Filtered by vendor Linecorp
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43297 | 1 Linecorp | 1 Line | 2024-11-21 | 5.4 Medium |
| An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | ||||
| CVE-2023-39740 | 1 Linecorp | 1 Onigiriya-musubee | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39739 | 1 Linecorp | 1 Regina Sweets\&bakery | 2024-11-21 | 8.2 High |
| The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39737 | 1 Linecorp | 1 Matsuya | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39736 | 1 Linecorp | 1 Fukunaga Memberscard | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39735 | 1 Linecorp | 1 Uomasa Saiji New | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39734 | 1 Linecorp | 1 Trackdiner10\/10 Mc | 2024-11-21 | 8.2 High |
| The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39733 | 1 Linecorp | 1 Tonton-tei | 2024-11-21 | 8.2 High |
| The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-39732 | 1 Linecorp | 1 Tokueimaru Waiting | 2024-11-21 | 8.2 High |
| The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. | ||||
| CVE-2023-38849 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38848 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38847 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38846 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38845 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. | ||||
| CVE-2023-38493 | 1 Linecorp | 1 Armeria | 2024-11-21 | 7.5 High |
| Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue. | ||||
| CVE-2022-29505 | 1 Linecorp | 1 Line | 2024-11-21 | 7.8 High |
| Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. | ||||
| CVE-2022-22820 | 1 Linecorp | 1 Line | 2024-11-21 | 5.5 Medium |
| Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4. | ||||
| CVE-2021-43795 | 1 Linecorp | 1 Armeria | 2024-11-21 | 7.5 High |
| Armeria is an open source microservice framework. In affected versions an attacker can access an Armeria server's local file system beyond its restricted directory by sending an HTTP request whose path contains `%2F` (encoded `/`), such as `/files/..%2Fsecrets.txt`, bypassing Armeria's path validation logic. Armeria 1.13.4 or above contains the hardened path validation logic that handles `%2F` properly. This vulnerability can be worked around by inserting a decorator that performs an additional validation on the request path. | ||||
| CVE-2021-41011 | 1 Linecorp | 1 Line | 2024-11-21 | 7.5 High |
| LINE client for iOS before 11.15.0 might expose authentication information for a certain service to external entities under certain conditions. This is usually impossible, but in combination with a server-side bug, attackers could get this information. | ||||
| CVE-2021-36216 | 1 Linecorp | 1 Line | 2024-11-21 | 7.8 High |
| LINE for Windows 6.2.1.2289 and before allows arbitrary code execution via malicious DLL injection. | ||||