Vulnerabilities > Yandex > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-17 | CVE-2021-25263 | Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. | 7.8 |
2019-12-30 | CVE-2019-16535 | Integer Underflow (Wrap or Wraparound) vulnerability in Yandex Clickhouse In all versions of ClickHouse before 19.14, an OOB read, OOB write and integer underflow in decompression algorithms can be used to achieve RCE or DoS via native protocol. | 7.5 |
2019-08-15 | CVE-2018-14671 | Improper Input Validation vulnerability in Yandex Clickhouse In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability. | 7.5 |
2019-08-15 | CVE-2018-14670 | Improper Authorization vulnerability in Yandex Clickhouse Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database. | 7.5 |