Refine your search

2 vulnerabilities found for Simeji by Baidu, Inc.

jvndb-2017-000120
Vulnerability from jvndb
Published
2017-06-21 18:15
Modified
2017-06-21 18:15
Severity ?
7.8 (High) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
[Simeji for Windows] installer may insecurely load Dynamic Link Libraries
Details
[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
  "dc:date": "2017-06-21T18:15+09:00",
  "dcterms:issued": "2017-06-21T18:15+09:00",
  "dcterms:modified": "2017-06-21T18:15+09:00",
  "description": "[Simeji for Windows] installer provided by Baidu Japan Inc. contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000120.html",
  "sec:cpe": {
    "#text": "cpe:/a:baidu:simeji",
    "@product": "Simeji",
    "@vendor": "Baidu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000120",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN31236539/index.html",
      "@id": "JVN#31236539",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
      "@id": "JVNTA#91240916",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2219",
      "@id": "CVE-2017-2219",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2219",
      "@id": "CVE-2017-2219",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "[Simeji for Windows] installer may insecurely load Dynamic Link Libraries"
}

jvndb-2013-000029
Vulnerability from jvndb
Published
2013-03-26 14:51
Modified
2013-03-26 14:51
Severity ?
() - -
Summary
Simeji vulnerable to information disclosure
Details
Simeji contains an issue in the access permissions for the certain files. Simeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
  "dc:date": "2013-03-26T14:51+09:00",
  "dcterms:issued": "2013-03-26T14:51+09:00",
  "dcterms:modified": "2013-03-26T14:51+09:00",
  "description": "Simeji contains an issue in the access permissions for the certain files.\r\n\r\nSimeji is a Japanese Input Method Editor (IME) for Android devices. Simeji contains an issue in the access permissions for the certain files.\r\n\r\nGaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000029.html",
  "sec:cpe": {
    "#text": "cpe:/a:baidu:simeji",
    "@product": "Simeji",
    "@vendor": "Baidu, Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2013-000029",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77360971/index.html",
      "@id": "JVN#77360971",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0718",
      "@id": "CVE-2013-0718",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0718",
      "@id": "CVE-2013-0718",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "Simeji vulnerable to information disclosure"
}