Search
Find a vulnerability
Search criteria
14 vulnerabilities by NAVER Corporation
CVE-2020-9753 (GCVE-0-2020-9753)
Vulnerability from nvd – Published: 2020-05-20 02:25 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9753 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser Installer |
Affected:
unspecified , < 1.2.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser Installer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThan": "1.2.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Min Jang, skensita@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T02:25:11.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser Installer",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.0.5"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Min Jang, skensita@gmail.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9753",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9753",
"datePublished": "2020-05-20T02:25:11.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:04.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9752 (GCVE-0-2020-9752)
Vulnerability from nvd – Published: 2020-03-23 02:15 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9752 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T02:15:13.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9752",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9752",
"datePublished": "2020-03-23T02:15:13.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9751 (GCVE-0-2020-9751)
Vulnerability from nvd – Published: 2020-03-03 09:15 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9751 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T09:15:14.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9751",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9751",
"datePublished": "2020-03-03T09:15:14.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:04.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13157 (GCVE-0-2019-13157)
Vulnerability from nvd – Published: 2019-11-22 02:06 – Updated: 2024-08-04 23:41
VLAI
EPSS
VEX
Summary
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2019-13157 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Vaccine |
Affected:
unspecified , ≤ 2.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Vaccine",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T02:06:08.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2019-13157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Vaccine",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2019-13157",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2019-13157",
"datePublished": "2019-11-22T02:06:08.000Z",
"dateReserved": "2019-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13156 (GCVE-0-2019-13156)
Vulnerability from nvd – Published: 2019-09-03 14:42 – Updated: 2024-08-04 23:41
VLAI
EPSS
VEX
Summary
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2019-13156 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | NDrive |
Affected:
unspecified , ≤ 1.2.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NDrive",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T14:42:09.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2019-13156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NDrive",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2019-13156",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2019-13156",
"datePublished": "2019-09-03T14:42:09.000Z",
"dateReserved": "2019-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12449 (GCVE-0-2018-12449)
Vulnerability from nvd – Published: 2018-10-11 13:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2018-12449 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser Installer |
Affected:
unspecified , ≤ 0.4.3.0
(custom)
|
Date Public
2018-10-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser Installer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "0.4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
}
],
"datePublic": "2018-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T12:57:01.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2018-12449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser Installer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "0.4.3.0"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2018-12449",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2018-12449",
"datePublished": "2018-10-11T13:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:06.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12448 (GCVE-0-2018-12448)
Vulnerability from nvd – Published: 2018-08-02 13:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2018-12448.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser |
Affected:
unspecified , < 1.3.48.4
(custom)
|
Date Public
2018-08-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThan": "1.3.48.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "YongShao (Zhiyong Feng) of Mobike Security Team"
}
],
"datePublic": "2018-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T12:57:01.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2018-12448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.3.48.4"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "YongShao (Zhiyong Feng) of Mobike Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2018-12448.html",
"refsource": "MISC",
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2018-12448",
"datePublished": "2018-08-02T13:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:05.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9753 (GCVE-0-2020-9753)
Vulnerability from cvelistv5 – Published: 2020-05-20 02:25 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9753 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser Installer |
Affected:
unspecified , < 1.2.0.5
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser Installer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThan": "1.2.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Min Jang, skensita@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T02:25:11.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser Installer",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.0.5"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Min Jang, skensita@gmail.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9753",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9753",
"datePublished": "2020-05-20T02:25:11.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:04.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9752 (GCVE-0-2020-9752)
Vulnerability from cvelistv5 – Published: 2020-03-23 02:15 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9752 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T02:15:13.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9752",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9752",
"datePublished": "2020-03-23T02:15:13.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9751 (GCVE-0-2020-9751)
Vulnerability from cvelistv5 – Published: 2020-03-03 09:15 – Updated: 2024-08-04 10:43
VLAI
EPSS
VEX
Summary
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2020-9751 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T09:15:14.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9751",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9751",
"datePublished": "2020-03-03T09:15:14.000Z",
"dateReserved": "2020-03-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T10:43:04.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13157 (GCVE-0-2019-13157)
Vulnerability from cvelistv5 – Published: 2019-11-22 02:06 – Updated: 2024-08-04 23:41
VLAI
EPSS
VEX
Summary
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2019-13157 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Naver Vaccine |
Affected:
unspecified , ≤ 2.1.4
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.655Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Vaccine",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-22T02:06:08.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2019-13157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Vaccine",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2019-13157",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2019-13157"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2019-13157",
"datePublished": "2019-11-22T02:06:08.000Z",
"dateReserved": "2019-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13156 (GCVE-0-2019-13156)
Vulnerability from cvelistv5 – Published: 2019-09-03 14:42 – Updated: 2024-08-04 23:41
VLAI
EPSS
VEX
Summary
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2019-13156 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | NDrive |
Affected:
unspecified , ≤ 1.2.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NDrive",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "1.2.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T14:42:09.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2019-13156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NDrive",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "1.2.2"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2019-13156",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2019-13156"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2019-13156",
"datePublished": "2019-09-03T14:42:09.000Z",
"dateReserved": "2019-07-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12449 (GCVE-0-2018-12449)
Vulnerability from cvelistv5 – Published: 2018-10-11 13:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2018-12449 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser Installer |
Affected:
unspecified , ≤ 0.4.3.0
(custom)
|
Date Public
2018-10-10 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:06.398Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser Installer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "0.4.3.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
}
],
"datePublic": "2018-10-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T12:57:01.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2018-12449",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser Installer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "0.4.3.0"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2018-12449",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2018-12449"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2018-12449",
"datePublished": "2018-10-11T13:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:06.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12448 (GCVE-0-2018-12448)
Vulnerability from cvelistv5 – Published: 2018-08-02 13:00 – Updated: 2024-08-05 08:38
VLAI
EPSS
VEX
Summary
Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
Severity
No CVSS data available.
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://cve.naver.com/detail/cve-2018-12448.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NAVER Corporation | Whale Browser |
Affected:
unspecified , < 1.3.48.4
(custom)
|
Date Public
2018-08-01 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:38:05.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThan": "1.3.48.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "YongShao (Zhiyong Feng) of Mobike Security Team"
}
],
"datePublic": "2018-08-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-02T12:57:01.000Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2018-12448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.3.48.4"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "YongShao (Zhiyong Feng) of Mobike Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2018-12448.html",
"refsource": "MISC",
"url": "https://cve.naver.com/detail/cve-2018-12448.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2018-12448",
"datePublished": "2018-08-02T13:00:00.000Z",
"dateReserved": "2018-06-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T08:38:05.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}