 19.14.3. An attacker with write access to ZooKeeper who can run a network-accessible custom server can register a malicious replica in ZooKeeper. When another replica fetches a data part from this server, clickhouse-server can be forced to write to an arbi...

CVE-2019-15024

In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper. When...

CVE-2019-16535

In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol...

CVE-2019-16535

ClickHouse vulnerability CVE-2019-16535 affects all versions before 19.14. The root cause is an out-of-bounds read/write and an integer underflow in decompression algorithms used by the native protocol, which can lead to remote code execution or denial of service via the native protocol. Affected...

Fedora 30 : rsyslog (2019-1fb95ae48d)

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...

Fedora 31 : rsyslog (2019-ea7d5876a4)

rebase to upstream version 8.1911.0 ------------------------------------------------- new modules available : - ClickHouse output - generic REST API http output - docker API input - misc. external program input takes output of specified binary as log source Note that Tenable Network Security has...

PT-2019-14693 · Yandex +1 · Clickhouse +1

Name of the Vulnerable Software and Affected Versions: ClickHouse versions prior to 19.14 Description: The issue concerns an out-of-bounds OOB read, OOB write, and integer underflow in decompression algorithms. This can be exploited to achieve remote code execution RCE or cause a denial of servic...