CWE-311 · Missing Encryption of Sensitive Data
509 CVEs classified under CWE-311 (Missing Encryption of Sensitive Data). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6339 | Critical | 10.0 | 2024-01-02 | Google Nest WiFi Pro root code-execution & user-data compromise |
CVE-2026-27944 | Critical | 9.8 | 2026-03-05 | Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.3, the /api/backup endpoint is accessible without authentication and discloses… |
CVE-2023-4420 | Critical | 9.8 | 2023-08-24 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK LMS… |
CVE-2023-0750 | Critical | 9.8 | 2023-04-06 | Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker cou… |
CVE-2020-15331 | Critical | 9.8 | 2022-09-29 | Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess. |
CVE-2019-14480 | Critical | 9.8 | 2020-12-16 | AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalatio… |
CVE-2019-3431 | Critical | 9.8 | 2019-12-23 | All versions up to V4.01.01.02 of ZTE ZXCLOUD GoldenData VAP product have encryption problems vulnerability. Attackers could sniff unencrypted account and pass… |
CVE-2019-12924 | Critical | 9.8 | 2019-07-08 | MailEnable Enterprise Premium 10.23 was vulnerable to XML External Entity Injection (XXE) attacks that could be exploited by an unauthenticated user. It was po… |
CVE-2018-10698 | Critical | 9.8 | 2019-06-07 | An issue was discovered on Moxa AWK-3121 1.14 devices. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able t… |
CVE-2019-11523 | Critical | 9.8 | 2019-06-06 | Anviz Global M3 Outdoor RFID Access Control executes any command received from any source. No authentication/encryption is done. Attackers can fully interact w… |
CVE-2019-11367 | Critical | 9.8 | 2019-06-03 | An issue was discovered in AUO Solar Data Recorder before 1.3.0. The web portal uses HTTP Basic Authentication and provides the account and password in the WWW… |
CVE-2019-6526 | Critical | 9.8 | 2019-04-15 | Moxa IKS-G6824A series Versions 4.5 and prior, EDS-405A series Version 3.8 and prior, EDS-408A series Version 3.8 and prior, and EDS-510A series Version 3.8 an… |
CVE-2018-10612 | Critical | 9.8 | 2019-01-29 | In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled b… |
CVE-2018-16879 | Critical | 9.8 | 2019-01-03 | Ansible Tower before version 3.3.3 does not set a secure channel as it is using the default insecure configuration channel settings for messaging celery worker… |
CVE-2018-20100 | Critical | 9.8 | 2019-01-02 | An issue was discovered on August Connect devices. Insecure data transfer between the August app and August Connect during configuration allows attackers to di… |
CVE-2018-17915 | Critical | 9.8 | 2018-10-10 | All versions of Hangzhou Xiongmai Technology Co., Ltd XMeye P2P Cloud Server do not encrypt all device communication. This includes the XMeye service and firmw… |
CVE-2017-3198 | Critical | 9.8 | 2018-07-09 | GIGABYTE BRIX UEFI firmware does not cryptographically validate images prior to updating the system firmware. Additionally, the firmware updates are served ove… |
CVE-2018-7498 | Critical | 9.8 | 2018-03-28 | In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountabilit… |
CVE-2017-9632 | Critical | 9.8 | 2017-08-07 | A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWa… |
CVE-2017-9854 | Critical | 9.8 | 2017-08-05 | An issue was discovered in SMA Solar Technology products. By sniffing for specific packets on the localhost, plaintext passwords can be obtained as they are ty… |