Vulnerabilities > Yahoo

DATE CVE VULNERABILITY TITLE RISK
2019-12-26 CVE-2019-6035 Open Redirect vulnerability in Yahoo Athenz
Open redirect vulnerability in Athenz v1.8.24 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted page.
network
yahoo CWE-601
5.8
2017-07-17 CVE-2017-2253 Untrusted Search Path vulnerability in Yahoo Toolbar
Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
network
yahoo CWE-426
critical
9.3
2015-09-11 CVE-2014-7216 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Yahoo Messenger
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
network
yahoo CWE-119
critical
9.3
2014-09-11 CVE-2014-5881 Cryptographic Issues vulnerability in Yahoo Ybox 1.5.1
The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
5.4
2014-01-26 CVE-2013-6853 Cross-Site Scripting vulnerability in Yahoo Toolbar 2.5.9.2013418100420/3.1.0.20130813024103
Cross-site scripting (XSS) vulnerability in clickstream.js in Y! Toolbar plugin for FireFox 3.1.0.20130813024103 for Mac, and 2.5.9.2013418100420 for Windows, allows remote attackers to inject arbitrary web script or HTML via a crafted URL that is stored by the victim.
4.3
2013-11-13 CVE-2013-6780 Cross-Site Scripting vulnerability in Yahoo YUI
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via the allowedDomain parameter.
network
yahoo CWE-79
4.3
2013-08-21 CVE-2013-4700 Cryptographic Issues vulnerability in Yahoo Japan Shopping 1.4
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
yahoo CWE-310
5.8
2013-08-21 CVE-2013-4699 Cryptographic Issues vulnerability in Yahoo Yafuoku! 4.3.0
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
network
yahoo CWE-310
5.8
2013-07-29 CVE-2013-4942 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in flashuploader.swf in the Uploader component in Yahoo! YUI 3.5.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
network
moodle yahoo CWE-79
4.3
2013-07-29 CVE-2013-4941 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL.
network
moodle yahoo CWE-79
4.3