Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Simeji by Baidu, Inc.

    JVNDB-2017-000120

    Vulnerability from jvndb - Published: 2017-06-21 18:15 - Updated:2017-06-21 18:15
    Severity
    Summary
    [Simeji for Windows] installer may insecurely load Dynamic Link Libraries
    Details
    [Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
      "dc:date": "2017-06-21T18:15+09:00",
      "dcterms:issued": "2017-06-21T18:15+09:00",
      "dcterms:modified": "2017-06-21T18:15+09:00",
      "description": "[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
      "sec:cpe": {
        "#text": "cpe:/a:baidu:simeji",
        "@product": "Simeji",
        "@vendor": "Baidu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000120",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN31236539/index.html",
          "@id": "JVN#31236539",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2219",
          "@id": "CVE-2017-2219",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2219",
          "@id": "CVE-2017-2219",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "[Simeji for Windows] installer may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2013-000029

    Vulnerability from jvndb - Published: 2013-03-26 14:51 - Updated:2013-03-26 14:51
    Severity
    N/A (UNKNOWN) - -
    Summary
    Simeji vulnerable to information disclosure
    Details
    Simeji contains an issue in the access permissions for the certain files. Simeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
      "dc:date": "2013-03-26T14:51+09:00",
      "dcterms:issued": "2013-03-26T14:51+09:00",
      "dcterms:modified": "2013-03-26T14:51+09:00",
      "description": "Simeji contains an issue in the access permissions for the certain files.\r\n\r\nSimeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
      "sec:cpe": {
        "#text": "cpe:/a:baidu:simeji",
        "@product": "Simeji",
        "@vendor": "Baidu, Inc.",
        "@version": "2.2"
      },
      "sec:cvss": {
        "@score": "2.6",
        "@severity": "Low",
        "@type": "Base",
        "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
        "@version": "2.0"
      },
      "sec:identifier": "JVNDB-2013-000029",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN77360971/index.html",
          "@id": "JVN#77360971",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0718",
          "@id": "CVE-2013-0718",
          "@source": "CVE"
        },
        {
          "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0718",
          "@id": "CVE-2013-0718",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-264",
          "@title": "Permissions(CWE-264)"
        }
      ],
      "title": "Simeji vulnerable to information disclosure"
    }