Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2021-25261
Local privilege vulnerability in Yandex Browser for Windows before 22.5.0.862 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Yandex Yandex Browser
4
CVSSv2
CVE-2019-15024
In all versions of ClickHouse prior to 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it i...
Yandex Clickhouse
9.3
CVSSv2
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled cop...
Yandex Tomita-parser
NA
CVE-2023-29749
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Yandex Navigator 6.60
NA
CVE-2023-29751
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
Yandex Navigator 6.60
4.3
CVSSv2
CVE-2012-2941
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote malicious users to inject arbitrary web script or HTML via the text parameter.
Yandex Yandex.server 2010 9.0
1 EDB exploit
3.5
CVSSv2
CVE-2021-24277
The RSS for Yandex Turbo WordPress plugin prior to 1.30 did not properly sanitise the user inputs from its ???????? settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
Wpuslugi Rss For Yandex Turbo
NA
CVE-2023-30473
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <= 3.10.7 versions.
Icopydoc Yml For Yandex Market
NA
CVE-2023-46775
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
Zixn Original Texts Yandex Webmaster
6.5
CVSSv2
CVE-2021-43305
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t...
Yandex Clickhouse
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »