Vendor
Yandex
Products
3
CVEs
9
Across products
9
Status
Private
Products
3- 7 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-8503 | Hig | 0.47 | 7.3 | 0.00 | Oct 26, 2016 | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |
| CVE-2016-8502 | Hig | 0.47 | 7.3 | 0.00 | Oct 26, 2016 | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |
| CVE-2016-8508 | Med | 0.42 | 6.5 | 0.00 | Mar 1, 2017 | Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | |
| CVE-2016-8506 | Med | 0.40 | 6.1 | 0.00 | Oct 26, 2016 | XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | |
| CVE-2016-8505 | Med | 0.40 | 6.1 | 0.00 | Oct 26, 2016 | XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | |
| CVE-2016-8501 | Med | 0.34 | 5.3 | 0.00 | Oct 26, 2016 | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |
| CVE-2016-8504 | Med | 0.28 | 4.3 | 0.00 | Oct 26, 2016 | CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | |
| CVE-2012-2941 | 0.03 | — | 0.02 | May 27, 2012 | Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. | ||
| CVE-2007-3485 | 0.00 | — | 0.00 | Jun 28, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. |