CWE-200

High likelihood

Exposure of Sensitive Information to an Unauthorized Actor

Parent: CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

10,153 vulnerabilities with CWE-200

CVE-2019-13313 HIGH

libosinfo 1.5.0 - Local Credential Exposure via Command-Line Argument

CVSS 7.8

CVE-2019-5601 MEDIUM

FreeBSD FFS Directory Entry Padding Uninitialized Kernel Stack Memory Exposure

CVSS 6.5

CVE-2019-10183 LOW

Virt-install <v2.2.0 - Info Disclosure

CVSS 3.2

CVE-2019-7259 HIGH

Linear eMerge E3-Series - Info Disclosure

CVSS 8.8

CVE-2019-4140 HIGH

IBM Spectrum Protect 7.1.0.0-7.1.9.299 - Unauthorized Database Replacement via Restore Function

CVSS 7.1

CVE-2019-13075 MEDIUM

Tor Browser < 8.5.3 - Language Detection via IFRAME LINK Title Attribute

CVSS 5.3

CVE-2019-13055 MEDIUM

Logitech Unifying Receiver Firmware - Exposure of Sensitive Information via AES Key Dump

CVSS 6.5

CVE-2019-10175 MEDIUM

virt-cdi-cloner 1.4 - Privilege Escalation

CVSS 6.5

CVE-2019-11648 HIGH

Micro Focus NetIQ Self Service Password Reset <4.4 - Info Disclosure

CVSS 7.5

CVE-2019-11233 HIGH

BiYan 1.57-2.8 - Unauthenticated Exposure of Sensitive Information via Login Info Endpoint

CVSS 7.5

CVE-2019-5017 MEDIUM

NETGEAR Nighthawk - Info Disclosure

CVSS 5.3

CVE-2019-5016 CRITICAL

NETGEAR R8000 and R7900 Firmware - Unauthenticated Arbitrary Memory Read via ReadySHARE Printer NetUSB Module

CVSS 9.1

CVE-2019-11407 HIGH

FusionPBX 4.4.3 - Authenticated Sensitive Information Exposure via Operator Panel Debug Information

CVSS 7.2

CVE-2019-12497 MEDIUM

OTRS 5.0.0-5.0.35 - Exposure of Sensitive Agent Information in External Notes

CVSS 5.3

CVE-2019-4173 MEDIUM

IBM Cognos Controller 10.2.0, 10.2.1, 10.3.0, 10.3.1, 10.4.0 - Exposure of Sensitive Information via HTTP OPTIONS Method

CVSS 6.5

CVE-2019-1081 MEDIUM

Microsoft Edge - Information Disclosure via Memory Object Handling

CVSS 4.2

CVE-2019-1050 MEDIUM

Windows GDI - Information Disclosure via Memory Handling

CVSS 4.7

CVE-2019-1049 MEDIUM

Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component

CVSS 4.7

CVE-2019-1048 MEDIUM

Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component

CVSS 4.7

CVE-2019-1047 MEDIUM

Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component

CVSS 4.7

CVE-2019-1046 MEDIUM

Windows GDI - Information Disclosure via Memory Handling

CVSS 4.7

CVE-2019-1023 MEDIUM

ChakraCore < 1.11.10 - Information Disclosure via Memory Object Handling

CVSS 6.5

CVE-2019-1019 HIGH

Windows - Security Feature Bypass via NETLOGON Message Session Key Exposure

CVSS 8.5

CVE-2019-1016 MEDIUM

Windows 7 and Windows Server 2008 - Information Disclosure in GDI Component

CVSS 4.7

CVE-2019-1015 MEDIUM

Windows 7 and Windows Server 2008/2012 - Information Disclosure in GDI Component

CVSS 4.7

Details

Vulnerabilities 10,153

Exploit Likelihood High

Links