Lucene search
+L
LinecorpLine

75 matches found

CVE
CVE
added 2018/02/23 3:0 p.m.128 views

CVE-2018-0518

LINE for iOS (versions 7.1.3–7.1.5) fails to verify SSL server certificates, enabling MITM via a crafted certificate. The root cause is certificate validation being bypassed due to a vulnerability in a Third Party SDK incorporated in the app. Impact: attackers could spoof servers and access sensi...

5.9CVSS5.1AI score0.00603EPSS
CVE
CVE
added 2019/09/19 1:34 p.m.128 views

CVE-2019-6010

CVE-2019-6010 affects LINE(Android) from versions 4.4.0 to before 9.15.1. The issue is an integer overflow while processing images (including apng-drawable) that can cause a crash or allow arbitrary code execution when a user views a specially crafted image. Other connected records (JVN/JVNDB) co...

7.8CVSS8.3AI score0.01728EPSS
CVE
CVE
added 2022/04/27 2:28 p.m.80 views

CVE-2022-29505

CVE-2022-29505 : The connected sources confirm a vulnerability in LINE for Windows prior to version 7.8 caused by a build misconfiguration in the OpenSSL dependency, allowing DLL injection and potential privilege escalation. The affected product is LINE for Windows; impact is elevation of Privile...

7.8CVSS7.7AI score0.00481EPSS
CVE
CVE
added 2021/09/08 5:50 p.m.79 views

CVE-2021-36215

CVE-2021-36215 affects the LINE client for iOS (10.21.3 and earlier) and is a design/implementation flaw that enables address bar spoofing in the in-app browser. The root cause is improper handling of the address bar during navigation and HTTP redirect processing, including inserting malicious Un...

5.3CVSS5AI score0.00776EPSS
CVE
CVE
added 2022/01/20 11:47 a.m.76 views

CVE-2022-22820

The CVE-2022-22820 entry affects LINE for Windows prior to version 7.4. The root cause is a lack of media file checks before rendering, which enables an attacker to cause abnormal CPU consumption for the recipient when processing a specially crafted GIF image. Impact is resource exhaustion on the...

5.5CVSS5.5AI score0.00837EPSS
CVE
CVE
added 2022/11/29 12:0 a.m.75 views

CVE-2022-41568

The CVE-2022-41568 entry affects the LINE client for iOS prior to version 12.17.0, where sharing an invalid e2ee key in a group chat can cause the app to crash (denial of service). The issue is documented with a CVSS v3.1 base score of 7.5 (High impact, network attack vector, no user interaction ...

7.5CVSS7.2AI score0.00616EPSS
CVE
CVE
added 2021/07/13 5:47 p.m.72 views

CVE-2021-36214

The CVE-2021-36214 issue affects the LINE client for iOS, specifically versions prior to 10.16.3. A cross-site scripting vulnerability exists in the WebView caused by processing headers in WebView content, allowing injected or misinterpreted content to execute script. Reported details indicate th...

6.1CVSS5.9AI score0.00724EPSS
CVE
CVE
added 2024/06/12 7:0 a.m.63 views

CVE-2024-5739

CVE-2024-5739 affects the LINE client for iOS prior to 14.9.0, where the in‑app browser can be abused via a malicious iframe to execute arbitrary JavaScript in the top frame (UXSS). An attacker must trigger a click on the iframe; if exploited, this could capture or alter content and user session ...

6.1CVSS5.7AI score0.00269EPSS
CVE
CVE
added 2021/09/08 5:50 p.m.61 views

CVE-2021-36216

The CVE-2021-36216 entry applies to LINE for Windows, affected in version 6.2.1.2289 and earlier. The root cause is a DLL injection flaw that permits arbitrary code execution. The vulnerability is described as local (attack vector LOCAL) with low attack complexity, and could lead to partial confi...

7.8CVSS8.1AI score0.00416EPSS
CVE
CVE
added 2023/10/25 12:0 a.m.61 views

CVE-2023-38847

The CVE-2023-38847 vulnerability affects CHRISTINA JAPAN Line v13.6.1. A remote attacker can access sensitive information by sending a crafted GET request, with network as the attack vector and no user interaction required. The issue yields Confidentiality impact (C) High, per CVSS metrics (AV:N/...

7.5CVSS7.2AI score0.00726EPSS
CVE
CVE
added 2023/10/25 12:0 a.m.60 views

CVE-2023-38848

CVE-2023-38848 affects rmc R Beauty CLINIC Line v13.6.1. A remote attacker can obtain sensitive information via a crafted GET request, per multiple sources. Impact is information disclosure; no exploitation details provided in the documents. Affected component: the Line client/software; root caus...

7.5CVSS7.2AI score0.00688EPSS
CVE
CVE
added 2023/11/09 12:0 a.m.60 views

CVE-2023-47364

CVE-2023-47364 affects nagaoka taxi Line, version 13.6.1. The issue is described as leakage of the channel access token, enabling remote attackers to send malicious notifications to victims. The provided sources confirm the same description across NVD, Red Hat, CNNVD, and other catalogs, but do n...

6.5CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2023/10/25 12:0 a.m.58 views

CVE-2023-38846

CVE-2023-38846 affects Marbre Lapin Line v13.6.1. The issue allows a remote attacker to obtain sensitive information via a crafted GET request. Public sources in the connected set confirm the affected version but do not provide concrete root-cause details or a verified fix. Some advisories (e.g.,...

7.5CVSS7.2AI score0.00726EPSS
CVE
CVE
added 2023/10/02 12:0 a.m.58 views

CVE-2023-43297

CVE-2023-43297 affects animal-art-lab v13.6.1. The issue allows attackers to trigger crafted notifications via leakage of the channel access token, enabling a potential leakage/unauthorized notification flow. Public sources in the provided documents consistently describe the vulnerability as stem...

5.4CVSS5.5AI score0.00212EPSS
CVE
CVE
added 2023/10/12 9:34 a.m.58 views

CVE-2023-5554

Vulnerability context (CVE-2023-5554): LINE Client for iOS prior to 13.16.0 contains a lack of TLS certificate verification in the log transmission of the Finance module. This could allow a man‑in‑the‑middle attack to eavesdrop or tamper logs. The issue affects the financial module’s log transmis...

9.8CVSS6.6AI score0.00217EPSS
CVE
CVE
added 2023/10/25 12:0 a.m.56 views

CVE-2023-38845

CVE-2023-38845 affects Anglaise.Company version 13.6.1. Multiple connected documents confirm an issue where a remote attacker can obtain sensitive information through a crafted GET request. The exact root cause, vulnerable component, and impact details are not fully elaborated in the provided sou...

7.5CVSS7.2AI score0.00726EPSS
CVE
CVE
added 2023/11/09 12:0 a.m.54 views

CVE-2023-47363

CVE-2023-47363 affects Line app, specifically F.B.P members version 13.6.1. The issue is leakage of the channel access token, enabling remote attackers to send malicious notifications to victims. The Red Hat/CNNVD entries corroborate token leakage and mention Line 13.6.1. No exploitation details ...

6.5CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2016/07/12 1:0 a.m.53 views

CVE-2016-4831

Consolidated details from multiple sources show that CVE-2016-4831 affects LINE for Windows and LINE Installer (versions ≤ 4.7.0) due to an insecure DLL search path. The root cause is loading a Trojan horse DLL from an unspecified directory, enabling arbitrary code execution with the privileges o...

7.8CVSS7.6AI score0.00382EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.53 views

CVE-2023-43298

The CVE affects Line’s SCOL Members Card mini-app on v13.6.1. The root problem is leakage of the channel access token, which enables attackers to send crafted malicious notifications. Affects the mini-app’s ability to authenticate/authorize token usage; impacts confidentiality/integrity per the c...

5.3CVSS5.2AI score0.00508EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.53 views

CVE-2023-43988

CVE-2023-43988 affects Line’s Nature Fitness Saijo mini-app (v13.6.1). The root cause is leakage of the channel access token, enabling an attacker to send crafted malicious notifications from the mini-app. Impact is limited to the Line mini-app context, enabling adversaries who can access or inte...

5.4CVSS5.5AI score0.00379EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.53 views

CVE-2023-43996

CVE-2023-43996 affects Line mini-apps built by Q co ltd on Line v13.6.1. The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications. Impact is limited to unauthorized notification delivery via token leakage. Remediation from the connected doc...

5.4CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2024/01/02 12:0 a.m.53 views

CVE-2023-45561

The CVE-2023-45561 issue affects A-WORLD OIRASE BEER_waiting Line v13.6.1, where leakage of the channel access token can allow attackers to send crafted notifications. The vulnerability stems from exposure of the token used to authorize notification actions, enabling potential notification manipu...

5.3CVSS5.2AI score0.00376EPSS
CVE
CVE
added 2023/11/09 12:0 a.m.53 views

CVE-2023-47365

CVE-2023-47365 concerns leakage of the channel access token in Lil.OFF-PRICE STORE Line 13.6.1, enabling remote attackers to send malicious notifications to victims. Affected software is Lil.OFF-PRICE STORE Line version 13.6.1. Root cause: leakage of the channel access token that can be exploited...

6.5CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.52 views

CVE-2018-13434

CVE-2018-13434 affects the LINE iOS app (version 8.8.0). The vulnerability stems from the LAContext biometric validation path, where bypass is possible because the kSecAccessControlUserPresence protection is not used, allowing authentication with an arbitrary fingerprint. The issue enables a loca...

6.3CVSS6.2AI score0.00358EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.52 views

CVE-2023-43998

The CVE-2023-43998 issue affects Line’s Books-futaba mini-app (Line v13.6.1). The root problem is leakage of the channel access token, which attackers could exploit to send crafted malicious notifications. Public sources consistently describe a token leakage pathway enabling unauthorized notifica...

5.4CVSS5.5AI score0.00402EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.51 views

CVE-2023-43990

Summary of CVE-2023-43990 (Line cherub-hair mini-app): Affects Line cherub-hair mini-app version 13.6.1 . The issue is a leakage of the channel access token , enabling attackers to send crafted malicious notifications . Reported vulnerability details consistently describe token leakage as the roo...

5.4CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.51 views

CVE-2023-43995

CVE-2023-43995 affects the Line picot.golf mini-app (Line v13.6.1). The root issue is leakage of the channel access token , which can allow an attacker to cause the app to send crafted, malicious notifications. The available documents do not specify exploitation prevalence, affected builds beyond...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2016/02/19 7:0 p.m.50 views

CVE-2016-1156

CVE-2016-1156 affects LINE for Windows (4.3.0.724 and earlier) and LINE for Mac OS (4.3.1 and earlier). A DoS can be triggered by displaying a specially crafted post in Timeline, caused by mishandling during Timeline rendering. Impact: remote authenticated users may cause an application crash. Af...

5.7CVSS5.2AI score0.01071EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.50 views

CVE-2023-48129

The CVE-2023-48129 entry describes a flaw in the kimono-oldnew mini-app used by Line (Line v13.6.1) where leakage of the channel access token can be exploited to send crafted malicious notifications. Public documents cite the affected component (kimono-oldnew mini-app) and the token leakage as th...

5.4CVSS5.5AI score0.00359EPSS
CVE
CVE
added 2024/01/03 12:0 a.m.49 views

CVE-2023-45559

CVE-2023-45559 affects Tamaki_hamanoki Line v.13.6.1. The issue allows attackers to send crafted notifications by leaking the channel access token. Affected component is the Line messaging platform implementation in v.13.6.1; root cause attributed to token leakage enabling unauthorized notificati...

8.2CVSS8AI score0.00482EPSS
CVE
CVE
added 2018/06/26 2:0 p.m.48 views

CVE-2018-0609

CVE-2018-0609 affects LINE for Windows (pre-5.8.0). The vulnerability is an untrusted search path issue that allows privilege escalation via a Trojan horse DLL located in an unspecified directory. The root cause is insecure DLL loading when LINE is launched, enabling arbitrary code execution with...

7.8CVSS7.7AI score0.00796EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.48 views

CVE-2018-13435

The CVE-2018-13435 entry applies to the LINE jp.naver.line iOS app (version 8.8.0). A vulnerability in the Passcode feature allows authentication bypass via runtime manipulation that forces a method to disable passcode authentication. This is a local issue with high impact (per CVSS), effectively...

7CVSS6.7AI score0.00358EPSS
CVE
CVE
added 2021/09/22 3:7 p.m.48 views

CVE-2021-41011

CVE-2021-41011 affects LINE client for iOS (versions before 11.15.0). The issue can cause exposure of authentication information for a certain service to external entities under certain conditions, typically unlikely but possible when paired with a server-side bug. The connected documents corrobo...

7.5CVSS7.1AI score0.01138EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.48 views

CVE-2023-43300

The CVE concerns Line’s urban_project mini-app (Line v13.6.1), where leakage of a channel access token enables attackers to craft and dispatch malicious notifications. Affected component: channel-token handling within the mini-app; root cause described as token leakage. Impact: attacker could sen...

8.2CVSS8AI score0.0053EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.48 views

CVE-2023-43999

COLORFUL_laundry mini-app on LINE v13.6.1 is affected by CVE-2023-43999 due to leakage of the channel access token, enabling an attacker to send crafted malicious notifications. The issue is described across multiple feeds (Red Hat, NVD/NVD-derived, and related advisories) and is classified with ...

5.4CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2017/04/20 6:0 p.m.47 views

CVE-2016-4850

LINE for Windows prior to version 4.8.3 is vulnerable to a man-in-the-middle attack due to the auto-update/downloaded-file verification flaw, allowing arbitrary code execution. The issue arises from the updater not properly verifying downloaded files, as documented in JVN/JVNDB notes and echoed b...

8.1CVSS8.3AI score0.02201EPSS
CVE
CVE
added 2023/12/08 12:0 a.m.47 views

CVE-2023-43305

The CVE-2023-43305 issue affects Line’s studio Kent mini-app running on Line v13.6.1, where leakage of the channel access token enables an attacker to send crafted malicious notifications. Affected component: studio kent mini-app; root cause: channel access token leakage allowing unauthorized not...

8.2CVSS8AI score0.00571EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.47 views

CVE-2023-43989

CVE-2023-43989 affects the mokumoku chohu mini-app in Line v13.6.1. The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications via the mini-app. The CVSSv3.1 base score is 5.4 (Medium) with Network attack vector and low privileges. Remediatio...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.47 views

CVE-2023-43992

CVE-2023-43992 affects the STOCKMAN GROUP mini-app on Line version 13.6.1. The root issue is leakage of the channel access token, which can allow an attacker to send crafted malicious notifications. There is no concrete patch information in the provided documents; one PT-security entry (PT-2024-1...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.47 views

CVE-2023-43997

The CVE-2023-43997 entry concerns Line’s Yoruichi hobby base mini-app version v13.6.1. A vulnerability arises from leakage of the channel access token, enabling an attacker to send crafted malicious notifications. The issue is tied to the mini-app’s channel token handling, with CVSS v3.1 indicati...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.47 views

CVE-2023-44000

CVE-2023-44000 affects Otakara lapis totuka mini-app on Line v13.6.1, where leakage of the channel access token allows an attacker to send crafted malicious notifications. The CVE entry notes a Medium impact (C/L/I/L) with no availability impact. Some connected sources indicate PoC may exist, and...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2018/08/16 8:0 p.m.46 views

CVE-2018-13446

The LINE jp.naver.line Android app (version 8.8.1) contains an authentication bypass in the Passcode feature: runtime manipulation can cause a method to return true, letting an attacker authenticate with an arbitrary passcode. Root cause details are not fully disclosed in the provided documents. ...

7CVSS7AI score0.00353EPSS
CVE
CVE
added 2023/12/07 12:0 a.m.46 views

CVE-2023-43303

CVE-2023-43303 affects the Line-based craftbeer bar canvas mini-app (v13.6.1). The root cause is leakage of the channel access token, allowing an attacker to send crafted malicious notifications. The vulnerability impacts confidentiality (HIGH) and enables unauthenticated network-based abuse with...

8.2CVSS7.2AI score0.00524EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.46 views

CVE-2023-43993

The CVE-2023-43993 entry concerns the Line smaregi_app_market mini-app (Line v13.6.1). The root cause is leakage of the channel access token, enabling attackers to send crafted malicious notifications. Affected component: smaregi_app_market mini-app; affected version: v13.6.1. Impact stated: abil...

5.4CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2024/01/26 12:0 a.m.46 views

CVE-2023-48131

CHIGASAKI BAKERY mini-app on Line v13.6.1 has a vulnerability where leakage of the channel access token enables attackers to send crafted malicious notifications. Documents consistently describe the issue as an access-token leakage affecting the Line integration’s CHIGASAKI BAKERY component, allo...

5.4CVSS5.5AI score0.00359EPSS
CVE
CVE
added 2023/10/25 12:0 a.m.45 views

CVE-2023-38849

The CVE-2023-38849 entry concerns tire-sales Line v.13.6.1, where a remote attacker can obtain sensitive information via a crafted GET request. The connected sources consistently reference this version and the information-disclosure impact, but do not provide concrete root-cause details, exploit ...

7.5CVSS7.2AI score0.00726EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.45 views

CVE-2023-43991

CVE-2023-43991 concerns the PRIMA CLINIC mini-app on Line version 13.6.1. The underlying issue is leakage of the channel access token, enabling an attacker to send crafted malicious notifications. Public sources consistently describe this token leakage as the root cause and the ability to misuse ...

5.4CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2024/01/24 12:0 a.m.44 views

CVE-2023-43994

The CVE-2023-43994 issue concerns Line's Cleaning_makotoya mini-app (Line v13.6.1). The vulnerability arises from leakage of the channel access token, enabling an attacker to send crafted malicious notifications through that token. The description in external sources (connected PT-2023-1716) ties...

5.4CVSS5.5AI score0.0036EPSS
CVE
CVE
added 2023/11/09 12:0 a.m.43 views

CVE-2023-47366

CVE-2023-47366 affects the Line app’s Craft Members module, specifically version 13.6.1. The root cause is the leakage of a channel access token in craft_members Line 13.6.1, which could allow a remote attacker to send malicious notifications to victims. The available connected sources confirm th...

6.5CVSS6.5AI score0.00353EPSS
CVE
CVE
added 2023/11/09 12:0 a.m.43 views

CVE-2023-47372

CVE-2023-47372 involves leakage of a channel access token in UPDATESALON C-LOUNGE for Line version 13.6.1, enabling remote attackers to send malicious notifications to victims. Connected sources corroborate token leakage and unrelated security notes, but do not provide a concrete exploit path, af...

6.5CVSS6.5AI score0.00353EPSS
Total number of security vulnerabilities75