17 matches found
EUVD-2023-49850
Malicious code in bioql PyPI...
CVE-2023-48133
An issue in angel coffee mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
Code injection
An issue in kosei entertainment esportsstudioLegends mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
CVE-2023-48129
The CVE-2023-48129 entry describes a flaw in the kimono-oldnew mini-app used by Line (Line v13.6.1) where leakage of the channel access token can be exploited to send crafted malicious notifications. Public documents cite the affected component (kimono-oldnew mini-app) and the token leakage as th...
CVE-2023-48131
CHIGASAKI BAKERY mini-app on Line v13.6.1 has a vulnerability where leakage of the channel access token enables attackers to send crafted malicious notifications. Documents consistently describe the issue as an access-token leakage affecting the Line integration’s CHIGASAKI BAKERY component, allo...
PT-2024-13544 · Line · Line
Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 Description: An issue in the UNITED BOXING GYM mini-app allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to exploit the system. Recommendation...
PT-2024-13549 · Line · Line
Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 Description: An issue in the angel coffee mini-app allows attackers to send crafted malicious notifications via leakage of the channel access token. This leakage enables attackers to exploit the system. Recommendations: Fo...
CVE-2023-45559
An issue in Tamakihamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...
Design/Logic Flaw
An issue in A-WORLD OIRASE BEERwaiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...
CVE-2023-45561
An issue in A-WORLD OIRASE BEERwaiting Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...
CVE-2023-43300
An issue in urbanproject mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token...
CVE-2023-43298
The CVE affects Line’s SCOL Members Card mini-app on v13.6.1. The root problem is leakage of the channel access token, which enables attackers to send crafted malicious notifications. Affects the mini-app’s ability to authenticate/authorize token usage; impacts confidentiality/integrity per the c...
Design/Logic Flaw
An issue in Golden v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...
CVE-2023-45560
An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token...
DEBIAN-CVE-2022-20011
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
UBUNTU-CVE-2022-20011
In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...
HackerOne: Notification of previous signed out user leakage.
This is a very minor issue in my eye.But I would like to report,as hackerone itself is very cautious about its own security. Steps to reproduce 1. I logged on to hackerone with my team @movielee id.I saw that there were 6 notifications pending.I didnot checked those and logged out. 2. I logged in...