CWE-311 · Missing Encryption of Sensitive Data

509 CVEs classified under CWE-311 (Missing Encryption of Sensitive Data). Browse by severity and year.

Top CVEs for CWE-311
CVESeverityScorePublishedSummary
CVE-2023-6339Critical10.02024-01-02Google Nest WiFi Pro root code-execution & user-data compromise
CVE-2026-27944Critical9.82026-03-05Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses…
CVE-2023-4420Critical9.82023-08-24A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS…
CVE-2023-0750Critical9.82023-04-06Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface.  When the device can be accessed over the network an attacker cou…
CVE-2020-15331Critical9.82022-09-29Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.
CVE-2019-14480Critical9.82020-12-16AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalatio…
CVE-2019-3431Critical9.82019-12-23All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and pass…
CVE-2019-12924Critical9.82019-07-08MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was po…
CVE-2018-10698Critical9.82019-06-07An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able t…
CVE-2019-11523Critical9.82019-06-06Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact w…
CVE-2019-11367Critical9.82019-06-03An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW…
CVE-2019-6526Critical9.82019-04-15Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 an…
CVE-2018-10612Critical9.82019-01-29In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled b…
CVE-2018-16879Critical9.82019-01-03Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery worker…
CVE-2018-20100Critical9.82019-01-02An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to di…
CVE-2018-17915Critical9.82018-10-10All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmw…
CVE-2017-3198Critical9.82018-07-09GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served ove…
CVE-2018-7498Critical9.82018-03-28In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountabilit…
CVE-2017-9632Critical9.82017-08-07A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWa…
CVE-2017-9854Critical9.82017-08-05An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are ty…