Yandex N.V Yandex Browser For Desktop vulnerabilities
7 known vulnerabilities affecting yandex_n.v/yandex_browser_for_desktop.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2016-8502P3HIGHCVSS 7.3v15.12.0 to 16.2 for Windows and OSx.2016-10-26
CVE-2016-8502 [HIGH] CWE-254 CVE-2016-8502: Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 coul
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
nvd
CVE-2016-8503P3HIGHCVSS 7.3v16.7 to 16.9 for Windows and OSx.2016-10-26
CVE-2016-8503 [HIGH] CWE-254 CVE-2016-8503: Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could b
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
nvd
CVE-2017-7327P4HIGHCVSS 7.8vAll versions prior to version 17.4.12018-01-19
CVE-2017-7327 [HIGH] CWE-426 CVE-2017-7327: Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untr
Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll.
nvd
CVE-2016-8508P4MEDIUMCVSS 6.5vbefore 17.1.1.227 for OSx and Windows2017-03-01
CVE-2016-8508 [MEDIUM] CWE-254 CVE-2016-8508: Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chrom
Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site.
nvd
CVE-2016-8506P4MEDIUMCVSS 6.1v15.12 to 16.2 for OSx and Linux2016-10-26
CVE-2016-8506 [MEDIUM] CWE-79 CVE-2016-8506: XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
nvd
CVE-2016-8505P4MEDIUMCVSS 6.1vbefore 16.6 for OSx and Windows2016-10-26
CVE-2016-8505 [MEDIUM] CWE-79 CVE-2016-8505: XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be us
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
nvd
CVE-2016-8504P4MEDIUMCVSS 4.3vbefore 16.6 for OSx and Windows2016-10-26
CVE-2016-8504 [MEDIUM] CWE-352 CVE-2016-8504: CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remo
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
nvd