CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13434
https://notcve.org/view.php?id=CVE-2018-13434
16 Aug 2018 — An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boolean value to be "true" because the kSecAccessControlUserPresence protection mechanism is not used. In other words, an attacker could authenticate with an arbitrary fingerprint. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices ... • https://gist.github.com/tanprathan/f5133651e438b2ad1b39172d52b56115 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13435
https://notcve.org/view.php?id=CVE-2018-13435
16 Aug 2018 — An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcode authentication. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes iOS devices on which a jailbreak has occurred ** EN DISPUTA ** Se ha descubierto un problema en la aplicación LINE jp.naver.line 8.8.0 para iOS. La característica Passcode ... • https://gist.github.com/tanprathan/19165c43ade898ab8b664098fb171f49 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13446
https://notcve.org/view.php?id=CVE-2018-13446
16 Aug 2018 — An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value to true. In other words, an attacker could authenticate with an arbitrary passcode. NOTE: the vendor indicates that this is not an attack of interest within the context of their threat model, which excludes Android devices on which rooting has occurred ** EN DISPUTA ** Se ha descubierto un problema en la aplica... • https://gist.github.com/tanprathan/efde53e5b312f50edb08f050b6be3928 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0609
https://notcve.org/view.php?id=CVE-2018-0609
26 Jun 2018 — Untrusted search path vulnerability in LINE for Windows versions before 5.8.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en LINE for Windows en versiones anteriores a la 5.8.0 permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN92265618/index.html • CWE-426: Untrusted Search Path •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0518
https://notcve.org/view.php?id=CVE-2018-0518
23 Feb 2018 — LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. LINE para iOS, en versiones 7.1.3 a 7.1.5, no verifica los certificados X.509 de los servidores SSL, lo que permite que los atacantes Man-in-the-Middle (MitM) suplanten servidores y obtengan información sensible mediante un certificado manipulado. • https://jvn.jp/en/jp/JVN75453852/index.html • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 2%CPEs: 1EXPL: 0CVE-2016-4850
https://notcve.org/view.php?id=CVE-2016-4850
20 Apr 2017 — LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. LINE para Windows en versiones anteriores a 4.8.3 permite a atacantes man-in-the-middle ejecutar código arbitrario. • http://jvn.jp/en/jp/JVN05924524/index.html • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-4831
https://notcve.org/view.php?id=CVE-2016-4831
12 Jul 2016 — Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de búsqueda de ruta no confiable en LINE y LINE Installer 4.7.0 y versiones anteriores en Windows permite a usuarios locales obtener privilegios a través de un Troyano DLL en un directorio no especificado. • http://jvn.jp/en/jp/JVN51565015/index.html •
CVSS: 5.7EPSS: 0%CPEs: 4EXPL: 0CVE-2016-1156
https://notcve.org/view.php?id=CVE-2016-1156
19 Feb 2016 — LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. LINE 4.3.0.724 y versiones anteriores en Windows y 4.3.1 y versiones anteriores en OS X permite a usuarios remotos autenticados provocar una denegación de servicio (caída de aplicación) a través de un post manipulado que no es manejado correctamente cuando se muestra un Timeline. • http://jvn.jp/en/jp/JVN46044093/index.html • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2013-7144
https://notcve.org/view.php?id=CVE-2013-7144
16 Aug 2014 — LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. LINE 3.2.1.83 y anteriores en Windows y 3.2.1 y anteriores en OS X no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • https://www.thaicert.or.th/papers/general/2013/pa2013ge010.html • CWE-310: Cryptographic Issues •