Vulnerabilities > Yandex > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-17 | CVE-2021-25263 | Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. | 7.8 |
| 2019-08-15 | CVE-2018-14669 | Information Exposure vulnerability in Yandex Clickhouse ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. | 7.5 |
| 2019-08-15 | CVE-2018-14668 | Cross-Site Request Forgery (CSRF) vulnerability in Yandex Clickhouse In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks. | 8.8 |
| 2018-05-29 | CVE-2016-10666 | Cryptographic Issues vulnerability in Yandex Tomita-Parser 0.0.1/0.0.2/0.0.3 tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 8.1 |
| 2018-01-19 | CVE-2017-7327 | Untrusted Search Path vulnerability in Yandex Browser Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | 7.8 |
| 2018-01-19 | CVE-2017-7326 | Race Condition vulnerability in Yandex Browser Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | 7.5 |
| 2018-01-19 | CVE-2017-7325 | Improper Input Validation vulnerability in Yandex Browser Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | 7.5 |
| 2016-10-26 | CVE-2016-8503 | 7PK - Security Features vulnerability in Yandex Browser 16.7.0.3342/16.7.1.20808/16.9.1.1131 Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | 7.3 |
| 2016-10-26 | CVE-2016-8502 | 7PK - Security Features vulnerability in Yandex Browser 15.12.0.6151/15.12.1.6475/16.2.0.3539 Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | 7.3 |