VYPR

CWE-311

Missing Encryption of Sensitive Data

ClassDraftLikelihood: High

Description

The product does not encrypt sensitive or critical information before storage or transmission.

Hierarchy (View 1000)

Parents

Related attack patterns (CAPEC)

CAPEC-157 · CAPEC-158 · CAPEC-204 · CAPEC-31 · CAPEC-37 · CAPEC-383 · CAPEC-384 · CAPEC-385 · CAPEC-386 · CAPEC-387 · CAPEC-388 · CAPEC-477 · CAPEC-609 · CAPEC-65

CVEs mapped to this weakness (303)

page 6 of 16
  • CVE-2016-10583HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.03

    closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled…

  • CVE-2016-10581HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution…

  • CVE-2016-10580HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the…

  • CVE-2016-10576HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if…

  • CVE-2016-10575HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary…

  • CVE-2016-10574HigJun 1, 2018
    risk 0.53cvss 8.1epss 0.02

    apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10571HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.02

    bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with…

  • CVE-2016-10569HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.02

    embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE)…

  • CVE-2016-10565HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.01

    operadriver is a Opera Driver for Selenium. operadriver versions below 0.2.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled…

  • CVE-2016-10564HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.01

    apk-parser is a tool to extract Android Manifest info from an APK file. apk-parser versions below 0.1.6 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary…

  • CVE-2016-10562HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.02

    iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker…

  • CVE-2016-10560HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.02

    galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an…

  • CVE-2016-10557HigMay 31, 2018
    risk 0.53cvss 8.1epss 0.01

    appium-chromedriver is a Node.js wrapper around Chromedriver. Versions below 2.9.4 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an…

  • CVE-2016-10698HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2016-10682HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or…

  • CVE-2016-10681HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested…

  • CVE-2016-10680HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.01

    adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip data that may alter the…

  • CVE-2016-10679HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code…

  • CVE-2016-10674HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    limbus-buildgen is a "build anywhere" build system. limbus-buildgen versions below 0.1.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an…

  • CVE-2016-10666HigMay 29, 2018
    risk 0.53cvss 8.1epss 0.02

    tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled…