CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45274 – MB connect line/Helmholz: Remote code execution via confnet service
https://notcve.org/view.php?id=CVE-2024-45274
15 Oct 2024 — An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing authentication. Un atacante remoto no autenticado puede ejecutar comandos del sistema operativo a través de UDP en el dispositivo debido a la falta de autenticación. • https://cert.vde.com/en/advisories/VDE-2024-056 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.4EPSS: 0%CPEs: 11EXPL: 0CVE-2024-45273 – MB connect line/Helmholz: Weak encryption of configuration file
https://notcve.org/view.php?id=CVE-2024-45273
15 Oct 2024 — An unauthenticated local attacker can decrypt the devices config file and therefore compromise the device due to a weak implementation of the encryption used. Un atacante local no autenticado puede descifrar el archivo de configuración del dispositivo y, por lo tanto, comprometer el dispositivo debido a una implementación débil del cifrado utilizado. • https://cert.vde.com/en/advisories/VDE-2024-056 • CWE-261: Weak Encoding for Password •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-45272 – MB connect line/Helmholz: Generation of weak passwords vulnerability
https://notcve.org/view.php?id=CVE-2024-45272
15 Oct 2024 — An unauthenticated remote attacker can perform a brute-force attack on the credentials of the remote service portal with a high chance of success, resulting in connection lost. Un atacante remoto no autenticado puede realizar un ataque de fuerza bruta a las credenciales del portal de servicio remoto con una alta probabilidad de éxito, lo que da como resultado la pérdida de la conexión. • https://cert.vde.com/en/advisories/VDE-2024-068 • CWE-1391: Use of Weak Credentials •
CVSS: 8.4EPSS: 0%CPEs: 2EXPL: 0CVE-2024-45271 – MB connect line/Helmholz: Remote code execution due to improper input validation
https://notcve.org/view.php?id=CVE-2024-45271
15 Oct 2024 — An unauthenticated local attacker can gain admin privileges by deploying a config file due to improper input validation. Un atacante local no autenticado puede obtener privilegios de administrador al implementar un archivo de configuración debido a una validación de entrada incorrecta. • https://cert.vde.com/en/advisories/VDE-2024-056 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5739
https://notcve.org/view.php?id=CVE-2024-5739
12 Jun 2024 — The in-app browser of LINE client for iOS versions below 14.9.0 contains a Universal XSS (UXSS) vulnerability. This vulnerability allows for cross-site scripting (XSS) where arbitrary JavaScript can be executed in the top frame from an embedded iframe on any displayed web site within the in-app browser. The in-app browser is usually opened by tapping on URLs contained in chat messages, and for the attack to be successful, the victim must trigger a click event on a malicious iframe. If an iframe embedded in ... • https://hackerone.com/reports/2284129 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1735
https://notcve.org/view.php?id=CVE-2024-1735
26 Feb 2024 — A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later. Se ha identificado una vulnerabilidad en versiones de armeria-saml inferiores a 1.27.2, que permite el uso de mensajes SAML maliciosos para eludir la autenticación. Todos los usuarios que dependen de armeria-saml anterior a la versión 1.27.2 deben actualizar a la versi... • https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-22302 – WordPress Albo Pretorio Online Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2024-22302
17 Jan 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. La vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Ignazio Scimone Albo Pretorio On line permite XSS almacenado. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6. The Albo Pretorio Online plugin... • https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2968
https://notcve.org/view.php?id=CVE-2015-2968
31 Oct 2023 — LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE@ para Android versión 1.0.0 y LINE@ para iOS versión 1.0.0 son vulnerables al ataque MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, cualquier API puede ser invocada desde un scri... • http://official-blog.line.me/ja/archives/36495925.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0897
https://notcve.org/view.php?id=CVE-2015-0897
31 Oct 2023 — LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. LINE para Android versión 5.0.2 y anteriores y LINE para iOS versión 5.0.0 y anteriores son vulnerables a ataques MITM (man-in-the-middle) ya que la aplicación permite comunicaciones que no sean SSL/TLS. Como resultado, ... • http://official-blog.line.me/ja/archives/24809761.html • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39731
https://notcve.org/view.php?id=CVE-2023-39731
19 Oct 2023 — The leakage of the client secret in Kaibutsunosato v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. La filtración del secreto del cliente en Kaibutsunosato v13.6.1 permite a los atacantes obtener el token de acceso al canal y enviar mensajes de difusión manipulados. • https://github.com/syz913/CVE-reports/blob/main/CVE-2023-39731.md • CWE-284: Improper Access Control •