257 vulnerabilities classified as CWE-311 (敏感数据加密缺失). AI Chinese analysis included.
CWE-311 represents a critical data protection weakness where software fails to encrypt sensitive information before storage or transmission, leaving confidential data exposed in plaintext. Attackers typically exploit this vulnerability by intercepting network traffic through man-in-the-middle attacks or by gaining unauthorized physical or logical access to storage systems, allowing them to read credentials, financial records, or personal identifiable information without obstruction. To mitigate this risk, developers must implement robust cryptographic standards, such as AES-256 for data at rest and TLS 1.3 for data in transit, ensuring that all sensitive payloads are securely encoded. Furthermore, rigorous code reviews and automated static analysis tools should be employed to detect missing encryption calls, while strict key management practices guarantee that cryptographic keys themselves remain protected from compromise, thereby maintaining the confidentiality and integrity of the entire system.
function persistLogin($username, $password){ $data = array("username" => $username, "password"=> $password); setcookie ("userdata", $data); }server.sin_family = AF_INET; hp = gethostbyname(argv[1]); if (hp==NULL) error("Unknown host"); memcpy( (char *)&server.sin_addr,(char *)hp->h_addr,hp->h_length); if (argc < 3) port = 80; else port = (unsigned short)atoi(argv[3]); server.sin_port = htons(port); if (connect(sock, (struct sockaddr *)&server, sizeof server) < 0) error("Connecting"); ... while ((n=read(sock,buffer,BUFSIZE-1))!=-1) { write(dfd,password_buffer,n); ...| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2016-10666 | tomita-parser 安全漏洞 — tomita-parser node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10674 | limbus-buildgen 安全漏洞 — limbus-buildgen node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10679 | selenium-standalone-painful 安全漏洞 — selenium-standalone-painful node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10680 | adamvr-geoip-lite 安全漏洞 — adamvr-geoip-lite node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10681 | roslib-socketio 安全漏洞 — roslib-socketio node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10682 | massif 安全漏洞 — massif node module | 8.1 | - | 2018-05-29 |
| CVE-2016-10698 | massif 安全漏洞 — mystem-fix node module | 8.1 | - | 2018-05-29 |
| CVE-2017-16003 | windows-build-tools 安全漏洞 — windows-build-tools node module | 8.1 | - | 2018-05-29 |
| CVE-2018-8864 | 多款Acoustic产品加密问题漏洞 — ATI Emergency Mass Notification Systems | 3.1 | - | 2018-05-25 |
| CVE-2018-8849 | Medtronic N'Vision Clinician Programmer Missing Encryption of Sensitive Data — N'Vision Clinician Programmer | 4.6 | Medium | 2018-05-18 |
| CVE-2017-14012 | Boston Scientific ZOOM LATITUDE PRM 3120 加密问题漏洞 — ZOOM LATITUDE PRM | 4.6 | - | 2018-05-01 |
| CVE-2017-12716 | 多款Abbott产品信息泄露漏洞 — Accent and Anthem | 6.5 | - | 2018-04-25 |
| CVE-2018-7498 | Philips Alice 6 System 安全漏洞 — Philips Alice 6 System | 9.8 | - | 2018-03-28 |
| CVE-2017-9632 | 多款PDQ产品安全漏洞 — PDQ Manufacturing, Inc. LaserWash, Laser Jet and ProTouch | 9.8 | - | 2017-08-07 |
| CVE-2017-3219 | Acronis True Image 安全漏洞 — True Image | 8.1 | - | 2017-06-21 |
| CVE-2014-2379 | Sensys Networks Traffic Sensor Missing Encryption of Sensitive Data — VSN240-F | 7.4 | - | 2014-09-05 |
| CVE-2012-1977 | WellinTech KingSCADA Missing Encryption of Sensitive Data — KingSCADA | 6.2 | - | 2012-05-09 |
Vulnerabilities classified as CWE-311 (敏感数据加密缺失) represent 257 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.