Search

Find a vulnerability

Search criteria

    1 vulnerability found for Vivaldi by Vivaldi Technologies

    JVNDB-2017-000077

    Vulnerability from jvndb - Published: 2017-04-25 13:36 - Updated:2017-06-06 15:04
    Severity
    Summary
    Installer of Vivaldi for Windows may insecurely load executable files
    Details
    The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files (CWE-427). Eiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000077.html",
      "dc:date": "2017-06-06T15:04+09:00",
      "dcterms:issued": "2017-04-25T13:36+09:00",
      "dcterms:modified": "2017-06-06T15:04+09:00",
      "description": "The installer of Vivaldi for Windows contains an issue in the file search path when loading files, which may insecurely load executable files (CWE-427).\r\n\r\nEiji James Yoshida of Security Professionals Network Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000077.html",
      "sec:cpe": {
        "#text": "cpe:/a:vivaldi:vivaldi_installer_for_windows",
        "@product": "Vivaldi",
        "@vendor": "Vivaldi Technologies",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000077",
      "sec:references": [
        {
          "#text": "https://jvn.jp/en/jp/JVN71572107/index.html",
          "@id": "JVN#71572107",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2156",
          "@id": "CVE-2017-2156",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2156",
          "@id": "CVE-2017-2156",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Installer of Vivaldi for Windows may insecurely load executable files"
    }