Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-14671
In ClickHouse prior to 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Yandex Clickhouse
5.3
CVSSv3
CVE-2018-14672
In ClickHouse prior to 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
Yandex Clickhouse
6.1
CVSSv3
CVE-2016-8505
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions prior to 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
Yandex Yandex.browser
6.5
CVSSv3
CVE-2021-42389
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
6.5
CVSSv3
CVE-2021-42390
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
6.5
CVSSv3
CVE-2021-42391
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
5.3
CVSSv3
CVE-2019-18657
ClickHouse prior to 19.13.5.44 allows HTTP header injection via the url table function.
Yandex Clickhouse
6.5
CVSSv3
CVE-2019-15024
In all versions of ClickHouse prior to 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it i...
Yandex Clickhouse
9.8
CVSSv3
CVE-2019-16535
In all versions of ClickHouse prior to 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol.
Yandex Clickhouse
7.8
CVSSv3
CVE-2021-25261
Local privilege vulnerability in Yandex Browser for Windows before 22.5.0.862 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Yandex Yandex Browser
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »