naver CVE Vulnerabilities & Metrics

Focus on naver vulnerabilities and metrics.

Last updated: 18 May 2025, 22:25 UTC

About naver Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with naver. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total naver CVEs: 13
Earliest CVE date: 07 Aug 2012, 19:55 UTC
Latest CVE date: 07 Mar 2024, 05:15 UTC

Latest CVE reference: CVE-2024-28216

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical naver CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.61

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	8
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS naver CVEs

These are the five CVEs with the highest CVSS scores for naver, sorted by severity first and recency.

CVE-2021-33592 naver Published on 19 Jul 2021, 06:15 UTC (CVSS: 7.5)
NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.
CVE-2020-9752 naver Published on 23 Mar 2020, 03:15 UTC (CVSS: 7.5)
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2022-24077 naver Published on 13 Jun 2022, 14:15 UTC (CVSS: 6.9)
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.
CVE-2020-9751 naver Published on 03 Mar 2020, 10:15 UTC (CVSS: 6.4)
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
CVE-2019-13157 naver Published on 22 Nov 2019, 02:15 UTC (CVSS: 6.4)
nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

All CVEs for naver

CVE-2024-28216 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

CVE-2024-28215 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery.

CVE-2024-28214 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker.

CVE-2024-28213 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization.

CVE-2024-28212 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization.

CVE-2024-28211 naver vulnerability CVSS: 0 07 Mar 2024, 05:15 UTC

nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.

CVE-2022-24077 naver vulnerability CVSS: 6.9 13 Jun 2022, 14:15 UTC

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.

CVE-2021-33592 naver vulnerability CVSS: 7.5 19 Jul 2021, 06:15 UTC

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function.

CVE-2020-9752 naver vulnerability CVSS: 7.5 23 Mar 2020, 03:15 UTC

Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.

CVE-2020-9751 naver vulnerability CVSS: 6.4 03 Mar 2020, 10:15 UTC

Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.

CVE-2019-13157 naver vulnerability CVSS: 6.4 22 Nov 2019, 02:15 UTC

nsGreen.dll in Naver Vaccine 2.1.4 allows remote attackers to overwrite arbitary files via directory traversal sequences in a filename within nsz archive.

CVE-2019-13156 naver vulnerability CVSS: 5.0 03 Sep 2019, 15:15 UTC

NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.

CVE-2016-5060 naver vulnerability CVSS: 4.3 13 Dec 2016, 22:59 UTC

Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) description, (2) email, or (3) username parameter to user/save.

CVE-2014-6980 naver vulnerability CVSS: 5.4 16 Oct 2014, 19:55 UTC

The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2012-5183 naver vulnerability CVSS: 2.6 26 Dec 2012, 17:55 UTC

The Loctouch application 3.4.6 and earlier for Android allows attackers to obtain sensitive information about logged locations via a crafted application that leverages read permission for system log files.

CVE-2012-5182 naver vulnerability CVSS: 4.3 26 Dec 2012, 17:55 UTC

The Loctouch application 3.4.6 and earlier for Android does not properly handle implicit intents, which allows attackers to obtain sensitive information about logged locations via a crafted application.

CVE-2012-4005 naver vulnerability CVSS: 5.0 07 Aug 2012, 19:55 UTC

The NHN Japan NAVER LINE application before 2.5.5 for Android does not properly handle implicit intents, which allows remote attackers to obtain sensitive message information via a crafted application.