Search criteria
34 vulnerabilities
CVE-2025-62585 (GCVE-0-2025-62585)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:36
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62585",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:35:56.425333Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:36:56.579Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Content Security Policy via a specific scheme in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:34.974Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62585.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62585",
"datePublished": "2025-10-16T06:52:34.974Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:36:56.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62584 (GCVE-0-2025-62584)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 13:38
VLAI?
Summary
Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62584",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:38:19.251887Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T13:38:54.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:25.232Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62584.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62584",
"datePublished": "2025-10-16T06:52:25.232Z",
"dateReserved": "2025-10-16T06:44:59.554Z",
"dateUpdated": "2025-10-16T13:38:54.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62583 (GCVE-0-2025-62583)
Vulnerability from cvelistv5 – Published: 2025-10-16 06:52 – Updated: 2025-10-16 14:09
VLAI?
Summary
Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment.
Severity ?
9.8 (Critical)
CWE
- CWE-358 - Improperly Implemented Security Check for Standard
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.33.325.17
|
Credits
Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-62583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-16T13:58:39.555252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T14:09:03.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.33.325.17"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung, mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology-Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser before 4.33.325.17 allows an attacker to escape the iframe sandbox in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-358",
"description": "CWE-358 Improperly Implemented Security Check for Standard",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-16T06:52:12.797Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-62583.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-62583",
"datePublished": "2025-10-16T06:52:12.797Z",
"dateReserved": "2025-10-16T06:44:59.553Z",
"dateUpdated": "2025-10-16T14:09:03.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58323 (GCVE-0-2025-58323)
Vulnerability from cvelistv5 – Published: 2025-08-29 01:41 – Updated: 2025-08-29 17:10
VLAI?
Summary
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by executing arbitrary files due to improper privilege checks.
Severity ?
7.7 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER MYBOX Explorer |
Unaffected:
3.0.8.133
|
Credits
Minwoo Jeong of KAIST Hacking Lab (@p1nkjelly)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58323",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-29T17:10:21.534203Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T17:10:33.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER MYBOX Explorer",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.0.8.133"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Minwoo Jeong of KAIST Hacking Lab (@p1nkjelly)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM by executing arbitrary files due to improper privilege checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:41:14.338Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-58323.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-58323",
"datePublished": "2025-08-29T01:41:14.338Z",
"dateReserved": "2025-08-28T08:44:18.809Z",
"dateUpdated": "2025-08-29T17:10:33.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-58322 (GCVE-0-2025-58322)
Vulnerability from cvelistv5 – Published: 2025-08-28 08:02 – Updated: 2025-08-29 01:40
VLAI?
Summary
NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks.
Severity ?
7.8 (High)
CWE
- CWE-266 - Incorrect Privilege Assignment
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER MYBOX Explorer |
Unaffected:
3.0.8.133
|
Credits
Minwoo Jeong of KAIST Hacking Lab (@p1nkjelly)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-58322",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-28T14:16:14.600657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:17:05.197Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER MYBOX Explorer",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.0.8.133"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Minwoo Jeong of KAIST Hacking Lab (@p1nkjelly)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\\SYSTEM by invoking arbitrary DLLs due to improper privilege checks."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect Privilege Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-29T01:40:58.236Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-58322.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-58322",
"datePublished": "2025-08-28T08:02:35.726Z",
"dateReserved": "2025-08-28T07:54:43.758Z",
"dateUpdated": "2025-08-29T01:40:58.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53600 (GCVE-0-2025-53600)
Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment.
Severity ?
7.5 (High)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
4.32.315.22
|
Credits
Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53600",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:16.025413Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:08.750Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "4.32.315.22"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mingi Jung (UNIST WebSec), mingijung.grape@gmail.com, Ulsan National Institute of Science and Technology Web Sec Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 4.32.315.22 allow an attacker to bypass the Same-Origin Policy in a dual-tab environment."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:26.014Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53600.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53600",
"datePublished": "2025-07-04T07:20:26.014Z",
"dateReserved": "2025-07-04T07:13:26.677Z",
"dateUpdated": "2025-07-08T17:39:08.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53599 (GCVE-0-2025-53599)
Vulnerability from cvelistv5 – Published: 2025-07-04 07:20 – Updated: 2025-07-08 17:39
VLAI?
Summary
Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme.
Severity ?
9.8 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
3.9.1.4206
|
Credits
un3xploitable
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-53599",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-07T19:46:24.649720Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T17:39:15.377Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"iOS"
],
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.9.1.4206"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "un3xploitable"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser for iOS before 3.9.1.4206 allow an attacker to execute malicious scripts in the browser via a crafted javascript scheme."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-04T07:20:11.124Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-53599.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-53599",
"datePublished": "2025-07-04T07:20:11.124Z",
"dateReserved": "2025-07-04T07:13:26.676Z",
"dateUpdated": "2025-07-08T17:39:15.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-49223 (GCVE-0-2025-49223)
Vulnerability from cvelistv5 – Published: 2025-06-04 02:00 – Updated: 2025-06-04 13:33
VLAI?
Summary
billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
Severity ?
9.8 (Critical)
CWE
- CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | billboard.js |
Unaffected:
3.15.1
|
Credits
Anonymous
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-49223",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-04T13:33:15.458647Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T13:33:44.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "billboard.js",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.15.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "billboard.js before 3.15.1 was discovered to contain a prototype pollution via the function generate, which could allow attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1321",
"description": "CWE-1321 Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T02:00:15.719Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2025-49223.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2025-49223",
"datePublished": "2025-06-04T02:00:15.719Z",
"dateReserved": "2025-06-04T01:29:40.014Z",
"dateUpdated": "2025-06-04T13:33:44.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-50583 (GCVE-0-2024-50583)
Vulnerability from cvelistv5 – Published: 2024-10-25 07:04 – Updated: 2024-10-25 20:17
VLAI?
Summary
Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings.
Severity ?
6.3 (Medium)
CWE
- CWE-427 - Uncontrolled Search Path Element
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | Naver Whale browser Installer |
Unaffected:
3.1.0.0
|
Credits
Guenoh Park (Groro90), spear@kakao.com
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50583",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-25T20:16:26.441614Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T20:17:21.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "Naver Whale browser Installer",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.1.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guenoh Park (Groro90), spear@kakao.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser Installer before 3.1.0.0 allows an attacker to execute a malicious DLL in the user environment due to improper permission settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-427",
"description": "CWE-427 Uncontrolled Search Path Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-25T07:04:30.244Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2024-50583.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-50583",
"datePublished": "2024-10-25T07:04:30.244Z",
"dateReserved": "2024-10-25T02:33:47.691Z",
"dateUpdated": "2024-10-25T20:17:21.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-40618 (GCVE-0-2024-40618)
Vulnerability from cvelistv5 – Published: 2024-07-11 01:24 – Updated: 2024-08-02 04:33
VLAI?
Summary
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension.
Severity ?
9.6 (Critical)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
3.26.244.21
|
Credits
James Dean (YSK)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:whale_browser:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "whale_browser",
"vendor": "naver",
"versions": [
{
"lessThan": "3.26.244.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-40618",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T14:56:23.905753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T14:56:51.466Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:33:11.796Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-40618.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.26.244.21"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "James Dean (YSK)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to improper sanitization when processing a built-in extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T01:24:41.321Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://cve.naver.com/detail/cve-2024-40618.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-40618",
"datePublished": "2024-07-11T01:24:41.321Z",
"dateReserved": "2024-07-08T06:05:59.601Z",
"dateUpdated": "2024-08-02T04:33:11.796Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28216 (GCVE-0-2024-28216)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:50 – Updated: 2024-09-06 04:17
VLAI?
Summary
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Severity ?
5.4 (Medium)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28216.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ngrinder",
"vendor": "naver",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28216",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:41:17.619047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:42:34.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T04:17:45.466Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28216.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28216",
"datePublished": "2024-03-07T04:50:15.338Z",
"dateReserved": "2024-03-07T02:38:58.221Z",
"dateUpdated": "2024-09-06T04:17:45.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28215 (GCVE-0-2024-28215)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:50 – Updated: 2024-09-06 04:15
VLAI?
Summary
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.
Severity ?
7.5 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.627Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28215.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ngrinder",
"vendor": "naver",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:35:15.864891Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T20:18:55.816Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T04:15:12.049Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28215.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28215",
"datePublished": "2024-03-07T04:50:08.422Z",
"dateReserved": "2024-03-07T02:38:58.221Z",
"dateUpdated": "2024-09-06T04:15:12.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28214 (GCVE-0-2024-28214)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:49 – Updated: 2024-11-08 17:07
VLAI?
Summary
nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.
Severity ?
CWE
- CWE-405 - Asymmetric Resource Consumption (Amplification)
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.632Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28214.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28214",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T16:46:08.193153Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:07:55.690Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-405",
"description": "CWE-405 Asymmetric Resource Consumption (Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T04:12:38.448Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28214.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28214",
"datePublished": "2024-03-07T04:49:57.531Z",
"dateReserved": "2024-03-07T02:38:58.221Z",
"dateUpdated": "2024-11-08T17:07:55.690Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28213 (GCVE-0-2024-28213)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:49 – Updated: 2024-08-22 20:01
VLAI?
Summary
nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28213.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ngrinder",
"vendor": "naver",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28213",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-07T18:59:00.791879Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T20:01:34.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327174Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28213.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28213",
"datePublished": "2024-03-07T04:49:47.237Z",
"dateReserved": "2024-03-07T02:38:58.221Z",
"dateUpdated": "2024-08-22T20:01:34.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28212 (GCVE-0-2024-28212)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:49 – Updated: 2024-08-12 19:41
VLAI?
Summary
nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28212.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ngrinder",
"vendor": "naver",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28212",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-12T19:41:37.787067Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-12T19:41:41.104Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327174Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28212.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28212",
"datePublished": "2024-03-07T04:49:37.921Z",
"dateReserved": "2024-03-07T02:38:58.221Z",
"dateUpdated": "2024-08-12T19:41:41.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-28211 (GCVE-0-2024-28211)
Vulnerability from cvelistv5 – Published: 2024-03-07 04:49 – Updated: 2024-08-05 20:05
VLAI?
Summary
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.
Severity ?
9.8 (Critical)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
Credits
Peter Stöckli of GitHub Security Lab
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T00:48:49.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2024-28211.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:naver:ngrinder:*:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "ngrinder",
"vendor": "naver",
"versions": [
{
"lessThan": "3.5.9",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-28211",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-05T20:03:53.607719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-05T20:05:34.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "nGrinder",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.5.9"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Peter St\u00f6ckli of GitHub Security Lab"
}
],
"descriptions": [
{
"lang": "en",
"value": "nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-15T00:27:54.327174Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2024-28211.html"
}
],
"source": {
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2024-28211",
"datePublished": "2024-03-07T04:49:21.951Z",
"dateReserved": "2024-03-07T02:38:58.220Z",
"dateUpdated": "2024-08-05T20:05:34.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25632 (GCVE-0-2023-25632)
Vulnerability from cvelistv5 – Published: 2023-11-27 07:03 – Updated: 2024-10-11 17:58
VLAI?
Summary
The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
Severity ?
No CVSS data available.
CWE
- CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Unaffected:
3.0.1.2
|
Credits
Mohit Raj (shadow2639), sec4life@protonmail.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:25:19.289Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "NAVER Security Advisory",
"tags": [
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2023-25632.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25632",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:37.401604Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:58:24.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Android"
],
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"status": "unaffected",
"version": "3.0.1.2"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mohit Raj (shadow2639), sec4life@protonmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via \u0027Open in Whale\u0027 feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-06T02:36:55.395Z",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"name": "NAVER Security Advisory",
"url": "https://cve.naver.com/detail/cve-2023-25632.html"
}
],
"source": {
"advisory": "NIST",
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2023-25632",
"datePublished": "2023-11-27T07:03:12.145Z",
"dateReserved": "2023-02-09T15:55:25.113Z",
"dateUpdated": "2024-10-11T17:58:24.336Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9754 (GCVE-0-2020-9754)
Vulnerability from cvelistv5 – Published: 2022-06-27 01:40 – Updated: 2024-08-04 10:43
VLAI?
Summary
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
Severity ?
No CVSS data available.
CWE
- CWE-284 - Improper Access Control
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 1.10.6.2
(custom)
|
Credits
Jaeyong Bae(jdragon.bae@gmail.com)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "1.10.6.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-27T01:40:09",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9754",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.10.6.2"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jaeyong Bae(jdragon.bae@gmail.com)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284: Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9754.html",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9754.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9754",
"datePublished": "2022-06-27T01:40:09",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:04.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24077 (GCVE-0-2022-24077)
Vulnerability from cvelistv5 – Published: 2022-06-13 13:40 – Updated: 2024-08-03 03:59
VLAI?
Summary
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Cloud Explorer Beta |
Affected:
All versions
|
Credits
anonymous
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24077.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Cloud Explorer Beta",
"vendor": "NAVER",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "anonymous"
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-13T13:40:17",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24077.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Cloud Explorer Beta",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "anonymous"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24077.html",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24077.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24077",
"datePublished": "2022-06-13T13:40:17",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24075 (GCVE-0-2022-24075)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Severity ?
No CVSS data available.
CWE
- CWE-552 - Files or Directories Accessible to External Parties
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552: Files or Directories Accessible to External Parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:17",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-552: Files or Directories Accessible to External Parties"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24075",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24075"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24075",
"datePublished": "2022-03-17T05:20:17",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24074 (GCVE-0-2022-24074)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Severity ?
No CVSS data available.
CWE
- CWE-668 - Exposure of Resource to Wrong Sphere
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.649Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:16",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-668: Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24074",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24074"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24074",
"datePublished": "2022-03-17T05:20:16",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24073 (GCVE-0-2022-24073)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Severity ?
No CVSS data available.
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:14",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24073",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24073"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24073",
"datePublished": "2022-03-17T05:20:14",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24072 (GCVE-0-2022-24072)
Vulnerability from cvelistv5 – Published: 2022-03-17 05:20 – Updated: 2024-08-03 03:59
VLAI?
Summary
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Severity ?
No CVSS data available.
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.580Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-17T05:20:13",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24072",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24072"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24072",
"datePublished": "2022-03-17T05:20:13",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.580Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24071 (GCVE-0-2022-24071)
Vulnerability from cvelistv5 – Published: 2022-01-28 10:04 – Updated: 2024-08-03 03:59
VLAI?
Summary
A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs.
Severity ?
No CVSS data available.
CWE
- CWE-648 - Incorrect Use of Privileged APIs
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 3.12.129.46
(custom)
|
Credits
Young Min Kim
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2022-24071"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "3.12.129.46",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Young Min Kim"
}
],
"descriptions": [
{
"lang": "en",
"value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-28T10:04:53",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2022-24071"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2022-24071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "3.12.129.46"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Young Min Kim"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2022-24071",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2022-24071"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2022-24071",
"datePublished": "2022-01-28T10:04:53",
"dateReserved": "2022-01-27T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33593 (GCVE-0-2021-33593)
Vulnerability from cvelistv5 – Published: 2021-11-02 06:20 – Updated: 2024-08-03 23:50
VLAI?
Summary
Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.
Severity ?
No CVSS data available.
CWE
- CWE-451 - User Interface (UI) Misrepresentation of Critical Information
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Whale browser |
Affected:
unspecified , < 1.14.0
(custom)
|
Credits
YoKo Kho from Telkom Indonesia
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2021-43059"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Whale browser",
"vendor": "NAVER",
"versions": [
{
"lessThan": "1.14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "YoKo Kho from Telkom Indonesia"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-451",
"description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-02T06:20:09",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2021-43059"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2021-33593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Whale browser",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.14.0"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "YoKo Kho from Telkom Indonesia"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2021-43059",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2021-43059"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2021-33593",
"datePublished": "2021-11-02T06:20:09",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.208Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33592 (GCVE-0-2021-33592)
Vulnerability from cvelistv5 – Published: 2021-07-19 05:55 – Updated: 2024-08-03 23:50
VLAI?
Summary
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | NAVER Toolbar |
Affected:
unspecified , ≤ 4.0.30.323
(custom)
|
Credits
powerprove(null2root)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2021-33592"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "NAVER Toolbar",
"vendor": "NAVER",
"versions": [
{
"lessThanOrEqual": "4.0.30.323",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "powerprove(null2root)"
}
],
"descriptions": [
{
"lang": "en",
"value": "NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-19T05:55:10",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2021-33592"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2021-33592",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NAVER Toolbar",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "4.0.30.323"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "powerprove(null2root)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2021-33592",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2021-33592"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2021-33592",
"datePublished": "2021-07-19T05:55:10",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-33591 (GCVE-0-2021-33591)
Vulnerability from cvelistv5 – Published: 2021-05-28 10:50 – Updated: 2024-08-03 23:50
VLAI?
Summary
An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
Severity ?
No CVSS data available.
CWE
- CWE-489 - Active Debug Code
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER | Naver Comic Viewer |
Affected:
unspecified , ≤ 1.0.14.0
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:50:43.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Comic Viewer",
"vendor": "NAVER",
"versions": [
{
"lessThanOrEqual": "1.0.14.0",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-489",
"description": "CWE-489: Active Debug Code",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-05-28T10:50:08",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2021-33591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Comic Viewer",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "1.0.14.0"
}
]
}
}
]
},
"vendor_name": "NAVER"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-489: Active Debug Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2021-33591",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2021-33591"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2021-33591",
"datePublished": "2021-05-28T10:50:09",
"dateReserved": "2021-05-27T00:00:00",
"dateUpdated": "2024-08-03T23:50:43.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9753 (GCVE-0-2020-9753)
Vulnerability from cvelistv5 – Published: 2020-05-20 02:25 – Updated: 2024-08-04 10:43
VLAI?
Summary
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER Corporation | Whale Browser Installer |
Affected:
unspecified , < 1.2.0.5
(custom)
|
Credits
Min Jang, skensita@gmail.com
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Whale Browser Installer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThan": "1.2.0.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Min Jang, skensita@gmail.com"
}
],
"descriptions": [
{
"lang": "en",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-347",
"description": "CWE-347",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-20T02:25:11",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9753",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Whale Browser Installer",
"version": {
"version_data": [
{
"affected": "\u003c",
"version_affected": "\u003c",
"version_value": "1.2.0.5"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Min Jang, skensita@gmail.com"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Whale Browser Installer before 1.2.0.5 versions don\u0027t support signature verification for Flash installer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-347"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9753",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9753"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9753",
"datePublished": "2020-05-20T02:25:11",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:04.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9752 (GCVE-0-2020-9752)
Vulnerability from cvelistv5 – Published: 2020-03-23 02:15 – Updated: 2024-08-04 10:43
VLAI?
Summary
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:05.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-23T02:15:13",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-73"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9752",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9752"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9752",
"datePublished": "2020-03-23T02:15:13",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:05.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-9751 (GCVE-0-2020-9751)
Vulnerability from cvelistv5 – Published: 2020-03-03 09:15 – Updated: 2024-08-04 10:43
VLAI?
Summary
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| NAVER Corporation | Naver Cloud Explorer |
Affected:
unspecified , ≤ 2.2.2.11
(custom)
|
Credits
JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:43:04.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Naver Cloud Explorer",
"vendor": "NAVER Corporation",
"versions": [
{
"lessThanOrEqual": "2.2.2.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-494",
"description": "CWE-494",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-03T09:15:14",
"orgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"shortName": "naver"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@navercorp.com",
"ID": "CVE-2020-9751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Naver Cloud Explorer",
"version": {
"version_data": [
{
"affected": "\u003c=",
"version_affected": "\u003c=",
"version_value": "2.2.2.11"
}
]
}
}
]
},
"vendor_name": "NAVER Corporation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JAEWOOK SHIN(powerprove, null2root) and JINWOO PARK (P4rkJW, CAT-Security)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker\u0027s server and execute it during the upgrade."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-494"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cve.naver.com/detail/cve-2020-9751",
"refsource": "CONFIRM",
"url": "https://cve.naver.com/detail/cve-2020-9751"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f9629fae-ca2e-4fbf-9785-3ed86476aef6",
"assignerShortName": "naver",
"cveId": "CVE-2020-9751",
"datePublished": "2020-03-03T09:15:14",
"dateReserved": "2020-03-02T00:00:00",
"dateUpdated": "2024-08-04T10:43:04.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}