Filtered by vendor Yandex
Subscriptions
Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-8506 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | ||||
| CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | ||||
| CVE-2016-8503 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | ||||
| CVE-2016-8504 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | ||||
| CVE-2016-8505 | 1 Yandex | 1 Yandex.browser | 2025-04-12 | N/A |
| XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | ||||
| CVE-2016-8501 | 1 Yandex | 1 Yandex Browser | 2025-04-12 | N/A |
| Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | ||||
| CVE-2012-2941 | 1 Yandex | 1 Yandex.server 2010 | 2025-04-11 | N/A |
| Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||||
| CVE-2007-3485 | 1 Yandex | 1 Yandex.server | 2025-04-09 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. | ||||
| CVE-2023-29751 | 1 Yandex | 1 Navigator | 2025-01-06 | 5.5 Medium |
| An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files. | ||||
| CVE-2023-29749 | 1 Yandex | 1 Navigator | 2025-01-06 | 7.8 High |
| An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. | ||||
| CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||
| CVE-2022-28225 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | ||||
| CVE-2021-43305 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. | ||||
| CVE-2021-43304 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Clickhouse's LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. | ||||
| CVE-2021-42391 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 6.5 Medium |
| Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | ||||
| CVE-2021-42390 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 6.5 Medium |
| Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | ||||
| CVE-2021-42389 | 1 Yandex | 1 Clickhouse | 2024-11-21 | 6.5 Medium |
| Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | ||||
| CVE-2021-42388 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2024-11-21 | 8.1 High |
| Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation. | ||||
| CVE-2021-42387 | 2 Debian, Yandex | 2 Debian Linux, Clickhouse | 2024-11-21 | 8.1 High |
| Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value ('offset') is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. | ||||
| CVE-2021-25263 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. | ||||