Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
clickhouse clickhouse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-48298
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an integer underflow resulting in crash due to stack buffer overflow in decompression of FPC codec. It can be triggered ...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
7.5
CVSSv3
CVE-2023-48704
ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed by def...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
9.8
CVSSv3
CVE-2023-47118
ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. A heap buffer overflow issue exists in ClickHouse server. An attacker could send a specially crafted payload to the native interface exposed b...
Clickhouse Clickhouse Cloud
Clickhouse Clickhouse
7.5
CVSSv3
CVE-2022-44010
An issue exists in ClickHouse prior to 22.9.1.2603. An attacker could send a crafted HTTP request to the HTTP Endpoint (usually listening on port 8123 by default), causing a heap-based buffer overflow that crashes the process. This does not require authentication. The fixed versi...
Clickhouse Clickhouse
6.5
CVSSv3
CVE-2022-44011
An issue exists in ClickHouse prior to 22.9.1.2603. An authenticated user (with the ability to load data) could cause a heap buffer overflow and crash the server by inserting a malformed CapnProto object. The fixed versions are 22.9.1.2603, 22.8.2.11, 22.7.4.16, 22.6.6.16, and 22...
Clickhouse Clickhouse
9.8
CVSSv3
CVE-2020-26759
clickhouse-driver prior to 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.
Clickhouse-driver Project Clickhouse-driver
6.5
CVSSv3
CVE-2019-15024
In all versions of ClickHouse prior to 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it i...
Yandex Clickhouse
6.5
CVSSv3
CVE-2021-42391
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
5.3
CVSSv3
CVE-2019-18657
ClickHouse prior to 19.13.5.44 allows HTTP header injection via the url table function.
Yandex Clickhouse
7.5
CVSSv3
CVE-2018-14669
ClickHouse MySQL client prior to 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Yandex Clickhouse
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »