Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-29 | CVE-2020-27651 | Missing Encryption of Sensitive Data vulnerability in Synology Router Manager Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 6.8 |
| 2020-10-29 | CVE-2020-27650 | Missing Encryption of Sensitive Data vulnerability in Synology Diskstation Manager and Skynas Firmware Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | 4.3 |
| 2020-10-27 | CVE-2020-9774 | Missing Encryption of Sensitive Data vulnerability in Apple mac OS X An issue existed with Siri Suggestions access to encrypted data. | 5.0 |
| 2020-09-18 | CVE-2020-15771 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise and Enterprise Cache Node An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. | 5.0 |
| 2020-09-18 | CVE-2020-15767 | Missing Encryption of Sensitive Data vulnerability in Gradle Enterprise An issue was discovered in Gradle Enterprise before 2020.2.5. | 2.6 |
| 2020-09-01 | CVE-2020-2250 | Missing Encryption of Sensitive Data vulnerability in Jenkins Soapui PRO Functional Testing Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system. | 6.5 |
| 2020-09-01 | CVE-2020-2249 | Missing Encryption of Sensitive Data vulnerability in Jenkins Team Foundation Server Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a webhook secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 3.3 |
| 2020-09-01 | CVE-2020-2239 | Missing Encryption of Sensitive Data vulnerability in Jenkins Parameterized Remote Trigger Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file on the Jenkins controller where it can be viewed by attackers with access to the Jenkins controller file system. | 4.3 |
| 2020-08-26 | CVE-2020-3389 | Missing Encryption of Sensitive Data vulnerability in Cisco Hyperflex Hx-Series Software 4.0(2A) A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. | 2.1 |
| 2020-07-14 | CVE-2020-10039 | Missing Encryption of Sensitive Data vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 6.8 |