Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-06 | CVE-2023-0750 | Missing Encryption of Sensitive Data vulnerability in Lynx-Technik Yellobrik PEC 1864 Firmware Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming source, compromising the integrity of the stream - Change the streaming destination, compromising the confidentiality of the stream This issue affects Yellowbrik: PEC 1864. | 9.8 |
| 2023-04-04 | CVE-2023-28999 | Missing Encryption of Sensitive Data vulnerability in Nextcloud Desktop Nextcloud is an open-source productivity platform. | 6.4 |
| 2023-02-09 | CVE-2022-21940 | Missing Encryption of Sensitive Data vulnerability in Johnsoncontrols Metasys System Configuration Tool Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | 6.1 |
| 2023-02-08 | CVE-2023-0690 | Missing Encryption of Sensitive Data vulnerability in Hashicorp Boundary HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after an automatic rotation may not have been encrypted via the intended KMS. | 7.1 |
| 2023-02-01 | CVE-2022-47715 | Missing Encryption of Sensitive Data vulnerability in Lastyard Last Yard 22.09.81 In Last Yard 22.09.8-1, the cookie can be stolen via via unencrypted traffic. | 5.3 |
| 2023-02-01 | CVE-2023-23127 | Missing Encryption of Sensitive Data vulnerability in Connectwise 22.8.10013.8329 In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. | 5.3 |
| 2022-12-30 | CVE-2018-25060 | Missing Encryption of Sensitive Data vulnerability in Go-Macaron CSRF A vulnerability was found in Macaron csrf and classified as problematic. | 7.5 |
| 2022-12-27 | CVE-2021-4239 | Missing Encryption of Sensitive Data vulnerability in Noiseprotocol Noise The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. | 7.5 |
| 2022-12-24 | CVE-2022-38658 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Server Automation BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. | 7.5 |
| 2022-12-23 | CVE-2022-4683 | Missing Encryption of Sensitive Data vulnerability in Usememos Memos Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | 6.5 |