Vulnerabilities > Missing Encryption of Sensitive Data
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-01 | CVE-2023-23127 | Missing Encryption of Sensitive Data vulnerability in Connectwise 22.8.10013.8329 In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. | 5.3 |
| 2022-12-30 | CVE-2018-25060 | Missing Encryption of Sensitive Data vulnerability in Go-Macaron CSRF A vulnerability was found in Macaron csrf and classified as problematic. | 7.5 |
| 2022-12-27 | CVE-2021-4239 | Missing Encryption of Sensitive Data vulnerability in Noiseprotocol Noise The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. | 7.5 |
| 2022-12-24 | CVE-2022-38658 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Server Automation BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. | 7.5 |
| 2022-12-23 | CVE-2022-4683 | Missing Encryption of Sensitive Data vulnerability in Usememos Memos Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository usememos/memos prior to 0.9.0. | 6.5 |
| 2022-12-11 | CVE-2022-4409 | Missing Encryption of Sensitive Data vulnerability in PHPmyfaq Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | 7.5 |
| 2022-10-31 | CVE-2022-40295 | Missing Encryption of Sensitive Data vulnerability in PHPpointofsale PHP Point of Sale 19.0 The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks. | 4.9 |
| 2022-10-19 | CVE-2022-35860 | Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3 Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. | 6.8 |
| 2022-09-29 | CVE-2020-15330 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess. | 5.3 |
| 2022-09-29 | CVE-2020-15331 | Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. | 9.8 |