Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-33593

Summary
Assigner-naver
Assigner Org ID-f9629fae-ca2e-4fbf-9785-3ed86476aef6
Published At-02 Nov, 2021 | 06:20
Updated At-03 Aug, 2024 | 23:50
Rejected At-
Credits

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:naver
Assigner Org ID:f9629fae-ca2e-4fbf-9785-3ed86476aef6
Published At:02 Nov, 2021 | 06:20
Updated At:03 Aug, 2024 | 23:50
Rejected At:
▼CVE Numbering Authority (CNA)

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

Affected Products
Vendor
NAVER
Product
NAVER Whale browser
Versions
Affected
  • From unspecified before 1.14.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-451CWE-451: User Interface (UI) Misrepresentation of Critical Information
Type: CWE
CWE ID: CWE-451
Description: CWE-451: User Interface (UI) Misrepresentation of Critical Information
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
YoKo Kho from Telkom Indonesia
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cve.naver.com/detail/cve-2021-43059
x_refsource_CONFIRM
Hyperlink: https://cve.naver.com/detail/cve-2021-43059
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://cve.naver.com/detail/cve-2021-43059
x_refsource_CONFIRM
x_transferred
Hyperlink: https://cve.naver.com/detail/cve-2021-43059
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@navercorp.com
Published At:02 Nov, 2021 | 07:15
Updated At:04 Nov, 2021 | 18:01

Whale browser for iOS before 1.14.0 has an inconsistent user interface issue that allows an attacker to obfuscate the address bar which may lead to address bar spoofing.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N
CPE Matches
navercorp
navercorp
>>whale>>Versions before 1.14.0(exclusive)
cpe:2.3:a:navercorp:whale:*:*:*:*:*:iphone_os:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE-451Secondarycve@navercorp.com
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-451
Type: Secondary
Source: cve@navercorp.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://cve.naver.com/detail/cve-2021-43059cve@navercorp.com
Broken Link
Not Applicable
Hyperlink: https://cve.naver.com/detail/cve-2021-43059
Source: cve@navercorp.com
Resource:
Broken Link
Not Applicable

Change History

0
Information is not available yet

Similar CVEs

10Records found
CVE-2018-7635
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 46.63%
||
7 Day CHG~0.00%
Published-03 Jul, 2018 | 15:00
Updated-05 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Whale Browser before 1.0.41.8 displays no URL information but only a title of a web page on the browser's address bar when visiting a blank page, which allows an attacker to display a malicious web page with a fake domain name.

Action-Not Available
Vendor-navercorpn/a
Product-whalen/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-9754
Matching Score-8
Assigner-Naver Corporation
ShareView Details
Matching Score-8
Assigner-Naver Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.73%
||
7 Day CHG~0.00%
Published-27 Jun, 2022 | 01:40
Updated-04 Aug, 2024 | 10:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.

Action-Not Available
Vendor-navercorpNAVER
Product-whaleNAVER Whale browser
CWE ID-CWE-284
Improper Access Control
CVE-2018-12448
Matching Score-8
Assigner-Naver Corporation
ShareView Details
Matching Score-8
Assigner-Naver Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.24% / 47.30%
||
7 Day CHG~0.00%
Published-02 Aug, 2018 | 13:00
Updated-05 Aug, 2024 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Whale Browser before 1.3.48.4 displays no URL information but only a title of a web page on the browser's address bar when visiting a non-http page, which allows an attacker to display a malicious web page with a fake domain name.

Action-Not Available
Vendor-navercorpNAVER Corporation
Product-whaleWhale Browser
CWE ID-CWE-20
Improper Input Validation
CVE-2025-8041
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 7.49%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 20:52
Updated-20 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In the address bar, Firefox for Android truncated the display of URLs from the end instead of prioritizing the origin. This vulnerability affects Firefox < 141.

Action-Not Available
Vendor-Mozilla Corporation
Product-Firefox
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-21259
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 32.88%
||
7 Day CHG~0.00%
Published-11 Feb, 2025 | 17:58
Updated-12 Mar, 2025 | 01:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Spoofing Vulnerability

Microsoft Outlook Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookMicrosoft Outlook for Android
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2025-0729
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.35%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 17:00
Updated-27 Jan, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
TP-Link TL-SG108E clickjacking

A vulnerability was found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to clickjacking. The attack may be initiated remotely. Upgrading to version 1.0.0 Build 20250124 Rel. 54920(Beta) is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early. They reacted very professional and provided a pre-fix version for their customers.

Action-Not Available
Vendor-TP-Link Systems Inc.
Product-TL-SG108E
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2024-6595
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-3||LOW
EPSS-0.09% / 26.04%
||
7 Day CHG~0.00%
Published-17 Jul, 2024 | 01:30
Updated-17 Sep, 2024 | 15:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Search Path Element in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.8 prior to 16.11.6, starting from 17.0 prior to 17.0.4, and starting from 17.1 prior to 17.1.2 where it was possible to upload an NPM package with conflicting package data.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2016-9460
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.38% / 58.28%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloudNextcloud Server & ownCloud Server Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9467
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-1.04% / 76.59%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an attacker-controlled error message to the user.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloud_serverNextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9468
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 52.93%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the dav app. The exception message displayed on the DAV endpoints contained partially user-controllable input leading to a potential misrepresentation of information.

Action-Not Available
Vendor-n/aNextcloud GmbHownCloud GmbH
Product-owncloudnextcloud_serverNextcloud Server & ownCloud Server Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
Details not found