Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Rakuten Security Vulnerabilities

cve
cve

CVE-2018-3987

An exploitable information disclosure vulnerability exists in the 'Secret Chats' functionality of Rakuten Viber on Android 9.3.0.6. The 'Secret Chats' functionality allows a user to delete all traces of a chat either by using a time trigger or by direct request. There is a bug in this functionality...

5.5CVSS

5.1AI Score

0.001EPSS

2020-02-13 12:15 AM
65
cve
cve

CVE-2019-12569

A vulnerability in Viber before 10.7.0 for Desktop (Windows) could allow an attacker to execute arbitrary commands on a targeted system. This vulnerability is due to unsafe search paths used by the application URI. An attacker could exploit this vulnerability by convincing a targeted user to follow...

7.8CVSS

7.7AI Score

0.144EPSS

2019-06-03 01:29 AM
36
cve
cve

CVE-2019-18800

Viber through 11.7.0.5 allows a remote attacker who can capture a victim's internet traffic to steal their Viber account, because not all Viber protocol traffic is encrypted. TCP data packet 9 on port 4244 from the victim's device contains cleartext information such as the device model and OS versi...

8.8CVSS

8.4AI Score

0.01EPSS

2019-11-06 04:15 PM
28
cve
cve

CVE-2019-6024

Rakuma App for Android version 7.15.0 and earlier, and for iOS version 7.16.4 and earlier allows an attacker to bypass authentication and obtain the user's authentication information via a malicious application created by the third party.

6.5CVSS

6AI Score

0.004EPSS

2019-12-26 04:15 PM
20
cve
cve

CVE-2020-14049

Viber for Windows up to 13.2.0.39 does not properly quote its custom URI handler. A malicious website could launch Viber with arbitrary parameters, forcing a victim to send an NTLM authentication request, and either relay the request or capture the hash for offline password cracking. NOTE: this iss...

7.5CVSS

7.8AI Score

0.144EPSS

2020-06-22 06:15 PM
26
cve
cve

CVE-2022-26834

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.

7.5CVSS

7.4AI Score

0.002EPSS

2022-06-13 05:15 AM
35
4
cve
cve

CVE-2022-28704

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also c...

7.2CVSS

7.3AI Score

0.002EPSS

2022-06-13 05:15 AM
38
5
cve
cve

CVE-2022-29525

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

9.8CVSS

9.5AI Score

0.007EPSS

2022-06-13 05:15 AM
32
7
cve
cve

CVE-2023-40282

Improper authentication vulnerability in Rakuten WiFi Pocket all versions allows a network-adjacent attacker to log in to the product's Management Screen. As a result, sensitive information may be obtained and/or the settings may be changed.

5.4CVSS

5.3AI Score

0.0004EPSS

2023-08-23 04:15 AM
40