|
259081
|
7.5 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-rando…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2017-11133
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259082
|
7.5 |
HIGH
Network
|
heinekingmedia
|
stashcat
|
An issue was discovered in heinekingmedia StashCat before 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the applicati…
|
CWE-295
Improper Certificate Validation
|
CVE-2017-11132
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259083
|
5.9 |
MEDIUM
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SH…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2017-11131
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259084
|
8.1 |
HIGH
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2017-11130
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259085
|
9.8 |
CRITICAL
Network
|
stashcat
|
heinekingmedia
|
An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content o…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2017-11129
|
2024-11-21 12:07 |
2017-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259086
|
5.5 |
MEDIUM
Local
|
libid3tag_project
|
libid3tag
|
The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows remote attackers to cause a denial of service (NULL Pointer Dereference and application crash) via a crafted mp3 file.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11550
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259087
|
5.5 |
MEDIUM
Local
|
timidity\+\+_project
|
timidity\+\+
|
The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted mid file. NOTE: CPU consumption might be …
|
CWE-834
Excessive Iteration
|
CVE-2017-11549
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259088
|
5.5 |
MEDIUM
Local
|
xiph
|
libao
|
The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11548
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259089
|
5.5 |
MEDIUM
Local
|
timidity\+\+_project
|
timidity\+\+
|
The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mid file. NOTE: a crash might be releva…
|
CWE-125
Out-of-bounds Read
|
CVE-2017-11547
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259090
|
5.5 |
MEDIUM
Local
|
timidity\+\+_project
|
timidity\+\+
|
The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mid file. NOTE: a cra…
|
CWE-369
Divide By Zero
|
CVE-2017-11546
|
2024-11-21 12:07 |
2017-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
