Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Gurunavi by Gurunavi, Inc.

    JVNDB-2021-000031

    Vulnerability from jvndb - Published: 2021-04-14 17:22 - Updated:2023-03-08 17:02
    Severity
    Summary
    Gurunavi Apps fail to restrict access permissions
    Details
    Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme. This function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access. Ryo Sato of BroadBand Security,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
      "dc:date": "2023-03-08T17:02+09:00",
      "dcterms:issued": "2021-04-14T17:22+09:00",
      "dcterms:modified": "2023-03-08T17:02+09:00",
      "description": "Gurunavi Apps provided by Gurunavi, Inc. implement the function to access a requested URL using Custom URL Scheme.\r\nThis function contains an improper access control vulnerability (CWE-284) that may allow the vulnerable App to receive an request from an arbitrary App and execute an access.\r\n\r\nRyo Sato of BroadBand Security,Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-000031.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:gurunavi:gournavi",
          "@product": "Gurunavi",
          "@vendor": "Gurunavi, Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:gurunavi:gournavi",
          "@product": "Gurunavi",
          "@vendor": "Gurunavi, Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "4.3",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "@version": "2.0"
        },
        {
          "@score": "3.3",
          "@severity": "Low",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2021-000031",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN54025691/index.html",
          "@id": "JVN#54025691",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20693",
          "@id": "CVE-2021-20693",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2021-20693",
          "@id": "CVE-2021-20693",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Gurunavi Apps fail to restrict access permissions"
    }

    JVNDB-2015-000181

    Vulnerability from jvndb - Published: 2015-11-17 14:21 - Updated:2018-03-07 12:17
    Severity
    N/A (UNKNOWN) - -
    Summary
    Gurunavi App for iOS fails to verify SSL server certificates
    Details
    Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates. AOKI Keiichi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
      "dc:date": "2018-03-07T12:17+09:00",
      "dcterms:issued": "2015-11-17T14:21+09:00",
      "dcterms:modified": "2018-03-07T12:17+09:00",
      "description": "Gurunavi App for iOS provided by Gurunavi, Inc. fails to verify SSL server certificates.\r\n\r\nAOKI Keiichi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000181.html",
      "sec:cpe": {
        "#text": "cpe:/a:gurunavi:gournavi",
        "@product": "Gurunavi",
        "@vendor": "Gurunavi, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "4.0",
        "@severity": "Medium",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2015-000181",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN29141986/index.html",
          "@id": "JVN#29141986",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7778",
          "@id": "CVE-2015-7778",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2015-7778",
          "@id": "CVE-2015-7778",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Gurunavi App for iOS fails to verify SSL server certificates"
    }