Vulnerabilities > Yandex > Clickhouse > Critical

DATE CVE VULNERABILITY TITLE RISK
2019-12-30 CVE-2019-16535 Integer Underflow (Wrap or Wraparound) vulnerability in Yandex Clickhouse
In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
network
low complexity
yandex CWE-191
critical
9.8
2019-08-15 CVE-2018-14670 Improper Authorization vulnerability in Yandex Clickhouse
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.
network
low complexity
yandex CWE-285
critical
9.8
2019-08-15 CVE-2018-14671 Improper Input Validation vulnerability in Yandex Clickhouse
In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
network
low complexity
yandex CWE-20
critical
9.8