Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2023-01-11 CVE-2022-0553 Missing Encryption of Sensitive Data vulnerability in Zephyrproject Zephyr
There is no check to see if slot 0 is being uploaded from the device to the host.
low complexity
zephyrproject CWE-311
4.6
2022-12-30 CVE-2018-25060 Missing Encryption of Sensitive Data vulnerability in Go-Macaron CSRF
A vulnerability was found in Macaron csrf and classified as problematic.
network
low complexity
go-macaron CWE-311
7.5
2022-12-27 CVE-2021-4239 Missing Encryption of Sensitive Data vulnerability in Noiseprotocol Noise
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack.
network
low complexity
noiseprotocol CWE-311
7.5
2022-12-05 CVE-2022-37783 Missing Encryption of Sensitive Data vulnerability in Craftcms Craft CMS
All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens.
network
low complexity
craftcms CWE-311
7.5
2022-11-01 CVE-2022-3781 Missing Encryption of Sensitive Data vulnerability in Devolutions Remote Desktop Manager
Dashlane password and Keepass Server password in My Account Settings are not encrypted in the database in Devolutions Remote Desktop Manager 2022.2.26 and prior versions and Devolutions Server 2022.3.1 and prior versions which allows database users to read the data.
network
low complexity
devolutions CWE-311
6.5
2022-10-31 CVE-2022-40295 Missing Encryption of Sensitive Data vulnerability in PHPpointofsale PHP Point of Sale 19.0
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
network
low complexity
phppointofsale CWE-311
4.9
2022-10-27 CVE-2022-41627 Missing Encryption of Sensitive Data vulnerability in Alivecor products
The physical IoT device of the AliveCor's KardiaMobile, a smartphone-based personal electrocardiogram (EKG) has no encryption for its data-over-sound protocols.
low complexity
alivecor CWE-311
7.6
2022-10-19 CVE-2022-35860 Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
high complexity
corsair CWE-311
6.8
2022-09-29 CVE-2020-15330 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
5.3
2022-09-29 CVE-2020-15331 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
critical
9.8