MidnightBSD

Advisories for cryptocat_project

CVE-2013-2257 MEDIUM

Cryptocat before 2.0.42 has Group Chat ECC Private Key Generation Brute Force Weakness

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-307,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-2258 MEDIUM

Cryptocat before 2.0.22 has Nickname User Impersonation

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-2259 HIGH

Cryptocat before 2.0.22 has Arbitrary Code Execution on Firefox Conversation Overview

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-2260 MEDIUM

Cryptocat before 2.0.22: Cryptocat.random() Function Array Key has Entropy Weakness

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-331,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-2261 MEDIUM

Cryptocat before 2.0.22 Chrome Extension 'img/keygen.gif' has Information Disclosure

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-2262 MEDIUM

Cryptocat strophe.js before 2.0.22 has information disclosure

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4100 MEDIUM

Cryptocat before 2.0.22 has Remote Denial of Service via username

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4101 MEDIUM

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4102 MEDIUM

Cryptocat before 2.0.22 strophe.js Math.random() Random Number Generator Weakness

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-330,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4103 HIGH

Cryptocat before 2.0.22 has Remote Script Injection due to improperly sanitizing user input

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4104 MEDIUM

Cryptocat before 2.0.22 has weak encryption in the Socialist Millionnaire Protocol

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4105 MEDIUM

Cryptocat before 2.0.22 has Multiparty Encryption Scheme Information Disclosure

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4106 MEDIUM

A Cross-site scripting (XSS) vulnerability exists in Conversation Overview Nickname in Cryptocat before 2.0.22.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4107 MEDIUM

Cryptocat before 2.0.22: cryptocat.js handlePresence() has cross site scripting

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cryptocat_project cryptocat *
CVE-2013-4108 HIGH

Multiple unspecified vulnerabilities in Cryptocat Project Cryptocat 2.0.18 have unknown impact and attack vectors.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
cryptocat_project cryptocat 2.0.18
CVE-2013-4109 MEDIUM

An unspecified cross-site scripting (XSS) vulnerability exists in Cryptocat Message Handling 1.1.165.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
cryptocat_project cryptocat 1.1.165
CVE-2013-4110 MEDIUM

Cryptocat has an Unspecified Chat Participant User List Disclosure

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
cryptocat_project cryptocat -