Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2019-12-30 CVE-2019-19739 Missing Encryption of Sensitive Data vulnerability in Mfscripts Yetishare
MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag on session cookies, allowing the cookie to be sent over cleartext channels.
network
low complexity
mfscripts CWE-311
7.5
2019-12-17 CVE-2019-18833 Missing Encryption of Sensitive Data vulnerability in Barco Clickshare Button R9861500D01 Firmware
Barco ClickShare Button R9861500D01 devices before 1.9.0 allow Information exposure (issue 2 of 2)..
network
high complexity
barco CWE-311
5.9
2019-12-06 CVE-2019-2231 Missing Encryption of Sensitive Data vulnerability in Google Android 10.0/9.0
In Blob::Blob of blob.cpp, there is a possible unencrypted master key due to improper input validation.
local
low complexity
google CWE-311
4.4
2019-11-30 CVE-2019-19464 Missing Encryption of Sensitive Data vulnerability in CBC GEM 9.24.1
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics.
network
low complexity
cbc CWE-311
5.3
2019-11-25 CVE-2011-3355 Missing Encryption of Sensitive Data vulnerability in Gnome Evolution-Data-Server3 3.0.3/3.2.1
evolution-data-server3 3.0.3 through 3.2.1 used insecure (non-SSL) connection when attempting to store sent email messages into the Sent folder, when the Sent folder was located on the remote server.
network
low complexity
gnome CWE-311
7.3
2019-11-21 CVE-2019-15704 Missing Encryption of Sensitive Data vulnerability in Fortinet Forticlient
A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway.
local
low complexity
fortinet CWE-311
5.5
2019-11-14 CVE-2019-18980 Missing Encryption of Sensitive Data vulnerability in Philips Taolight Smart Wi-Fi WIZ Connected LED Bulb 9290022656 Firmware
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation.
network
low complexity
philips CWE-311
7.5
2019-11-12 CVE-2010-3299 Missing Encryption of Sensitive Data vulnerability in multiple products
The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks.
network
low complexity
rubyonrails debian CWE-311
6.5
2019-11-12 CVE-2010-3292 Missing Encryption of Sensitive Data vulnerability in Mailscanner 4.79.112
The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing.
local
low complexity
mailscanner CWE-311
5.5
2019-11-08 CVE-2019-16210 Missing Encryption of Sensitive Data vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1
Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save.
local
low complexity
broadcom CWE-311
5.5