VYPR

Clickhouse

by Clickhouse

Source repositories

CVEs (25)

  • CVE-2018-14672Aug 15, 2019
    risk 0.00cvss epss 0.02

    In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

  • CVE-2018-14671Aug 15, 2019
    risk 0.00cvss epss 0.03

    In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

  • CVE-2018-14669Aug 15, 2019
    risk 0.00cvss epss 0.02

    ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

  • CVE-2018-14668Aug 15, 2019
    risk 0.00cvss epss 0.01

    In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

  • CVE-2018-14670Aug 15, 2019
    risk 0.00cvss epss 0.02

    Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

Page 2 of 2