Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
stashcat heinekingmedia vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-13637
An issue exists in the stashcat app up to and including 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to t...
Heinekingmedia Stashcat
5
CVSSv2
CVE-2017-11132
An issue exists in heinekingmedia StashCat prior to 1.5.18 for Android. No certificate pinning is implemented; therefore the attacker could issue a certificate for the backend and the application would not notice it.
Heinekingmedia Stashcat
9
CVSSv2
CVE-2020-13129
An issue exists in the stashcat app up to and including 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows malicious users to obtain sensitive information by reading web...
Heinekingmedia Stashcat
4.3
CVSSv2
CVE-2017-11131
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android, up to and including 0.0.80w for Web, and up to and including 0.0.86 for Desktop. For authentication, the user password is hashed directly with SHA-512 without a salt or another key-derivation mechan...
Stashcat Heinekingmedia
5
CVSSv2
CVE-2017-11133
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android, up to and including 0.0.80w for Web, and up to and including 0.0.86 for Desktop. To encrypt messages, AES in CBC mode is used with a pseudo-random secret. This secret and the IV are generated with m...
Stashcat Heinekingmedia
7.5
CVSSv2
CVE-2017-11129
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android. The keystore is locked with a hard-coded password. Therefore, everyone with access to the keystore can read the content out, for example the private key of the user.
Stashcat Heinekingmedia
6.8
CVSSv2
CVE-2017-11130
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android, up to and including 0.0.80w for Web, and up to and including 0.0.86 for Desktop. The product's protocol only tries to ensure confidentiality. In the whole protocol, no integrity or authenticity...
Stashcat Heinekingmedia
4
CVSSv2
CVE-2017-11134
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android. The login credentials are written into a log file on the device. Hence, an attacker with access to the logs can read them.
Stashcat Heinekingmedia
5
CVSSv2
CVE-2017-11135
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android, up to and including 0.0.80w for Web, and up to and including 0.0.86 for Desktop. The logout mechanism does not check for authorization. Therefore, an attacker only needs to know the device ID. This ...
Stashcat Heinekingmedia
4
CVSSv2
CVE-2017-11136
An issue exists in heinekingmedia StashCat up to and including 1.7.5 for Android, up to and including 0.0.80w for Web, and up to and including 0.0.86 for Desktop. It uses RSA to exchange a secret for symmetric encryption of messages. However, the private RSA key is not only store...
Stashcat Heinekingmedia
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started