Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2023-10-26 CVE-2023-41095 Missing Encryption of Sensitive Data vulnerability in Silabs Openthread SDK
Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs OpenThread SDK: 2.3.1 and earlier.
network
low complexity
silabs CWE-311
critical
9.1
2023-10-26 CVE-2023-41096 Missing Encryption of Sensitive Data vulnerability in Silabs Emberznet SDK
Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in flash. This issue affects Silicon Labs Ember ZNet SDK: 7.3.1 and earlier.
low complexity
silabs CWE-311
6.1
2023-10-23 CVE-2023-33837 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Governance 10.0
IBM Security Verify Governance 10.0 does not encrypt sensitive or critical information before storage or transmission.
network
low complexity
ibm CWE-311
7.5
2023-10-17 CVE-2022-22386 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-10-17 CVE-2022-22377 Missing Encryption of Sensitive Data vulnerability in IBM Security Verify Privilege On-Premises
IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.3
2023-10-14 CVE-2022-33161 Missing Encryption of Sensitive Data vulnerability in IBM products
IBM Security Directory Server 6.4.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9
2023-09-20 CVE-2023-43618 Missing Encryption of Sensitive Data vulnerability in Schollz Croc
An issue was discovered in Croc through 9.6.5.
network
low complexity
schollz CWE-311
5.3
2023-09-11 CVE-2023-4580 Missing Encryption of Sensitive Data vulnerability in Mozilla Thunderbird
Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information.
network
low complexity
mozilla CWE-311
6.5
2023-09-08 CVE-2022-22401 Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex 4.4.1/5.0.0
IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather or persuade a naive user to supply sensitive information.
network
low complexity
ibm CWE-311
7.5
2023-09-08 CVE-2022-22405 Missing Encryption of Sensitive Data vulnerability in IBM Aspera Faspex 4.4.1/5.0.0
IBM Aspera Faspex 5.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.
network
high complexity
ibm CWE-311
5.9