Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-18657
ClickHouse prior to 19.13.5.44 allows HTTP header injection via the url table function.
Yandex Clickhouse
6.8
CVSSv2
CVE-2018-14668
In ClickHouse prior to 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
Yandex Clickhouse
5
CVSSv2
CVE-2018-14669
ClickHouse MySQL client prior to 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Yandex Clickhouse
7.5
CVSSv2
CVE-2018-14670
Incorrect configuration in deb package in ClickHouse prior to 1.1.54131 could lead to unauthorized use of the database.
Yandex Clickhouse
7.5
CVSSv2
CVE-2018-14671
In ClickHouse prior to 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Yandex Clickhouse
5
CVSSv2
CVE-2018-14672
In ClickHouse prior to 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
Yandex Clickhouse
4
CVSSv2
CVE-2019-15024
In all versions of ClickHouse prior to 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it i...
Yandex Clickhouse
4.3
CVSSv2
CVE-2016-8505
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions prior to 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
Yandex Yandex.browser
4.3
CVSSv2
CVE-2007-3485
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote malicious users to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
Yandex Yandex.server
4
CVSSv2
CVE-2021-42389
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »