Search

Find a vulnerability

Search criteria

    14 vulnerabilities by NAVER Corporation

    CVE-2020-9753 (GCVE-0-2020-9753)

    Vulnerability from nvd – Published: 2020-05-20 02:25 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9753 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Installer Affected: unspecified , < 1.2.0.5 (custom)
    Create a notification for this product.
    Credits
    Min Jang, skensita@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9753"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser Installer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThan": "1.2.0.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Min Jang, skensita@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-20T02:25:11.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9753"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9753",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser Installer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Min Jang, skensita@gmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-347"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9753",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9753"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9753",
        "datePublished": "2020-05-20T02:25:11.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9752 (GCVE-0-2020-9752)

    Vulnerability from nvd – Published: 2020-03-23 02:15 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9752 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Cloud Explorer Affected: unspecified , ≤ 2.2.2.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:05.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9752"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Cloud Explorer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T02:15:13.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9752"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Cloud Explorer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.2.2.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9752",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9752"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9752",
        "datePublished": "2020-03-23T02:15:13.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:05.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9751 (GCVE-0-2020-9751)

    Vulnerability from nvd – Published: 2020-03-03 09:15 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9751 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Cloud Explorer Affected: unspecified , ≤ 2.2.2.11 (custom)
    Create a notification for this product.
    Credits
    JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9751"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Cloud Explorer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T09:15:14.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9751"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Cloud Explorer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.2.2.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9751",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9751"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9751",
        "datePublished": "2020-03-03T09:15:14.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13157 (GCVE-0-2019-13157)

    Vulnerability from nvd – Published: 2019-11-22 02:06 – Updated: 2024-08-04 23:41
    VLAI
    Summary
    nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2019-13157 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Vaccine Affected: unspecified , ≤ 2.1.4 (custom)
    Create a notification for this product.
    Credits
    JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:41:10.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2019-13157"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Vaccine",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-22T02:06:08.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2019-13157"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2019-13157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Vaccine",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2019-13157",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2019-13157"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2019-13157",
        "datePublished": "2019-11-22T02:06:08.000Z",
        "dateReserved": "2019-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:41:10.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13156 (GCVE-0-2019-13156)

    Vulnerability from nvd – Published: 2019-09-03 14:42 – Updated: 2024-08-04 23:41
    VLAI
    Summary
    NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2019-13156 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation NDrive Affected: unspecified , ≤ 1.2.2 (custom)
    Create a notification for this product.
    Credits
    MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:41:10.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2019-13156"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NDrive",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-03T14:42:09.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2019-13156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2019-13156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NDrive",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "1.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2019-13156",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2019-13156"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2019-13156",
        "datePublished": "2019-09-03T14:42:09.000Z",
        "dateReserved": "2019-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:41:10.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12449 (GCVE-0-2018-12449)

    Vulnerability from nvd – Published: 2018-10-11 13:00 – Updated: 2024-08-05 08:38
    VLAI
    Summary
    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2018-12449 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Installer Affected: unspecified , ≤ 0.4.3.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-10 00:00
    Credits
    Kushal Arvind Shah of Fortinet's FortiGuard Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:06.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2018-12449"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser Installer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "0.4.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
            }
          ],
          "datePublic": "2018-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T12:57:01.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2018-12449"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2018-12449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser Installer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "0.4.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2018-12449",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2018-12449"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2018-12449",
        "datePublished": "2018-10-11T13:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:38:06.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12448 (GCVE-0-2018-12448)

    Vulnerability from nvd – Published: 2018-08-02 13:00 – Updated: 2024-08-05 08:38
    VLAI
    Summary
    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Affected: unspecified , < 1.3.48.4 (custom)
    Create a notification for this product.
    Date Public
    2018-08-01 00:00
    Credits
    YongShao (Zhiyong Feng) of Mobike Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.941Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2018-12448.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThan": "1.3.48.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "YongShao (Zhiyong Feng) of Mobike Security Team"
            }
          ],
          "datePublic": "2018-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-02T12:57:01.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cve.naver.com/detail/cve-2018-12448.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2018-12448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.3.48.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "YongShao (Zhiyong Feng) of Mobike Security Team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2018-12448.html",
                  "refsource": "MISC",
                  "url": "https://cve.naver.com/detail/cve-2018-12448.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2018-12448",
        "datePublished": "2018-08-02T13:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:38:05.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9753 (GCVE-0-2020-9753)

    Vulnerability from cvelistv5 – Published: 2020-05-20 02:25 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9753 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Installer Affected: unspecified , < 1.2.0.5 (custom)
    Create a notification for this product.
    Credits
    Min Jang, skensita@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.403Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9753"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser Installer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThan": "1.2.0.5",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Min Jang, skensita@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-05-20T02:25:11.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9753"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9753",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser Installer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.2.0.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Min Jang, skensita@gmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-347"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9753",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9753"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9753",
        "datePublished": "2020-05-20T02:25:11.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.403Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9752 (GCVE-0-2020-9752)

    Vulnerability from cvelistv5 – Published: 2020-03-23 02:15 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9752 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Cloud Explorer Affected: unspecified , ≤ 2.2.2.11 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:05.125Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9752"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Cloud Explorer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-23T02:15:13.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9752"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9752",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Cloud Explorer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.2.2.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-73"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9752",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9752"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9752",
        "datePublished": "2020-03-23T02:15:13.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:05.125Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-9751 (GCVE-0-2020-9751)

    Vulnerability from cvelistv5 – Published: 2020-03-03 09:15 – Updated: 2024-08-04 10:43
    VLAI
    Summary
    Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2020-9751 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Cloud Explorer Affected: unspecified , ≤ 2.2.2.11 (custom)
    Create a notification for this product.
    Credits
    JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T10:43:04.395Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2020-9751"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Cloud Explorer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.2.2.11",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-494",
                  "description": "CWE-494",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-03-03T09:15:14.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2020-9751"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2020-9751",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Cloud Explorer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.2.2.11"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-494"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2020-9751",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2020-9751"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2020-9751",
        "datePublished": "2020-03-03T09:15:14.000Z",
        "dateReserved": "2020-03-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T10:43:04.395Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13157 (GCVE-0-2019-13157)

    Vulnerability from cvelistv5 – Published: 2019-11-22 02:06 – Updated: 2024-08-04 23:41
    VLAI
    Summary
    nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2019-13157 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Naver Vaccine Affected: unspecified , ≤ 2.1.4 (custom)
    Create a notification for this product.
    Credits
    JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:41:10.655Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2019-13157"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Naver Vaccine",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "2.1.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-22T02:06:08.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2019-13157"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2019-13157",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Naver Vaccine",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "2.1.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "JAEWOOK SHIN(powerprove, null2root, proveofhack@gmail.com) and JINWOO PARK (P4rkJW, CAT-Security)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-22"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2019-13157",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2019-13157"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2019-13157",
        "datePublished": "2019-11-22T02:06:08.000Z",
        "dateReserved": "2019-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:41:10.655Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-13156 (GCVE-0-2019-13156)

    Vulnerability from cvelistv5 – Published: 2019-09-03 14:42 – Updated: 2024-08-04 23:41
    VLAI
    Summary
    NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2019-13156 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation NDrive Affected: unspecified , ≤ 1.2.2 (custom)
    Create a notification for this product.
    Credits
    MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T23:41:10.535Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2019-13156"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "NDrive",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "1.2.2",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-09-03T14:42:09.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2019-13156"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2019-13156",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "NDrive",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "1.2.2"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "MyeongHwan Seo(f10w3r) rootsmh0311@gmail.com"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-121"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2019-13156",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2019-13156"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2019-13156",
        "datePublished": "2019-09-03T14:42:09.000Z",
        "dateReserved": "2019-07-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T23:41:10.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12449 (GCVE-0-2018-12449)

    Vulnerability from cvelistv5 – Published: 2018-10-11 13:00 – Updated: 2024-08-05 08:38
    VLAI
    Summary
    The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    URL Tags
    https://cve.naver.com/detail/cve-2018-12449 x_refsource_CONFIRM
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Installer Affected: unspecified , ≤ 0.4.3.0 (custom)
    Create a notification for this product.
    Date Public
    2018-10-10 00:00
    Credits
    Kushal Arvind Shah of Fortinet's FortiGuard Labs
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:06.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2018-12449"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser Installer",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThanOrEqual": "0.4.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
            }
          ],
          "datePublic": "2018-10-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-426",
                  "description": "CWE-426",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-11T12:57:01.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cve.naver.com/detail/cve-2018-12449"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2018-12449",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser Installer",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c=",
                                "version_affected": "\u003c=",
                                "version_value": "0.4.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Kushal Arvind Shah of Fortinet\u0027s FortiGuard Labs"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The Whale browser installer 0.4.3.0 and earlier versions allows DLL hijacking."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-426"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2018-12449",
                  "refsource": "CONFIRM",
                  "url": "https://cve.naver.com/detail/cve-2018-12449"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2018-12449",
        "datePublished": "2018-10-11T13:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:38:06.398Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-12448 (GCVE-0-2018-12448)

    Vulnerability from cvelistv5 – Published: 2018-08-02 13:00 – Updated: 2024-08-05 08:38
    VLAI
    Summary
    Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    NAVER Corporation Whale Browser Affected: unspecified , < 1.3.48.4 (custom)
    Create a notification for this product.
    Date Public
    2018-08-01 00:00
    Credits
    YongShao (Zhiyong Feng) of Mobike Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T08:38:05.941Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://cve.naver.com/detail/cve-2018-12448.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Whale Browser",
              "vendor": "NAVER Corporation",
              "versions": [
                {
                  "lessThan": "1.3.48.4",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "YongShao (Zhiyong Feng) of Mobike Security Team"
            }
          ],
          "datePublic": "2018-08-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-08-02T12:57:01.000Z",
            "orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
            "shortName": "naver"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://cve.naver.com/detail/cve-2018-12448.html"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@navercorp.com",
              "ID": "CVE-2018-12448",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Whale Browser",
                          "version": {
                            "version_data": [
                              {
                                "affected": "\u003c",
                                "version_affected": "\u003c",
                                "version_value": "1.3.48.4"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "NAVER Corporation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "YongShao (Zhiyong Feng) of Mobike Security Team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser\u0027s address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://cve.naver.com/detail/cve-2018-12448.html",
                  "refsource": "MISC",
                  "url": "https://cve.naver.com/detail/cve-2018-12448.html"
                }
              ]
            },
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
        "assignerShortName": "naver",
        "cveId": "CVE-2018-12448",
        "datePublished": "2018-08-02T13:00:00.000Z",
        "dateReserved": "2018-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T08:38:05.941Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }