VYPR

N-LINE

by N-LINE

CVEs (28)

  • CVE-2023-43305HigDec 8, 2023
    risk 0.53cvss 8.2epss 0.01

    An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-43302HigDec 7, 2023
    risk 0.53cvss 8.2epss 0.01

    An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-43301HigDec 7, 2023
    risk 0.53cvss 8.2epss 0.01

    An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-43300HigDec 7, 2023
    risk 0.53cvss 8.2epss 0.01

    An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-39737HigOct 25, 2023
    risk 0.53cvss 8.2epss 0.01

    The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

  • CVE-2023-39732HigOct 25, 2023
    risk 0.53cvss 8.2epss 0.01

    The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.

  • CVE-2016-4850HigApr 20, 2017
    risk 0.53cvss 8.1epss 0.02

    LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.

  • CVE-2023-38849HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

  • CVE-2023-38848HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

  • CVE-2023-38847HigOct 25, 2023
    risk 0.49cvss 7.5epss 0.01

    An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.

  • CVE-2018-0650HigSep 7, 2018
    risk 0.48cvss 7.4epss 0.01

    The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2018-13434MedAug 16, 2018
    risk 0.41cvss 6.3epss 0.00

    An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection…

  • CVE-2015-2968MedOct 31, 2023
    risk 0.38cvss 5.9epss 0.00

    LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.

  • CVE-2015-0897MedOct 31, 2023
    risk 0.38cvss 5.9epss 0.00

    LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM…

  • CVE-2018-0518MedFeb 23, 2018
    risk 0.38cvss 5.9epss 0.01

    LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2016-1156MedFeb 19, 2016
    risk 0.37cvss 5.7epss 0.01

    LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.

  • CVE-2024-47158MedOct 25, 2024
    risk 0.35cvss 5.4epss 0.00

    N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website.

  • CVE-2023-48129MedJan 26, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-48127MedJan 26, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

  • CVE-2023-43999MedJan 24, 2024
    risk 0.35cvss 5.4epss 0.00

    An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.

Page 1 of 2