Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-2769

Malware in sbrugna...

6.5CVSS6.6AI score0.0082EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-2768

Malware in sbrugna...

7.5CVSS7.6AI score0.00675EPSS
Exploits0References2
CNVD
CNVD
added 2018/05/14 12:0 a.m.2 views

heinekingmedia StashCat Weak Password Vulnerability

heinekingmedia StashCat for Android, Web and Desktop are all products of the German company heinekingmedia. heinekingmedia StashCat for Android is an Android-based enterprise communication software. heinekingmedia StashCat for Web is the Web-based version and heinekingmedia StashCat for Desktop i...

7.5CVSS6.8AI score0.00675EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/14 12:0 a.m.5 views

heinekingmedia StashCat Password Attack Vulnerability

heinekingmedia StashCat for Android is an Android-based enterprise communication software from the German company heinekingmedia. heinekingmedia StashCat suffers from a password attack vulnerability that stems from user passwords being hashed directly with SHA-512. By exploiting this vulnerabilit...

5.9CVSS6.1AI score0.0055EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/11 12:0 a.m.2 views

heinekingmedia StashCat for Android, Web and Desktop Man-in-the-Middle Attack Vulnerability

heinekingmedia StashCat for Android, Web and Desktop are all products of the German company heinekingmedia. heinekingmedia StashCat for Android is an Android-based enterprise communication software. heinekingmedia StashCat for Web is the web-based version and heinekingmedia StashCat for Desktop i...

8.1CVSS6.8AI score0.00396EPSS
Exploits0References1
Prion
Prion
added 2017/08/01 2:29 p.m.12 views

Design/Logic Flaw

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them...

4CVSS6.3AI score0.0082EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2017/08/01 2:29 p.m.16 views

CVE-2017-11133

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with math.random in previous versions and with...

7.5CVSS7.5AI score0.00675EPSS
Exploits0References1
NVD
NVD
added 2017/08/01 2:29 p.m.15 views

CVE-2017-11134

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them...

6.5CVSS6.4AI score0.0082EPSS
Exploits0References1
Prion
Prion
added 2017/08/01 2:29 p.m.15 views

Authentication flaw

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechanism to enable a secure secret for...

4.3CVSS5.8AI score0.0055EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.44 views

CVE-2017-11130

This CVE affects heinekingmedia StashCat: Android up to 1.7.5, Web up to 0.0.80w, Desktop up to 0.0.86. Root cause: the protocol only aims to protect confidentiality; there are no integrity or authenticity checks in the entire protocol. Consequence: man-in-the-middle attackers can perform replay ...

8.1CVSS7.9AI score0.00396EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.49 views

CVE-2017-11131

The CVE-2017-11131 issue affects heinekingmedia StashCat across Android (1.7.5), Web (0.0.80w), and Desktop (0.0.86). The root cause is hashing user passwords with SHA-512 without a salt or key-derivation function, and using only the first 32 bytes of the hash. This enables dictionary and rainbow...

5.9CVSS5.8AI score0.0055EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.47 views

CVE-2017-11136

The CVE-2017-11136 issue affects heinekingmedia StashCat for Android, Web and Desktop (versions up to 1.7.5, 0.0.80w, 0.0.86 respectively). The design flaw: the private RSA key used for exchanging a secret for symmetric message encryption is transmitted to the backend in addition to being stored ...

6.5CVSS6.3AI score0.00504EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.44 views

CVE-2017-11133

CVE-2017-11133 affects heinekingmedia StashCat across Android (1.7.5), Web (0.0.80w), and Desktop (0.0.86). The issue is in the message encryption: AES in CBC mode is seeded with a pseudo‑random secret and IV generated by math.random(), with newer builds using CryptoJS.lib.WordArray.random() (whi...

7.5CVSS7.5AI score0.00675EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.43 views

CVE-2017-11132

The CVE-2017-11132 issue affects heinekingmedia StashCat for Android (pre-1.5.18). The root cause is missing certificate pinning, allowing an attacker to issue a certificate for the backend and have the application trust it without notice. Public references in the provided documents describe the ...

7.5CVSS7.4AI score0.00509EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.41 views

CVE-2017-11134

The CVE-2017-11134 issue affects heinekingmedia StashCat for Android (up to version 1.7.5). The root cause is that login credentials are written to a log file on the device, allowing an attacker with access to the logs to read them. The connected sources corroborate this information across multip...

6.5CVSS6.3AI score0.0082EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.45 views

CVE-2017-11129

Affected software: heinekingmedia StashCat for Android (versions up to 1.7.5).Root cause: keystore protected by a hard-coded password, enabling access to keystore contents by anyone with keystore access (e.g., private keys).Impact: potential unauthorized reading of sensitive data stored in the ke...

9.8CVSS9.1AI score0.01103EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2017/08/01 2:0 p.m.47 views

CVE-2017-11135

CVE-2017-11135 affects heinekingmedia StashCat on Android (up to v1.7.5), Web (up to v0.0.80w) and Desktop (up to v0.0.86). Root cause: the logout mechanism does not check authorization, allowing an attacker who knows the device ID to cause a denial of service. The vulnerability stems from client...

7.5CVSS7.4AI score0.01061EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2017/08/01 2:0 p.m.17 views

CVE-2017-11130

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity checks are done. Therefore man-in-the-middle...

8AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/08/01 2:0 p.m.21 views

CVE-2017-11136

An issue was discovered in heinekingmedia StashCat through 1.7.5 for Android, through 0.0.80w for Web, and through 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only stored on the client but transmitted to the backen...

6.4AI score0.00504EPSS
Exploits0References1
Rows per page
Query Builder