Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2021-42390
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
6.5
CVSSv3
CVE-2021-42391
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
7.8
CVSSv3
CVE-2023-29749
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Yandex Navigator 6.60
5.5
CVSSv3
CVE-2023-29751
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
Yandex Navigator 6.60
8.1
CVSSv3
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled cop...
Yandex Tomita-parser
NA
CVE-2012-2941
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote malicious users to inject arbitrary web script or HTML via the text parameter.
Yandex Yandex.server 2010 9.0
1 EDB exploit
5.4
CVSSv3
CVE-2021-24277
The RSS for Yandex Turbo WordPress plugin prior to 1.30 did not properly sanitise the user inputs from its ???????? settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
Wpuslugi Rss For Yandex Turbo
6.1
CVSSv3
CVE-2023-30473
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <= 3.10.7 versions.
Icopydoc Yml For Yandex Market
8.8
CVSSv3
CVE-2023-46775
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
Zixn Original Texts Yandex Webmaster
8.8
CVSSv3
CVE-2021-43304
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t...
Yandex Clickhouse
Debian Debian Linux 10.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »