Refine your search
5 vulnerabilities found for Grani by Fenrir Inc.
jvndb-2010-000058
Vulnerability from jvndb
Published
2010-12-01 20:27
Modified
2010-12-01 20:27
Summary
Clipboard contents alteration vulnerability in Grani
Details
Grani contains a vulnerability in which the contents of the clipboard may be altered.
Grani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.
According to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000058.html",
"dc:date": "2010-12-01T20:27+09:00",
"dcterms:issued": "2010-12-01T20:27+09:00",
"dcterms:modified": "2010-12-01T20:27+09:00",
"description": "Grani contains a vulnerability in which the contents of the clipboard may be altered.\r\n\r\nGrani, a web browser provided by Fenrir, contains a vulnerability in which the contents of the clipboard may be altered. As a result, when Grani is being used under certain settings, the contents of the clipboard may be read or written from a website.\r\n\r\nAccording to the developer, users who are using the version 4.5 that was released prior to November 25, 2010 at 3pm (Japan Time) with the default settings are affected by this vulnerability.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000058.html",
"sec:cpe": {
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
"sec:cvss": {
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN76662040/index.html",
"@id": "JVN#76662040",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3919",
"@id": "CVE-2010-3919",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3919",
"@id": "CVE-2010-3919",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/42428",
"@id": "SA42428",
"@source": "SECUNIA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Clipboard contents alteration vulnerability in Grani"
}
jvndb-2010-000048
Vulnerability from jvndb
Published
2010-10-25 17:43
Modified
2010-10-25 17:43
Summary
Sleipnir and Grani may insecurely load executable files
Details
Sleipnir and Grani may use unsafe methods for determining how to load executables (.exe).
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html",
"dc:date": "2010-10-25T17:43+09:00",
"dcterms:issued": "2010-10-25T17:43+09:00",
"dcterms:modified": "2010-10-25T17:43+09:00",
"description": "Sleipnir and Grani may use unsafe methods for determining how to load executables (.exe).\r\n\r\nSleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani load certain executables when displaying the source code of the HTML file currently being viewed. Sleipnir and Grani contain an issue with the file search path, which may insecurely load executables.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000048.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000048",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN89272705/index.html",
"@id": "JVN#89272705",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3164",
"@id": "CVE-2010-3164",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3164",
"@id": "CVE-2010-3164",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Sleipnir and Grani may insecurely load executable files"
}
jvndb-2010-000047
Vulnerability from jvndb
Published
2010-10-25 17:42
Modified
2010-10-25 17:42
Summary
Sleipnir and Grani may insecurely load dynamic libraries
Details
Sleipnir and Grani may use unsafe methods for determining how to load DLLs.
Sleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL's when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.
Makoto Shiotsuki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html",
"dc:date": "2010-10-25T17:42+09:00",
"dcterms:issued": "2010-10-25T17:42+09:00",
"dcterms:modified": "2010-10-25T17:42+09:00",
"description": "Sleipnir and Grani may use unsafe methods for determining how to load DLLs.\r\n\r\nSleipnir and Grani provided by Fenrir are web browsers. Sleipnir and Grani loads certain DLL\u0027s when HTML files are opened. Sleipnir and Grani contain an issue with the DLL search path, which may lead to insecurely loading dynamic libraries.\r\n\r\nMakoto Shiotsuki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-000047.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2010-000047",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN50610528/index.html",
"@id": "JVN#50610528",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/JVNTR-2010-23",
"@id": "JVNTR-2010-23",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3163",
"@id": "CVE-2010-3163",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3163",
"@id": "CVE-2010-3163",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/201010_Sleipnir_en.html",
"@id": "Security Alert for Vulnerability in Sleipnir and Grani",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "http://www.kb.cert.org/vuls/id/707943",
"@id": "VU#707943",
"@source": "CERT-VN"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA10-238A.html",
"@id": "TA10-238A",
"@source": "CERT-TA"
}
],
"title": "Sleipnir and Grani may insecurely load dynamic libraries"
}
jvndb-2008-000029
Vulnerability from jvndb
Published
2008-06-10 13:59
Modified
2008-06-10 13:59
Summary
Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history
Details
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the search results are restored from history.
Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000029.html",
"dc:date": "2008-06-10T13:59+09:00",
"dcterms:issued": "2008-06-10T13:59+09:00",
"dcterms:modified": "2008-06-10T13:59+09:00",
"description": "Sleipnir and Grani, web browsers from Fenrir \u0026 Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history.\r\n\r\nSleipnir and Grani, web browsers from Fenrir \u0026 Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user\u0027s web browser when the search results are restored from history.\r\n\r\nShuya Ueki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000029.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000029",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25448394/index.html",
"@id": "JVN#25448394",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2567",
"@id": "CVE-2008-2567",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2567",
"@id": "CVE-2008-2567",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/30487",
"@id": "SA30487",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/29555",
"@id": "29555",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/42827",
"@id": "42827",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history"
}
jvndb-2007-000804
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution
Details
Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.
Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web browser when the search result is displayed.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000804.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Sleipnir and Grani, web browsers from Fenrir \u0026 Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script.\r\n\r\nSleipnir and Grani, web browsers from Fenrir \u0026 Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user\u0027s web browser when the search result is displayed.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000804.html",
"sec:cpe": [
{
"#text": "cpe:/a:fenrir-inc:grani",
"@product": "Grani",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:portable_sleipnir",
"@product": "Portable Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:fenrir-inc:sleipnir",
"@product": "Sleipnir",
"@vendor": "Fenrir Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000804",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN65427327/index.html",
"@id": "JVN#65427327",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6002",
"@id": "CVE-2007-6002",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6002",
"@id": "CVE-2007-6002",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27655",
"@id": "SA27655",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/27675",
"@id": "SA27675",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/26418",
"@id": "26418",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/38441",
"@id": "38441",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution"
}