Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the use of insecure Shiro options secureCookies=False and httpOnly=False. An attacker in a MitM position can access sensitive information in transit. Remediation There is no fixed version for...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the use of insecure Shiro options secureCookies=False and httpOnly=False. An attacker in a MitM position can access sensitive information in transit. Remediation There is no fixed version for...

Siemens SIMATIC S7-1500 TM MFP BIOS Missing Encryption of Sensitive Data (CVE-2023-0394)

A NULL pointer dereference flaw was found in rawv6pushpendingframes in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC S7-1500 TM MFP BIOS Missing Encryption of Sensitive Data (CVE-2022-28391)

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal's colors. This plugin only works with Tenable.ot. Please visit...

Missing Encryption Of Sensitive Data

@coinbase/wallet-sdk is vulnerable to Missing Encryption of Sensitive Data. The vulnerability is due to the use of outdated versions due to an unspecified security flaw that does not directly impact users' keys, smart contracts, or funds...

CVE-2024-26288

An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected...

Security Bulletin: Vulnerability in Elasticsearch affects watsonx.data

Summary Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2024-23444 DESCRIPTION: Elastic Elasticsearch could allow a remote authenticated attacker to obtain sensitive information,...

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Kerberos protocol for Windows operating systems lies in the absence of the necessary encryption step. Exploiting this vulnerability can allow a remote attacker to gain unauthorized access to protected information...

Missing Encryption of Sensitive Data

Overview gradio is a Python library for easily interacting with trained machine learning models Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to insecure communication between the FRP client and server, when the share option is set to true. An attack...

CVE-2023-52948

Missing encryption of sensitive data vulnerability in settings functionality in Synology Active Backup for Business Agent before 2.7.0-3221 allows local users to obtain user credential via unspecified vectors...

CVE-2023-52950

CVE-2023-52950 affects Synology Active Backup for Business Agent’s login component. The root cause is missing encryption of sensitive data, enabling adjacent (local) attackers to perform MITM-style credential exposure via unspecified vectors. Impact is confined to confidentiality loss of user cre...

PT-2024-14786 · Synology · Synology Active Backup For Business Agent

Name of the Vulnerable Software and Affected Versions: Synology Active Backup for Business Agent versions prior to 2.7.0-3221 Description: A missing encryption issue exists in the settings functionality of Synology Active Backup for Business Agent, allowing local users to obtain user credentials...

Security Advisory 0104

Security Advisory 0104 . CSAF PDF Date: September 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | September 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2024-7142 CVSSv3.1 Base Score: 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Common Weakness Enumeration: CWE-311:...

CVE-2024-42495 Hughes Network Systems WL3000 Missing Encryption of Sensitive Data

Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data...

Hughes Network Systems WL3000 Fusion Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION : Low attack complexity Vendor : Hughes Network Systems Equipment : WL3000 Fusion Software Vulnerabilities : Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these...

Rockwell Automation Pavilion8

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Rockwell Automation Equipment : Pavilion8 Vulnerability : Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to...

CVE-2024-7396

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...

CVE-2024-7396 Plaintext Communication

Missing encryption of sensitive data in Korenix JetPort 5601v3 allows Eavesdropping.This issue affects JetPort 5601v3: through 1.2...

CVE-2024-38302

Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...

CVE-2024-38302

Dell Data Lakehouse, versions 1.0.0.0, contains a Missing Encryption of Sensitive Data vulnerability in the DDAE Starburst. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure...