VYPR

Whale

by Naver

CVEs (3)

  • CVE-2018-9859HigJun 16, 2018
    risk 0.53cvss 8.1epss 0.01

    The path of Whale update service was unquoted in NAVER Whale before 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.

  • CVE-2022-24073HigMar 17, 2022
    risk 0.46cvss 7.1epss 0.01

    The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.

  • CVE-2022-24075MedMar 17, 2022
    risk 0.42cvss 6.5epss 0.01

    Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.