Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
clickhouse vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed b...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
7.5
CVSSv3
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by def...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
7.5
CVSSv3
CVE-2023-48298
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered ...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
7.5
CVSSv3
CVE-2022-44010
An issue exists in ClickHouse prior to 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versi...
Clickhouse Clickhouse
6.5
CVSSv3
CVE-2022-44011
An issue exists in ClickHouse prior to 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22...
Clickhouse Clickhouse
9.8
CVSSv3
CVE-2020-26759
clickhouse-driver prior to 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
Clickhouse-driver Project Clickhouse-driver
6.5
CVSSv3
CVE-2021-42389
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
9.8
CVSSv3
CVE-2019-16535
In all versions of ClickHouse prior to 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Yandex Clickhouse
6.5
CVSSv3
CVE-2021-42391
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
8.8
CVSSv3
CVE-2018-14668
In ClickHouse prior to 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
Yandex Clickhouse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »