Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by Baidu, Inc.
CVE-2018-0692 (GCVE-0-2018-0692)
Vulnerability from cvelistv5 – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN77885134/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Baidu, Inc. | Baidu Browser |
Affected:
Version 43.23.1000.500 and earlier
|
Date Public
2018-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#77885134",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baidu Browser",
"vendor": "Baidu, Inc.",
"versions": [
{
"status": "affected",
"version": "Version 43.23.1000.500 and earlier"
}
]
}
],
"datePublic": "2018-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#77885134",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baidu Browser",
"version": {
"version_data": [
{
"version_value": "Version 43.23.1000.500 and earlier"
}
]
}
}
]
},
"vendor_name": "Baidu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#77885134",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0692",
"datePublished": "2018-11-15T15:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-0692 (GCVE-0-2018-0692)
Vulnerability from nvd – Published: 2018-11-15 15:00 – Updated: 2024-08-05 03:35
VLAI
Summary
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
Severity
No CVSS data available.
CWE
- Untrusted search path vulnerability
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN77885134/index.html | third-party-advisoryx_refsource_JVN |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Baidu, Inc. | Baidu Browser |
Affected:
Version 43.23.1000.500 and earlier
|
Date Public
2018-11-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#77885134",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Baidu Browser",
"vendor": "Baidu, Inc.",
"versions": [
{
"status": "affected",
"version": "Version 43.23.1000.500 and earlier"
}
]
}
],
"datePublic": "2018-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted search path vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#77885134",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Baidu Browser",
"version": {
"version_data": [
{
"version_value": "Version 43.23.1000.500 and earlier"
}
]
}
}
]
},
"vendor_name": "Baidu, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#77885134",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN77885134/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0692",
"datePublished": "2018-11-15T15:00:00.000Z",
"dateReserved": "2017-11-27T00:00:00.000Z",
"dateUpdated": "2024-08-05T03:35:48.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000101
Vulnerability from jvndb - Published: 2018-10-03 15:02 - Updated:2019-08-27 10:39
Severity
Summary
The installer of Baidu Browser may insecurely load Dynamic Link Libraries
Details
Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Asuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000101.html",
"dc:date": "2019-08-27T10:39+09:00",
"dcterms:issued": "2018-10-03T15:02+09:00",
"dcterms:modified": "2019-08-27T10:39+09:00",
"description": "Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nAsuka Nakajima of NTT Secure Platform Laboratories reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000101.html",
"sec:cpe": {
"#text": "cpe:/a:baidu:baidu_browser",
"@product": "Baidu Browser",
"@vendor": "Baidu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000101",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN77885134/index.html",
"@id": "JVN#77885134",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0692",
"@id": "CVE-2018-0692",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0692",
"@id": "CVE-2018-0692",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "The installer of Baidu Browser may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000195
Vulnerability from jvndb - Published: 2017-08-03 12:28 - Updated:2018-01-24 14:34
Severity
Summary
Installer of Baidu IME may insecurely load Dynamic Link Libraries
Details
Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000195.html",
"dc:date": "2018-01-24T14:34+09:00",
"dcterms:issued": "2017-08-03T12:28+09:00",
"dcterms:modified": "2018-01-24T14:34+09:00",
"description": "Installer of Baidu IME contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000195.html",
"sec:cpe": {
"#text": "cpe:/a:baidu:baidu_ime",
"@product": "Baidu IME",
"@vendor": "Baidu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000195",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN17788774/index.html",
"@id": "JVN#17788774",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2221",
"@id": "CVE-2017-2221",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2221",
"@id": "CVE-2017-2221",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Installer of Baidu IME may insecurely load Dynamic Link Libraries"
}
JVNDB-2017-000120
Vulnerability from jvndb - Published: 2017-06-21 18:15 - Updated:2017-06-21 18:15
Severity
Summary
[Simeji for Windows] installer may insecurely load Dynamic Link Libraries
Details
[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).
Eili Masami of Tachibana Lab. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
"dc:date": "2017-06-21T18:15+09:00",
"dcterms:issued": "2017-06-21T18:15+09:00",
"dcterms:modified": "2017-06-21T18:15+09:00",
"description": "[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
"sec:cpe": {
"#text": "cpe:/a:baidu:simeji",
"@product": "Simeji",
"@vendor": "Baidu, Inc.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "7.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000120",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN31236539/index.html",
"@id": "JVN#31236539",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
"@id": "JVNTA#91240916",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2219",
"@id": "CVE-2017-2219",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2219",
"@id": "CVE-2017-2219",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "[Simeji for Windows] installer may insecurely load Dynamic Link Libraries"
}
JVNDB-2013-000029
Vulnerability from jvndb - Published: 2013-03-26 14:51 - Updated:2013-03-26 14:51Summary
Simeji vulnerable to information disclosure
Details
Simeji contains an issue in the access permissions for the certain files.
Simeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.
Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
"dc:date": "2013-03-26T14:51+09:00",
"dcterms:issued": "2013-03-26T14:51+09:00",
"dcterms:modified": "2013-03-26T14:51+09:00",
"description": "Simeji contains an issue in the access permissions for the certain files.\r\n\r\nSimeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
"sec:cpe": {
"#text": "cpe:/a:baidu:simeji",
"@product": "Simeji",
"@vendor": "Baidu, Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN77360971/index.html",
"@id": "JVN#77360971",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0718",
"@id": "CVE-2013-0718",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0718",
"@id": "CVE-2013-0718",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Simeji vulnerable to information disclosure"
}