Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2016-8505
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions prior to 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
Yandex Yandex.browser
5
CVSSv2
CVE-2018-14669
ClickHouse MySQL client prior to 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Yandex Clickhouse
NA
CVE-2023-29751
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
Yandex Navigator 6.60
NA
CVE-2023-29749
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
Yandex Navigator 6.60
9.3
CVSSv2
CVE-2016-10666
tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled cop...
Yandex Tomita-parser
4.3
CVSSv2
CVE-2012-2941
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote malicious users to inject arbitrary web script or HTML via the text parameter.
Yandex Yandex.server 2010 9.0
1 EDB exploit
NA
CVE-2023-30473
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <= 3.10.7 versions.
Icopydoc Yml For Yandex Market
3.5
CVSSv2
CVE-2021-24277
The RSS for Yandex Turbo WordPress plugin prior to 1.30 did not properly sanitise the user inputs from its ???????? settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues
Wpuslugi Rss For Yandex Turbo
NA
CVE-2023-46775
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
Zixn Original Texts Yandex Webmaster
6.5
CVSSv2
CVE-2021-43305
Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t...
Yandex Clickhouse
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »