Filtered by vendor Naver
Subscribe
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33592 | 1 Naver | 1 Toolbar | 2022-10-27 | 7.5 HIGH | 9.8 CRITICAL |
| NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function. | |||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2022-06-21 | 6.9 MEDIUM | 7.8 HIGH |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | |||||
| CVE-2021-33591 | 1 Naver | 1 Comic Viewer | 2021-06-03 | 6.8 MEDIUM | 8.8 HIGH |
| An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted HTML page. | |||||
| CVE-2019-13156 | 1 Naver | 1 Cloud Explorer | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | |||||
| CVE-2020-9753 | 1 Naver | 1 Whale Browser Installer | 2020-05-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. | |||||
| CVE-2020-9752 | 1 Naver | 1 Cloud Explorer | 2020-03-25 | 7.5 HIGH | 9.8 CRITICAL |
| Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe. | |||||
| CVE-2020-9751 | 1 Naver | 1 Cloud Explorer | 2020-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | |||||
| CVE-2019-13157 | 1 Naver | 1 Vaccine | 2019-12-03 | 6.4 MEDIUM | 7.5 HIGH |
| nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive. | |||||
| CVE-2016-5060 | 1 Naver | 1 Ngrinder | 2016-12-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save. | |||||
| CVE-2014-6980 | 1 Naver | 1 Line Play | 2014-11-14 | 5.4 MEDIUM | N/A |
| The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2012-5183 | 1 Naver | 1 Loctouch | 2013-01-07 | 2.6 LOW | N/A |
| The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files. | |||||
| CVE-2012-5182 | 1 Naver | 1 Loctouch | 2013-01-07 | 4.3 MEDIUM | N/A |
| The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application. | |||||
| CVE-2012-4005 | 1 Naver | 1 Nhn Japan Naver Line | 2012-12-17 | 5.0 MEDIUM | N/A |
| The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application. | |||||