Vulnerabilities > Yandex > Clickhouse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2018-14672 | Path Traversal vulnerability in Yandex Clickhouse In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | 5.0 |
| 2019-08-15 | CVE-2018-14671 | Improper Input Validation vulnerability in Yandex Clickhouse In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | 7.5 |
| 2019-08-15 | CVE-2018-14670 | Improper Authorization vulnerability in Yandex Clickhouse Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. | 7.5 |
| 2019-08-15 | CVE-2018-14669 | Information Exposure vulnerability in Yandex Clickhouse ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | 5.0 |
| 2019-08-15 | CVE-2018-14668 | Cross-Site Request Forgery (CSRF) vulnerability in Yandex Clickhouse In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | 6.8 |