Vulnerabilities > Yandex > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-09 CVE-2023-29751 Unspecified vulnerability in Yandex Navigator 6.60
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
local
low complexity
yandex
5.5
2022-03-14 CVE-2021-42389 Divide By Zero vulnerability in Yandex Clickhouse
Divide-by-zero in Clickhouse's Delta compression codec when parsing a malicious query.
network
low complexity
yandex CWE-369
4.0
2022-03-14 CVE-2021-42390 Divide By Zero vulnerability in Yandex Clickhouse
Divide-by-zero in Clickhouse's DeltaDouble compression codec when parsing a malicious query.
network
low complexity
yandex CWE-369
4.0
2022-03-14 CVE-2021-42391 Divide By Zero vulnerability in Yandex Clickhouse
Divide-by-zero in Clickhouse's Gorilla compression codec when parsing a malicious query.
network
low complexity
yandex CWE-369
5.0
2021-09-13 CVE-2020-27970 Authentication Bypass by Spoofing vulnerability in Yandex Browser
Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar
network
low complexity
yandex CWE-290
5.0
2021-08-02 CVE-2021-24428 Cross-site Scripting vulnerability in Yandex Turbo
The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed.
network
low complexity
yandex CWE-79
4.8
2020-10-20 CVE-2020-7369 Missing Authentication for Critical Function vulnerability in Yandex Browser
User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.
network
yandex CWE-306
4.3
2019-12-30 CVE-2019-15024 Unspecified vulnerability in Yandex Clickhouse
In all versions of ClickHouse before 19.14.3, an attacker having write access to ZooKeeper and who is able to run a custom server available from the network where ClickHouse runs, can create a custom-built malicious server that will act as a ClickHouse replica and register it in ZooKeeper.
network
low complexity
yandex
4.0
2019-10-31 CVE-2019-18657 Injection vulnerability in Yandex Clickhouse
ClickHouse before 19.13.5.44 allows HTTP header injection via the url table function.
network
low complexity
yandex CWE-74
5.0
2019-08-15 CVE-2018-14672 Path Traversal vulnerability in Yandex Clickhouse
In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.
network
low complexity
yandex CWE-22
5.0