Vulnerabilities > Yandex
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-15 | CVE-2018-14672 | Path Traversal vulnerability in Yandex Clickhouse In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages. | 5.0 |
| 2019-08-15 | CVE-2018-14671 | Improper Input Validation vulnerability in Yandex Clickhouse In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | 7.5 |
| 2019-08-15 | CVE-2018-14670 | Improper Authorization vulnerability in Yandex Clickhouse Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. | 7.5 |
| 2019-08-15 | CVE-2018-14669 | Information Exposure vulnerability in Yandex Clickhouse ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | 5.0 |
| 2019-08-15 | CVE-2018-14668 | Cross-Site Request Forgery (CSRF) vulnerability in Yandex Clickhouse In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | 6.8 |
| 2018-05-29 | CVE-2016-10666 | Cryptographic Issues vulnerability in Yandex Tomita-Parser 0.0.1/0.0.2/0.0.3 tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 9.3 |
| 2018-01-19 | CVE-2017-7327 | Untrusted Search Path vulnerability in Yandex Browser Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | 6.8 |
| 2018-01-19 | CVE-2017-7326 | Race Condition vulnerability in Yandex Browser Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | 5.1 |
| 2018-01-19 | CVE-2017-7325 | Improper Input Validation vulnerability in Yandex Browser Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | 5.0 |
| 2017-03-01 | CVE-2016-8508 | 7PK - Security Features vulnerability in Yandex Browser Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | 4.3 |