Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 18 of 18 results


CVE-2021-42388

Medium priority

Some fixes available 1 of 4

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset...

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not affected Fixed
Show less packages

CVE-2021-42387

Medium priority

Some fixes available 1 of 4

Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset...

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not affected Fixed Ignored
Show less packages

CVE-2020-26759

Unknown priority
Ignored

clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow.

1 affected packages

python-clickhouse-driver

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-clickhouse-driver Not affected Not in release Not in release Not in release
Show less packages

CVE-2018-14672

Medium priority
Ignored

In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not in release Not affected Not in release Not in release
Show less packages

CVE-2018-14671

Medium priority
Ignored

In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not in release Not affected Not in release Not in release
Show less packages

CVE-2018-14670

Medium priority
Ignored

Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not in release Not affected Not in release Not in release
Show less packages

CVE-2018-14669

Medium priority
Ignored

ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not in release Not affected Not in release Not in release
Show less packages

CVE-2018-14668

Medium priority
Ignored

In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.

1 affected packages

clickhouse

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clickhouse Not in release Not affected Not in release Not in release
Show less packages