RSS   Vulnerabilities for 'Clickhouse'   RSS

2019-08-15
 
CVE-2018-14672

CWE-22
 

 
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

 
 
CVE-2018-14671

CWE-20
 

 
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

 
 
CVE-2018-14670

CWE-285
 

 
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

 
 
CVE-2018-14669

CWE-200
 

 
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

 
 
CVE-2018-14668

CWE-352
 

 
In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

 

 >>> Vendor: Yandex 6 Products
Yandex.server
Yandex.server 2010
Yandex browser
Yandex.browser
Tomita-parser
Clickhouse


Copyright 2019, cxsecurity.com

 

Back to Top