Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
navercorp whale vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2018-12448
Whale Browser prior to 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
6.8
CVSSv2
CVE-2018-12449
The Whale browser installer 0.4.3.0 and previous versions versions allows DLL hijacking.
Navercorp Whale
5.1
CVSSv2
CVE-2018-9859
The path of Whale update service was unquoted in NAVER Whale prior to 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
Navercorp Whale
5
CVSSv2
CVE-2021-33593
Whale browser for iOS prior to 1.14.0 has an inconsistent user interface issue that allows an malicious user to obfuscate the address bar which may lead to address bar spoofing.
Navercorp Whale
4.3
CVSSv2
CVE-2022-24071
A Built-in extension in Whale browser prior to 3.12.129.46 allows malicious users to compromise the rendering process which could lead to controlling browser internal APIs.
Navercorp Whale
5.8
CVSSv2
CVE-2022-24073
The Web Request API in Whale browser prior to 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Navercorp Whale
7.5
CVSSv2
CVE-2022-24074
Whale Bridge, a default extension in Whale browser prior to 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
Navercorp Whale
4.3
CVSSv2
CVE-2022-24075
Whale browser prior to 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
Navercorp Whale
5
CVSSv2
CVE-2018-7635
Whale Browser prior to 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
6.8
CVSSv2
CVE-2017-15913
The Installer in Whale allows DLL hijacking.
Navercorp Whale -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3201
CVE-2024-4779
CVE-2024-35090
CVE-2024-5084
hard-coded
CVE-2024-4985
HTML injection
CVE-2024-33655
local file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »