N-LINE
by N-LINE
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-43305 | Hig | 0.53 | 8.2 | 0.01 | Dec 8, 2023 | An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-43302 | Hig | 0.53 | 8.2 | 0.01 | Dec 7, 2023 | An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-43301 | Hig | 0.53 | 8.2 | 0.01 | Dec 7, 2023 | An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-43300 | Hig | 0.53 | 8.2 | 0.01 | Dec 7, 2023 | An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-39737 | Hig | 0.53 | 8.2 | 0.01 | Oct 25, 2023 | The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||
| CVE-2023-39732 | Hig | 0.53 | 8.2 | 0.01 | Oct 25, 2023 | The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||
| CVE-2016-4850 | Hig | 0.53 | 8.1 | 0.02 | Apr 20, 2017 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | ||
| CVE-2023-38849 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||
| CVE-2023-38848 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||
| CVE-2023-38847 | Hig | 0.49 | 7.5 | 0.01 | Oct 25, 2023 | An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||
| CVE-2018-0650 | Hig | 0.48 | 7.4 | 0.01 | Sep 7, 2018 | The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2018-13434 | Med | 0.41 | 6.3 | 0.00 | Aug 16, 2018 | An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection… | ||
| CVE-2015-2968 | Med | 0.38 | 5.9 | 0.00 | Oct 31, 2023 | LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | ||
| CVE-2015-0897 | Med | 0.38 | 5.9 | 0.00 | Oct 31, 2023 | LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM… | ||
| CVE-2018-0518 | Med | 0.38 | 5.9 | 0.01 | Feb 23, 2018 | LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||
| CVE-2016-1156 | Med | 0.37 | 5.7 | 0.01 | Feb 19, 2016 | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | ||
| CVE-2024-47158 | Med | 0.35 | 5.4 | 0.00 | Oct 25, 2024 | N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website. | ||
| CVE-2023-48129 | Med | 0.35 | 5.4 | 0.00 | Jan 26, 2024 | An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-48127 | Med | 0.35 | 5.4 | 0.00 | Jan 26, 2024 | An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. | ||
| CVE-2023-43999 | Med | 0.35 | 5.4 | 0.00 | Jan 24, 2024 | An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
- risk 0.53cvss 8.2epss 0.01
An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.53cvss 8.2epss 0.01
An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.53cvss 8.2epss 0.01
An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.53cvss 8.2epss 0.01
An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.53cvss 8.2epss 0.01
The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
- risk 0.53cvss 8.2epss 0.01
The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages.
- risk 0.53cvss 8.1epss 0.02
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
- risk 0.49cvss 7.5epss 0.01
An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
- risk 0.49cvss 7.5epss 0.01
An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
- risk 0.49cvss 7.5epss 0.01
An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request.
- risk 0.48cvss 7.4epss 0.01
The LINE MUSIC for Android version 3.1.0 to versions prior to 3.6.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- risk 0.41cvss 6.3epss 0.00
An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection…
- risk 0.38cvss 5.9epss 0.00
LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker.
- risk 0.38cvss 5.9epss 0.00
LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM…
- risk 0.38cvss 5.9epss 0.01
LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- risk 0.37cvss 5.7epss 0.01
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
- risk 0.35cvss 5.4epss 0.00
N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website.
- risk 0.35cvss 5.4epss 0.00
An issue in kimono-oldnew mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.35cvss 5.4epss 0.00
An issue in myGAKUYA mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
- risk 0.35cvss 5.4epss 0.00
An issue in COLORFUL_laundry mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token.
Page 1 of 2