Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
yandex vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-14672
In ClickHouse prior to 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
Yandex Clickhouse
383
VMScore
CVE-2007-3485
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote malicious users to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
Yandex Yandex.server
445
VMScore
CVE-2021-42391
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
Yandex Clickhouse
605
VMScore
CVE-2018-14668
In ClickHouse prior to 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.
Yandex Clickhouse
445
VMScore
CVE-2018-14669
ClickHouse MySQL client prior to 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.
Yandex Clickhouse
668
VMScore
CVE-2018-14670
Incorrect configuration in deb package in ClickHouse prior to 1.1.54131 could lead to unauthorized use of the database.
Yandex Clickhouse
668
VMScore
CVE-2018-14671
In ClickHouse prior to 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.
Yandex Clickhouse
641
VMScore
CVE-2021-25261
Local privilege vulnerability in Yandex Browser for Windows before 22.5.0.862 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
Yandex Yandex Browser
445
VMScore
CVE-2019-18657
ClickHouse prior to 19.13.5.44 allows HTTP header injection via the url table function.
Yandex Clickhouse
641
VMScore
CVE-2022-28226
Local privilege vulnerability in Yandex Browser for Windows before 22.3.3.801 allows a local, low privileged, malicious user to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser updat...
Yandex Yandex Browser
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »