Vulnerabilities > Yandex > Clickhouse > 18.6.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2018-14672 | Path Traversal vulnerability in Yandex Clickhouse In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | 5.3 |
| 2019-08-15 | CVE-2018-14671 | Improper Input Validation vulnerability in Yandex Clickhouse In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | 9.8 |