Vulnerabilities > Yandex > Yandex Browser > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-03 CVE-2024-6473 Untrusted Search Path vulnerability in Yandex Browser
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used.
local
low complexity
yandex CWE-426
7.8
2022-06-15 CVE-2021-25261 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.8
2022-06-15 CVE-2022-28225 Link Following vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.
local
low complexity
yandex CWE-59
7.8
2022-06-15 CVE-2022-28226 Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.
local
low complexity
yandex CWE-668
7.8
2021-09-13 CVE-2020-27969 Origin Validation Error vulnerability in Yandex Browser
Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing
network
low complexity
yandex CWE-346
7.3
2021-08-17 CVE-2021-25263 Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser
Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process.
local
low complexity
yandex CWE-732
7.8
2018-01-19 CVE-2017-7327 Untrusted Search Path vulnerability in Yandex Browser
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
local
low complexity
yandex CWE-426
7.8
2018-01-19 CVE-2017-7326 Race Condition vulnerability in Yandex Browser
Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page
network
high complexity
yandex CWE-362
7.5
2018-01-19 CVE-2017-7325 Improper Input Validation vulnerability in Yandex Browser
Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open.
network
low complexity
yandex CWE-20
7.5
2016-10-26 CVE-2016-8503 7PK - Security Features vulnerability in Yandex Browser 16.7.0.3342/16.7.1.20808/16.9.1.1131
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
network
low complexity
yandex CWE-254
7.3