Whale
by Naver
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9859 | Hig | 0.53 | 8.1 | 0.01 | Jun 16, 2018 | The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications. | ||
| CVE-2022-24073 | Hig | 0.46 | 7.1 | 0.01 | Mar 17, 2022 | The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | ||
| CVE-2022-24075 | Med | 0.42 | 6.5 | 0.01 | Mar 17, 2022 | Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. |
- risk 0.53cvss 8.1epss 0.01
The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
- risk 0.46cvss 7.1epss 0.01
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
- risk 0.42cvss 6.5epss 0.01
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.