Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2010-3299 | Missing Encryption of Sensitive Data vulnerability in multiple products The encrypt/decrypt functions in Ruby on Rails 2.3 are vulnerable to padding oracle attacks. | 6.5 |
| 2019-11-12 | CVE-2010-3292 | Missing Encryption of Sensitive Data vulnerability in Mailscanner 4.79.112 The update{_bad,}_phishing_sites scripts in mailscanner 4.79.11-2 downloads files and trusts them without using encryption (e.g., https) or digital signature checking which could allow an attacker to replace certain configuration files (e.g., phishing whitelist) via dns/packet spoofing. | 5.5 |
| 2019-11-08 | CVE-2019-16210 | Missing Encryption of Sensitive Data vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 Brocade SANnav versions before v2.0, logs plain text database connection password while triggering support save. | 5.5 |
| 2019-11-08 | CVE-2019-16206 | Missing Encryption of Sensitive Data vulnerability in Broadcom Brocade Sannav 1.1.0/1.1.1 The authentication mechanism, in Brocade SANnav versions before v2.0, logs plaintext account credentials at the ‘trace’ and the 'debug' logging level; which could allow a local authenticated attacker to access sensitive information. | 5.5 |
| 2019-09-17 | CVE-2019-4171 | Missing Encryption of Sensitive Data vulnerability in IBM Cognos Controller IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, and 10.4.1 does not set the secure attribute on authorization tokens or session cookies. | 3.7 |
| 2019-09-17 | CVE-2019-9681 | Missing Encryption of Sensitive Data vulnerability in Dahuasecurity products Online upgrade information in some firmware packages of Dahua products is not encrypted. | 5.3 |
| 2019-09-13 | CVE-2019-13922 | Missing Encryption of Sensitive Data vulnerability in Siemens Sinema Remote Connect Server A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1). | 2.7 |
| 2019-07-08 | CVE-2019-12924 | Missing Encryption of Sensitive Data vulnerability in Mailenable MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. | 9.8 |
| 2019-07-03 | CVE-2019-10103 | Missing Encryption of Sensitive Data vulnerability in Jetbrains Kotlin JetBrains IntelliJ IDEA projects created using the Kotlin (JS Client/JVM Server) IDE Template were resolving Gradle artifacts using an http connection, potentially allowing an MITM attack. | 8.1 |
| 2019-06-26 | CVE-2019-6169 | Missing Encryption of Sensitive Data vulnerability in Lenovo Service Bridge A vulnerability reported in Lenovo Service Bridge before version 4.1.0.1 could allow unencrypted downloads over FTP. | 7.5 |