Vulnerabilities > Yandex

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-6473 Untrusted Search Path vulnerability in Yandex Browser
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
local
low complexity
yandex CWE-426
7.8
2023-06-09 CVE-2023-29751 Unspecified vulnerability in Yandex Navigator 6.60
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
local
low complexity
yandex
5.5
2023-06-09 CVE-2023-29749 Unspecified vulnerability in Yandex Navigator 6.60
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
local
low complexity
yandex
7.8
2022-06-15 CVE-2021-25261 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.8
2022-06-15 CVE-2022-28225 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.8
2022-06-15 CVE-2022-28226 Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
local
low complexity
yandex CWE-668
7.8
2022-03-14 CVE-2021-42387 Out-of-bounds Read vulnerability in multiple products
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query.
network
low complexity
yandex debian CWE-125
8.1
2022-03-14 CVE-2021-42388 Out-of-bounds Read vulnerability in multiple products
Heap out-of-bounds read in Clickhouse's LZ4 compression codec when parsing a malicious query.
network
low complexity
yandex debian CWE-125
8.1
2022-03-14 CVE-2021-42389 Divide By Zero vulnerability in Yandex Clickhouse
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query.
network
low complexity
yandex CWE-369
6.5
2022-03-14 CVE-2021-42390 Divide By Zero vulnerability in Yandex Clickhouse
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query.
network
low complexity
yandex CWE-369
6.5