Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2022-12-30 CVE-2018-25060 Missing Encryption of Sensitive Data vulnerability in Go-Macaron CSRF
A vulnerability was found in Macaron csrf and classified as problematic.
network
low complexity
go-macaron CWE-311
7.5
2022-12-27 CVE-2021-4239 Missing Encryption of Sensitive Data vulnerability in Noiseprotocol Noise
The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack.
network
low complexity
noiseprotocol CWE-311
7.5
2022-12-24 CVE-2022-38658 Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Server Automation
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text.
network
low complexity
hcltech CWE-311
7.5
2022-12-23 CVE-2022-4683 Missing Encryption of Sensitive Data vulnerability in Usememos Memos
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0.
network
low complexity
usememos CWE-311
6.5
2022-12-11 CVE-2022-4409 Missing Encryption of Sensitive Data vulnerability in PHPmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
network
low complexity
phpmyfaq CWE-311
7.5
2022-10-31 CVE-2022-40295 Missing Encryption of Sensitive Data vulnerability in PHPpointofsale PHP Point of Sale 19.0
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
network
low complexity
phppointofsale CWE-311
4.9
2022-10-19 CVE-2022-35860 Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
high complexity
corsair CWE-311
6.8
2022-09-29 CVE-2020-15330 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
5.3
2022-09-29 CVE-2020-15331 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
critical
9.8
2022-09-29 CVE-2020-15340 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
network
low complexity
zyxel CWE-311
7.5