Vulnerabilities > Yandex > Yandex Browser > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-6473 | Untrusted Search Path vulnerability in Yandex Browser Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. | 7.8 |
| 2022-06-15 | CVE-2021-25261 | Link Following vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.8 |
| 2022-06-15 | CVE-2022-28225 | Link Following vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.8 |
| 2022-06-15 | CVE-2022-28226 | Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | 7.8 |
| 2021-09-13 | CVE-2020-27969 | Origin Validation Error vulnerability in Yandex Browser Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing | 7.3 |
| 2021-08-17 | CVE-2021-25263 | Incorrect Permission Assignment for Critical Resource vulnerability in Yandex Browser Local privilege vulnerability in Yandex Browser for Windows prior to 21.9.0.390 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating files in directory with insecure permissions during Yandex Browser update process. | 7.8 |
| 2018-01-19 | CVE-2017-7327 | Untrusted Search Path vulnerability in Yandex Browser Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | 7.8 |
| 2018-01-19 | CVE-2017-7326 | Race Condition vulnerability in Yandex Browser Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page | 7.5 |
| 2018-01-19 | CVE-2017-7325 | Improper Input Validation vulnerability in Yandex Browser Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | 7.5 |
| 2016-10-26 | CVE-2016-8503 | 7PK - Security Features vulnerability in Yandex Browser 16.7.0.3342/16.7.1.20808/16.9.1.1131 Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | 7.3 |