Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2020-11-02 CVE-2020-8173 Missing Encryption of Sensitive Data vulnerability in Nextcloud Server
A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed decryption in shorter time than intended.
network
high complexity
nextcloud CWE-311
2.2
2020-10-29 CVE-2020-27651 Missing Encryption of Sensitive Data vulnerability in Synology Router Manager
Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
high complexity
synology CWE-311
8.1
2020-10-29 CVE-2020-27650 Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware
Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
network
high complexity
synology CWE-311
3.7
2020-10-27 CVE-2020-9774 Missing Encryption of Sensitive Data vulnerability in Apple mac OS X
An issue existed with Siri Suggestions access to encrypted data.
network
low complexity
apple CWE-311
7.5
2020-09-18 CVE-2020-15771 Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise and Enterprise Cache Node
An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1.
network
low complexity
gradle CWE-311
7.5
2020-09-18 CVE-2020-15767 Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise
An issue was discovered in Gradle Enterprise before 2020.2.5.
network
high complexity
gradle CWE-311
5.3
2020-09-01 CVE-2020-2250 Missing Encryption of Sensitive Data vulnerability in Jenkins Soapui PRO Functional Testing
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
network
low complexity
jenkins CWE-311
6.5
2020-09-01 CVE-2020-2249 Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server
Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
local
low complexity
jenkins CWE-311
3.3
2020-09-01 CVE-2020-2239 Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger
Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system.
network
low complexity
jenkins CWE-311
4.3
2020-08-28 CVE-2020-4591 Missing Encryption of Sensitive Data vulnerability in IBM Spectrum Protect Server
IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclose sensitive information in nondefault settings due to occasionally not encrypting the second chunk of an object in an encrypted container pool.
local
low complexity
ibm CWE-311
3.3