Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-7325
Yandex Browser prior to 16.9.0 allows remote malicious users to spoof the address bar via window.open.
Yandex Yandex Browser
7.8
CVSSv3
CVE-2022-28225
Local privilege vulnerability in Yandex Browser for Windows before 22.3.3.684 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Yandex Yandex Browser
7.8
CVSSv3
CVE-2021-25261
Local privilege vulnerability in Yandex Browser for Windows before 22.5.0.862 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Yandex Yandex Browser
7.5
CVSSv3
CVE-2017-7326
Race condition issue in Yandex Browser for Android prior to 17.4.0.16 allowed a remote malicious user to potentially exploit memory corruption via a crafted HTML page
Yandex Yandex Browser
7.8
CVSSv3
CVE-2021-25263
Local privilege vulnerability in Yandex Browser for Windows before 21.9.0.390 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process.
Yandex Yandex Browser
4.3
CVSSv3
CVE-2016-8504
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote malicious user to steal saved data in browser profile.
Yandex Yandex Browser
6.5
CVSSv3
CVE-2016-8507
Yandex Browser for iOS prior to 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote malicious users to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site.
Yandex Yandex Browser
4.3
CVSSv3
CVE-2020-7369
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an malicious user to obfuscate the true source of data as presented in the browser. This issue affects the Yandex Browser version 20.8.3 and prior versions,...
Yandex Yandex Browser
1 Article
NA
CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x prior to 6.x-1.6 and 7.x-1.x prior to 7.x-1.5 for Drupal allows remote malicious users to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data.
Yandex.metrics Project Yandex Metrics 7.x-1.0
Yandex.metrics Project Yandex Metrics 7.x-1.1
Yandex.metrics Project Yandex Metrics 7.x-1.2
Yandex.metrics Project Yandex Metrics 7.x-1.3
Yandex.metrics Project Yandex Metrics 7.x-1.4
Yandex.metrics Project Yandex Metrics 7.x-1.x
Yandex.metrics Project Yandex Metrics 6.x-1.0
Yandex.metrics Project Yandex Metrics 6.x-1.1
Yandex.metrics Project Yandex Metrics 6.x-1.2
Yandex.metrics Project Yandex Metrics 6.x-1.3
Yandex.metrics Project Yandex Metrics 6.x-1.4
Yandex.metrics Project Yandex Metrics 6.x-1.5
Yandex.metrics Project Yandex Metrics 6.x-1.x
4.8
CVSSv3
CVE-2023-34173
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alexander Semikashev Yandex Metrica Counter plugin <= 1.4.3 versions.
Yandex Metrica Counter Project Yandex Metric Counter
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »