Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
navercorp whale vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-15913
The Installer in Whale allows DLL hijacking.
Navercorp Whale -
6.1
CVSSv3
CVE-2022-24072
The devtools API in Whale browser prior to 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
Navercorp Whale
5.3
CVSSv3
CVE-2021-33593
Whale browser for iOS prior to 1.14.0 has an inconsistent user interface issue that allows an malicious user to obfuscate the address bar which may lead to address bar spoofing.
Navercorp Whale
5.3
CVSSv3
CVE-2018-7635
Whale Browser prior to 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
5.3
CVSSv3
CVE-2020-9754
NAVER Whale browser mobile app prior to 1.10.6.2 allows the malicious user to bypass its browser unlock function via incognito mode.
Navercorp Whale
8.1
CVSSv3
CVE-2018-9859
The path of Whale update service was unquoted in NAVER Whale prior to 1.0.40.7. This vulnerability can be used for persistent privilege escalation if it's available to create an executable file with System privilege by other vulnerable applications.
Navercorp Whale
5.3
CVSSv3
CVE-2018-12448
Whale Browser prior to 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an malicious user to display a malicious web page with a fake domain name.
Navercorp Whale
7.8
CVSSv3
CVE-2018-12449
The Whale browser installer 0.4.3.0 and previous versions versions allows DLL hijacking.
Navercorp Whale
4.3
CVSSv3
CVE-2022-24071
A Built-in extension in Whale browser prior to 3.12.129.46 allows malicious users to compromise the rendering process which could lead to controlling browser internal APIs.
Navercorp Whale
7.1
CVSSv3
CVE-2022-24073
The Web Request API in Whale browser prior to 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
Navercorp Whale
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »