Linecorp
Products
3- 5 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
8| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4850 | Hig | 0.53 | 8.1 | 0.02 | Apr 20, 2017 | LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. | |
| CVE-2016-4831 | Hig | 0.51 | 7.8 | 0.00 | Jul 12, 2016 | Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |
| CVE-2021-36214 | Med | 0.40 | 6.1 | 0.00 | Jul 13, 2021 | LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | |
| CVE-2016-1156 | Med | 0.37 | 5.7 | 0.00 | Feb 19, 2016 | LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | |
| CVE-2023-38493 | 0.00 | — | 0.00 | Jul 25, 2023 | Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue. | ||
| CVE-2021-43795 | 0.00 | — | 0.01 | Dec 2, 2021 | Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. | ||
| CVE-2019-16771 | 0.00 | — | 0.00 | Dec 6, 2019 | Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking. | ||
| CVE-2013-7144 | 0.00 | — | 0.00 | Aug 16, 2014 | LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. |
- risk 0.53cvss 8.1epss 0.02
LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.
- risk 0.51cvss 7.8epss 0.00
Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
- risk 0.40cvss 6.1epss 0.00
LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView.
- risk 0.37cvss 5.7epss 0.00
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline.
- CVE-2023-38493Jul 25, 2023risk 0.00cvss —epss 0.00
Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.
- CVE-2021-43795Dec 2, 2021risk 0.00cvss —epss 0.01
Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path.
- CVE-2019-16771Dec 6, 2019risk 0.00cvss —epss 0.00
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. This vulnerability has been patched in 0.97.0. Potential impacts of this vulnerability include cross-user defacement, cache poisoning, Cross-site scripting (XSS), and page hijacking.
- CVE-2013-7144Aug 16, 2014risk 0.00cvss —epss 0.00
LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.