75 matches found
CVE-2018-0518
LINE for iOS (versions 7.1.3–7.1.5) fails to verify SSL server certificates, enabling MITM via a crafted certificate. The root cause is certificate validation being bypassed due to a vulnerability in a Third Party SDK incorporated in the app. Impact: attackers could spoof servers and access sensi...
CVE-2019-6010
CVE-2019-6010 affects LINE(Android) from versions 4.4.0 to before 9.15.1. The issue is an integer overflow while processing images (including apng-drawable) that can cause a crash or allow arbitrary code execution when a user views a specially crafted image. Other connected records (JVN/JVNDB) co...
CVE-2022-29505
CVE-2022-29505 : The connected sources confirm a vulnerability in LINE for Windows prior to version 7.8 caused by a build misconfiguration in the OpenSSL dependency, allowing DLL injection and potential privilege escalation. The affected product is LINE for Windows; impact is elevation of Privile...
CVE-2021-36215
CVE-2021-36215 affects the LINE client for iOS (10.21.3 and earlier) and is a design/implementation flaw that enables address bar spoofing in the in-app browser. The root cause is improper handling of the address bar during navigation and HTTP redirect processing, including inserting malicious Un...
CVE-2022-22820
The CVE-2022-22820 entry affects LINE for Windows prior to version 7.4. The root cause is a lack of media file checks before rendering, which enables an attacker to cause abnormal CPU consumption for the recipient when processing a specially crafted GIF image. Impact is resource exhaustion on the...
CVE-2022-41568
The CVE-2022-41568 entry affects the LINE client for iOS prior to version 12.17.0, where sharing an invalid e2ee key in a group chat can cause the app to crash (denial of service). The issue is documented with a CVSS v3.1 base score of 7.5 (High impact, network attack vector, no user interaction ...
CVE-2021-36214
The CVE-2021-36214 issue affects the LINE client for iOS, specifically versions prior to 10.16.3. A cross-site scripting vulnerability exists in the WebView caused by processing headers in WebView content, allowing injected or misinterpreted content to execute script. Reported details indicate th...
CVE-2024-5739
CVE-2024-5739 affects the LINE client for iOS prior to 14.9.0, where the in‑app browser can be abused via a malicious iframe to execute arbitrary JavaScript in the top frame (UXSS). An attacker must trigger a click on the iframe; if exploited, this could capture or alter content and user session ...
CVE-2021-36216
The CVE-2021-36216 entry applies to LINE for Windows, affected in version 6.2.1.2289 and earlier. The root cause is a DLL injection flaw that permits arbitrary code execution. The vulnerability is described as local (attack vector LOCAL) with low attack complexity, and could lead to partial confi...
CVE-2023-38847
The CVE-2023-38847 vulnerability affects CHRISTINA JAPAN Line v13.6.1. A remote attacker can access sensitive information by sending a crafted GET request, with network as the attack vector and no user interaction required. The issue yields Confidentiality impact (C) High, per CVSS metrics (AV:N/...
CVE-2023-38848
CVE-2023-38848 affects rmc R Beauty CLINIC Line v13.6.1. A remote attacker can obtain sensitive information via a crafted GET request, per multiple sources. Impact is information disclosure; no exploitation details provided in the documents. Affected component: the Line client/software; root caus...
CVE-2023-47364
CVE-2023-47364 affects nagaoka taxi Line, version 13.6.1. The issue is described as leakage of the channel access token, enabling remote attackers to send malicious notifications to victims. The provided sources confirm the same description across NVD, Red Hat, CNNVD, and other catalogs, but do n...
CVE-2023-38846
CVE-2023-38846 affects Marbre Lapin Line v13.6.1. The issue allows a remote attacker to obtain sensitive information via a crafted GET request. Public sources in the connected set confirm the affected version but do not provide concrete root-cause details or a verified fix. Some advisories (e.g.,...
CVE-2023-43297
CVE-2023-43297 affects animal-art-lab v13.6.1. The issue allows attackers to trigger crafted notifications via leakage of the channel access token, enabling a potential leakage/unauthorized notification flow. Public sources in the provided documents consistently describe the vulnerability as stem...
CVE-2023-5554
Vulnerability context (CVE-2023-5554): LINE Client for iOS prior to 13.16.0 contains a lack of TLS certificate verification in the log transmission of the Finance module. This could allow a man‑in‑the‑middle attack to eavesdrop or tamper logs. The issue affects the financial module’s log transmis...
CVE-2023-38845
CVE-2023-38845 affects Anglaise.Company version 13.6.1. Multiple connected documents confirm an issue where a remote attacker can obtain sensitive information through a crafted GET request. The exact root cause, vulnerable component, and impact details are not fully elaborated in the provided sou...
CVE-2023-47363
CVE-2023-47363 affects Line app, specifically F.B.P members version 13.6.1. The issue is leakage of the channel access token, enabling remote attackers to send malicious notifications to victims. The Red Hat/CNNVD entries corroborate token leakage and mention Line 13.6.1. No exploitation details ...
CVE-2016-4831
Consolidated details from multiple sources show that CVE-2016-4831 affects LINE for Windows and LINE Installer (versions ≤ 4.7.0) due to an insecure DLL search path. The root cause is loading a Trojan horse DLL from an unspecified directory, enabling arbitrary code execution with the privileges o...
CVE-2023-43298
The CVE affects Line’s SCOL Members Card mini-app on v13.6.1. The root problem is leakage of the channel access token, which enables attackers to send crafted malicious notifications. Affects the mini-app’s ability to authenticate/authorize token usage; impacts confidentiality/integrity per the c...
CVE-2023-43988
CVE-2023-43988 affects Line’s Nature Fitness Saijo mini-app (v13.6.1). The root cause is leakage of the channel access token, enabling an attacker to send crafted malicious notifications from the mini-app. Impact is limited to the Line mini-app context, enabling adversaries who can access or inte...
CVE-2023-43996
CVE-2023-43996 affects Line mini-apps built by Q co ltd on Line v13.6.1. The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications. Impact is limited to unauthorized notification delivery via token leakage. Remediation from the connected doc...
CVE-2023-45561
The CVE-2023-45561 issue affects A-WORLD OIRASE BEER_waiting Line v13.6.1, where leakage of the channel access token can allow attackers to send crafted notifications. The vulnerability stems from exposure of the token used to authorize notification actions, enabling potential notification manipu...
CVE-2023-47365
CVE-2023-47365 concerns leakage of the channel access token in Lil.OFF-PRICE STORE Line 13.6.1, enabling remote attackers to send malicious notifications to victims. Affected software is Lil.OFF-PRICE STORE Line version 13.6.1. Root cause: leakage of the channel access token that can be exploited...
CVE-2018-13434
CVE-2018-13434 affects the LINE iOS app (version 8.8.0). The vulnerability stems from the LAContext biometric validation path, where bypass is possible because the kSecAccessControlUserPresence protection is not used, allowing authentication with an arbitrary fingerprint. The issue enables a loca...
CVE-2023-43998
The CVE-2023-43998 issue affects Line’s Books-futaba mini-app (Line v13.6.1). The root problem is leakage of the channel access token, which attackers could exploit to send crafted malicious notifications. Public sources consistently describe a token leakage pathway enabling unauthorized notifica...
CVE-2023-43990
Summary of CVE-2023-43990 (Line cherub-hair mini-app): Affects Line cherub-hair mini-app version 13.6.1 . The issue is a leakage of the channel access token , enabling attackers to send crafted malicious notifications . Reported vulnerability details consistently describe token leakage as the roo...
CVE-2023-43995
CVE-2023-43995 affects the Line picot.golf mini-app (Line v13.6.1). The root issue is leakage of the channel access token , which can allow an attacker to cause the app to send crafted, malicious notifications. The available documents do not specify exploitation prevalence, affected builds beyond...
CVE-2016-1156
CVE-2016-1156 affects LINE for Windows (4.3.0.724 and earlier) and LINE for Mac OS (4.3.1 and earlier). A DoS can be triggered by displaying a specially crafted post in Timeline, caused by mishandling during Timeline rendering. Impact: remote authenticated users may cause an application crash. Af...
CVE-2023-48129
The CVE-2023-48129 entry describes a flaw in the kimono-oldnew mini-app used by Line (Line v13.6.1) where leakage of the channel access token can be exploited to send crafted malicious notifications. Public documents cite the affected component (kimono-oldnew mini-app) and the token leakage as th...
CVE-2023-45559
CVE-2023-45559 affects Tamaki_hamanoki Line v.13.6.1. The issue allows attackers to send crafted notifications by leaking the channel access token. Affected component is the Line messaging platform implementation in v.13.6.1; root cause attributed to token leakage enabling unauthorized notificati...
CVE-2018-0609
CVE-2018-0609 affects LINE for Windows (pre-5.8.0). The vulnerability is an untrusted search path issue that allows privilege escalation via a Trojan horse DLL located in an unspecified directory. The root cause is insecure DLL loading when LINE is launched, enabling arbitrary code execution with...
CVE-2018-13435
The CVE-2018-13435 entry applies to the LINE jp.naver.line iOS app (version 8.8.0). A vulnerability in the Passcode feature allows authentication bypass via runtime manipulation that forces a method to disable passcode authentication. This is a local issue with high impact (per CVSS), effectively...
CVE-2021-41011
CVE-2021-41011 affects LINE client for iOS (versions before 11.15.0). The issue can cause exposure of authentication information for a certain service to external entities under certain conditions, typically unlikely but possible when paired with a server-side bug. The connected documents corrobo...
CVE-2023-43300
The CVE concerns Line’s urban_project mini-app (Line v13.6.1), where leakage of a channel access token enables attackers to craft and dispatch malicious notifications. Affected component: channel-token handling within the mini-app; root cause described as token leakage. Impact: attacker could sen...
CVE-2023-43999
COLORFUL_laundry mini-app on LINE v13.6.1 is affected by CVE-2023-43999 due to leakage of the channel access token, enabling an attacker to send crafted malicious notifications. The issue is described across multiple feeds (Red Hat, NVD/NVD-derived, and related advisories) and is classified with ...
CVE-2016-4850
LINE for Windows prior to version 4.8.3 is vulnerable to a man-in-the-middle attack due to the auto-update/downloaded-file verification flaw, allowing arbitrary code execution. The issue arises from the updater not properly verifying downloaded files, as documented in JVN/JVNDB notes and echoed b...
CVE-2023-43305
The CVE-2023-43305 issue affects Line’s studio Kent mini-app running on Line v13.6.1, where leakage of the channel access token enables an attacker to send crafted malicious notifications. Affected component: studio kent mini-app; root cause: channel access token leakage allowing unauthorized not...
CVE-2023-43989
CVE-2023-43989 affects the mokumoku chohu mini-app in Line v13.6.1. The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications via the mini-app. The CVSSv3.1 base score is 5.4 (Medium) with Network attack vector and low privileges. Remediatio...
CVE-2023-43992
CVE-2023-43992 affects the STOCKMAN GROUP mini-app on Line version 13.6.1. The root issue is leakage of the channel access token, which can allow an attacker to send crafted malicious notifications. There is no concrete patch information in the provided documents; one PT-security entry (PT-2024-1...
CVE-2023-43997
The CVE-2023-43997 entry concerns Line’s Yoruichi hobby base mini-app version v13.6.1. A vulnerability arises from leakage of the channel access token, enabling an attacker to send crafted malicious notifications. The issue is tied to the mini-app’s channel token handling, with CVSS v3.1 indicati...
CVE-2023-44000
CVE-2023-44000 affects Otakara lapis totuka mini-app on Line v13.6.1, where leakage of the channel access token allows an attacker to send crafted malicious notifications. The CVE entry notes a Medium impact (C/L/I/L) with no availability impact. Some connected sources indicate PoC may exist, and...
CVE-2018-13446
The LINE jp.naver.line Android app (version 8.8.1) contains an authentication bypass in the Passcode feature: runtime manipulation can cause a method to return true, letting an attacker authenticate with an arbitrary passcode. Root cause details are not fully disclosed in the provided documents. ...
CVE-2023-43303
CVE-2023-43303 affects the Line-based craftbeer bar canvas mini-app (v13.6.1). The root cause is leakage of the channel access token, allowing an attacker to send crafted malicious notifications. The vulnerability impacts confidentiality (HIGH) and enables unauthenticated network-based abuse with...
CVE-2023-43993
The CVE-2023-43993 entry concerns the Line smaregi_app_market mini-app (Line v13.6.1). The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications. Affected component: smaregi_app_market mini-app; affected version: v13.6.1. Impact stated: abil...
CVE-2023-48131
CHIGASAKI BAKERY mini-app on Line v13.6.1 has a vulnerability where leakage of the channel access token enables attackers to send crafted malicious notifications. Documents consistently describe the issue as an access-token leakage affecting the Line integration’s CHIGASAKI BAKERY component, allo...
CVE-2023-38849
The CVE-2023-38849 entry concerns tire-sales Line v.13.6.1, where a remote attacker can obtain sensitive information via a crafted GET request. The connected sources consistently reference this version and the information-disclosure impact, but do not provide concrete root-cause details, exploit ...
CVE-2023-43991
CVE-2023-43991 concerns the PRIMA CLINIC mini-app on Line version 13.6.1. The underlying issue is leakage of the channel access token, enabling an attacker to send crafted malicious notifications. Public sources consistently describe this token leakage as the root cause and the ability to misuse ...
CVE-2023-43994
The CVE-2023-43994 issue concerns Line's Cleaning_makotoya mini-app (Line v13.6.1). The vulnerability arises from leakage of the channel access token, enabling an attacker to send crafted malicious notifications through that token. The description in external sources (connected PT-2023-1716) ties...
CVE-2023-47366
CVE-2023-47366 affects the Line app’s Craft Members module, specifically version 13.6.1. The root cause is the leakage of a channel access token in craft_members Line 13.6.1, which could allow a remote attacker to send malicious notifications to victims. The available connected sources confirm th...
CVE-2023-47372
CVE-2023-47372 involves leakage of a channel access token in UPDATESALON C-LOUNGE for Line version 13.6.1, enabling remote attackers to send malicious notifications to victims. Connected sources corroborate token leakage and unrelated security notes, but do not provide a concrete exploit path, af...