Vulnerabilities > Missing Encryption of Sensitive Data

DATE CVE VULNERABILITY TITLE RISK
2022-12-11 CVE-2022-4409 Missing Encryption of Sensitive Data vulnerability in PHPmyfaq
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9.
network
low complexity
phpmyfaq CWE-311
7.5
7.5
2022-10-31 CVE-2022-40295 Missing Encryption of Sensitive Data vulnerability in PHPpointofsale PHP Point of Sale 19.0
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
network
low complexity
phppointofsale CWE-311
4.9
4.9
2022-10-19 CVE-2022-35860 Missing Encryption of Sensitive Data vulnerability in Corsair K63 Firmware 3.1.3
Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions.
high complexity
corsair CWE-311
6.8
6.8
2022-09-29 CVE-2020-15330 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15331 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
network
low complexity
zyxel CWE-311
critical
 9.8
9.8
2022-09-29 CVE-2020-15340 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
network
low complexity
zyxel CWE-311
7.5
7.5
2022-09-29 CVE-2020-15342 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15343 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15344 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
network
low complexity
zyxel CWE-311
5.3
5.3
2022-09-29 CVE-2020-15345 Missing Encryption of Sensitive Data vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
network
low complexity
zyxel CWE-311
5.3
5.3