Vulnerabilities > Yahoo > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-03 | CVE-2013-2316 | Address Bar Spoofing vulnerability in Yahoo! Browser for Android The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307. network yahoo | 5.8 |
2013-04-26 | CVE-2013-2307 | Address Bar Spoofing vulnerability in Yahoo Yahoo! Browser 1.2.0/1.4.2 The Yahoo! Browser application before 1.4.3 for Android allows remote attackers to spoof the address bar via a crafted web site. network yahoo | 5.8 |
2012-11-16 | CVE-2012-5883 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.9.0, as used in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore.swf, a similar issue to CVE-2010-4209. | 4.3 |
2012-11-16 | CVE-2012-5882 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208. | 4.3 |
2012-11-16 | CVE-2012-5881 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to charts.swf, a similar issue to CVE-2010-4207. | 4.3 |
2012-07-31 | CVE-2012-2647 | Information Exposure vulnerability in Yahoo Toolbar 1.0.0.5 Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote attackers to modify the configured search URL, and intercept search terms, via a crafted web page. | 5.8 |
2012-07-16 | CVE-2012-2645 | Information Exposure vulnerability in Yahoo Yahoo! Browser 1.2.0 The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2012-01-19 | CVE-2012-0268 | Numeric Errors vulnerability in Yahoo Messenger Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. | 5.1 |
2011-01-28 | CVE-2010-4710 | Cross-Site Scripting vulnerability in Yahoo YUI Cross-site scripting (XSS) vulnerability in the addItem method in the Menu widget in YUI before 2.9.0 allows remote attackers to inject arbitrary web script or HTML via a field that is added to a menu, related to documentation that specifies this field as a text field rather than an HTML field, a similar issue to CVE-2010-4569 and CVE-2010-4570. | 4.3 |
2010-11-07 | CVE-2010-4209 | Cross-Site Scripting vulnerability in Yahoo YUI 2.8.0/2.8.1 Cross-site scripting (XSS) vulnerability in the Flash component infrastructure in YUI 2.8.0 through 2.8.1, as used in Bugzilla 3.7.1 through 3.7.3 and 4.1, allows remote attackers to inject arbitrary web script or HTML via vectors related to swfstore/swfstore.swf. | 4.3 |