Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-26 | CVE-2018-14608 | Missing Encryption of Sensitive Data vulnerability in Thomsonreuters Ultratax CS 2017 Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly accessible in cleartext. | 7.5 |
| 2018-07-26 | CVE-2018-14607 | Missing Encryption of Sensitive Data vulnerability in Thomsonreuters Ultratax CS 2017 Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensitive information by sniffing the network or (2) conduct man-in-the-middle (MITM) attacks via unspecified vectors. | 7.5 |
| 2018-07-09 | CVE-2017-3198 | Missing Encryption of Sensitive Data vulnerability in Gigabyte Gb-Bsi7H-6500 Firmware and Gb-Bxi7-5775 Firmware GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. | 9.8 |
| 2018-07-03 | CVE-2018-7781 | Missing Encryption of Sensitive Data vulnerability in Schneider-Electric products In Schneider Electric Pelco Sarix Professional 1st generation cameras with firmware versions prior to 3.29.69, by sending a specially crafted request an authenticated user can view password in clear text and results in privilege escalation. | 8.8 |
| 2018-07-03 | CVE-2018-4855 | Missing Encryption of Sensitive Data vulnerability in Siemens Siclock Tc100 Firmware and Siclock Tc400 Firmware A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). | 6.5 |
| 2018-06-11 | CVE-2018-5185 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through by user submitting an embedded form. | 6.5 |
| 2018-06-11 | CVE-2018-5162 | Missing Encryption of Sensitive Data vulnerability in multiple products Plaintext of decrypted emails can leak through the src attribute of remote images, or links. | 7.5 |
| 2018-06-04 | CVE-2016-10663 | Missing Encryption of Sensitive Data vulnerability in Node-Wixtoolset Project Node-Wixtoolset 1.0.0 wixtoolset is a Node module wrapper around the wixtoolset binaries wixtoolset downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. | 8.1 |
| 2018-06-01 | CVE-2016-10597 | Missing Encryption of Sensitive Data vulnerability in Cobalt-Cli Project Cobalt-Cli cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks. | 5.9 |
| 2018-05-29 | CVE-2017-16003 | Missing Encryption of Sensitive Data vulnerability in Windows-Build-Tools Project Windows-Build-Tools windows-build-tools is a module for installing C++ Build Tools for Windows using npm. | 8.1 |