|
258161
|
6.5 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of mes…
|
NVD-CWE-noinfo
|
CVE-2017-11136
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258162
|
7.5 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore…
|
CWE-862
Missing Authorization
|
CVE-2017-11135
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258163
|
6.5 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2017-11134
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258164
|
7.5 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-rando…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-11133
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258165
|
7.5 |
HIGH
Network
|
heinekingmedia
|
stashcat
|
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the applicati…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-11132
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258166
|
5.9 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SH…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2017-11131
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258167
|
8.1 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11130
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258168
|
9.8 |
CRITICAL
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11129
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258169
|
5.5 |
MEDIUM
Local
|
libid3tag_project
|
libid3tag
|
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11550
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258170
|
5.5 |
MEDIUM
Local
|
timidity\+\+_project
|
timidity\+\+
|
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be …
|
CWE-834
Excessive Iteration
|
CVE-2017-11549
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
