CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

525 matches found

ClickHouse•added 2018/07/06 12:0 a.m.•10 views

CVE-2018-14669

ClickHouse MySQL client had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. Andrey Krasichkov and Evgeny Sidorov of Yandex Information Security Team...

7.5CVSS5.5AI score0.01711EPSS

Exploits0

ClickHouse•added 2018/06/28 12:0 a.m.•44 views

Fixed in ClickHouse Release 1.1.54388, 2018-06-28

“remote” table function allowed arbitrary symbols in “user”, “password” and “defaultdatabase” fields which led to Cross Protocol Request Forgery Attacks...

6.8CVSS3.4AI score0.00716EPSS

Exploits0Affected Software1

ClickHouse•added 2018/06/28 12:0 a.m.•22 views

Fixed in ClickHouse Release 1.1.54388, 2018-06-28

"remote" table function allowed arbitrary symbols in "user", "password" and "defaultdatabase" fields which led to Cross Protocol Request Forgery Attacks...

7.2AI score

Exploits0Affected Software1

ClickHouse•added 2017/01/10 12:0 a.m.•19 views

Fixed in ClickHouse Release 1.1.54131, 2017-01-10

Incorrect configuration in deb package could lead to the unauthorized use of the database...

2.1AI score

Exploits0Affected Software1

ClickHouse•added 2017/01/10 12:0 a.m.•27 views

Fixed in ClickHouse Release 1.1.54131, 2017-01-10

Incorrect configuration in deb package could lead to the unauthorized use of the database...

7.5CVSS2.1AI score0.01793EPSS

Exploits0Affected Software1